John

Senior Cloud Engineer & Technical Lead

Building Nimbus: A k9s-Inspired AWS Terminal UI Tool

August 03, 2025

I was deep in an IAM troubleshooting session last week when it hit me how much time I was wasting. Every few minutes, I’d have to context-switch from my terminal to open the AWS Console in a browser, navigate through the maze of IAM menus, hunt down a specific role, and drill into its policies. Then back to the terminal, only to repeat the cycle again when I needed to check another role.

As someone who spends most of their day in terminal environments, this constant context switching felt like death by a thousand cuts. I kept thinking: “There has to be a better way. If k9s can make Kubernetes resources so accessible from the terminal, why doesn’t something similar exist for AWS?”

That frustration led me to start building Nimbus – a terminal-based AWS resource inspector that brings k9s-style navigation to AWS infrastructure.

The Problem with AWS Console Workflows

The AWS Console is comprehensive, but it’s designed for occasional use, not for the rapid-fire resource inspection that cloud engineers do daily. Here’s what a typical IAM investigation looks like:

  1. Context switch from terminal to browser
  2. Navigate to IAM service
  3. Find the roles section
  4. Search for the specific role
  5. Click through to view attached policies
  6. Click into each policy to view its JSON
  7. Repeat for related roles or cross-references

For someone managing infrastructure across multiple AWS accounts, this workflow multiplied by dozens of daily investigations becomes a significant productivity drain.

Enter Nimbus: k9s for AWS

I started building Nimbus with a simple goal: bring the k9s experience to AWS resources. k9s transformed how we interact with Kubernetes by providing fast, keyboard-driven navigation through cluster resources. AWS infrastructure, with its complex IAM structures and interconnected services, needed the same treatment.

The core architecture centers around three key components:

1. Robust AWS Authentication

// From internal/aws/auth.go
type AuthManager struct {
    cfg        aws.Config
    stsClient  *sts.Client
    mutex      sync.RWMutex
    lastStatus *AuthStatus
}

Nimbus integrates with the entire AWS credential chain – environment variables, shared credentials files, AWS profiles, SSO, and IAM roles. It validates credentials upfront and provides clear status indicators, so you know immediately if your session is about to expire.

2. Terminal UI Framework Built on Bubbletea and Lipgloss, Nimbus provides a responsive terminal interface that works across platforms. The UI includes intelligent terminal capability detection:

// From cmd/nimbus/main.go
switch termResult.Capability {
case terminal.CapabilityFull:
    program = tea.NewProgram(
        app,
        tea.WithAltScreen(),
        tea.WithMouseCellMotion(),
    )
case terminal.CapabilityBasic:
    program = tea.NewProgram(
        app,
        tea.WithInput(os.Stdin),
        tea.WithOutput(os.Stdout),
    )
}

3. Intelligent Caching & Performance One early lesson was that AWS APIs can be slow, especially when you’re loading hundreds of IAM roles with their attached policies. Nimbus implements intelligent caching with different TTLs based on resource types:

  • IAM resources: 30-minute cache (low change frequency)
  • EC2 instances: 5-minute cache (moderate change frequency)
  • Policy documents: 60-minute cache (rarely change)

The IAM Policy Viewing Breakthrough

The feature I’m most excited about is the enhanced policy viewing system. Instead of clicking through multiple AWS Console pages to see policy JSON, Nimbus presents a hierarchical tree view with expandable policy documents:

Attached Policies (3 total):

Customer Managed Policies:
  ├─ ▼ MyCustomS3Policy
     │ ARN: arn:aws:iam::123456789012:policy/MyCustomS3Policy
     │ Type: Customer Managed (Direct Attachment)
     │ Version: v2
     │ Policy Document:
     │   {
     │     "Version": "2012-10-17",
     │     "Statement": [
     │       {
     │         "Effect": "Allow",
     │         "Action": ["s3:GetObject", "s3:PutObject"],
     │         "Resource": "arn:aws:s3:::my-bucket/*"
     │       }
     │     ]
     │   }

The system loads policy documents concurrently with loading indicators and error handling. You can navigate between policies using j/k keys, expand/collapse with Enter, and even switch to content scrolling mode with Tab for detailed JSON inspection.

k9s-Style Navigation That Actually Works

Every keybinding in Nimbus follows k9s conventions:

  • j/k or ↑/↓ for line-by-line navigation
  • g/G for jumping to top/bottom
  • Enter to drill down into resources
  • Tab to switch between panes
  • r to refresh current view
  • i as a direct shortcut to IAM roles

The navigation feels identical to k9s, so if you’re already a k9s user, Nimbus will feel immediately familiar.

Current Status and Lessons Learned

After four weeks of development, Nimbus has reached a significant milestone. The core infrastructure is complete with:

  • Comprehensive AWS authentication with credential chain detection
  • IAM role listing with professional table display
  • Hierarchical policy viewing with JSON expansion
  • 70%+ test coverage with both unit and integration tests
  • Circuit breaker patterns and rate limiting for AWS API resilience

One key architectural decision that paid off was building infrastructure-first. Instead of rushing to create a minimal UI, I focused on robust AWS integration, comprehensive error handling, and solid testing foundations. This approach resulted in a more stable foundation that makes adding new features straightforward.

The testing strategy particularly proved its worth. By including real AWS integration tests that gracefully degrade when credentials aren’t available, I caught several edge cases early:

# The project includes comprehensive test coverage
make coverage
# Generates detailed HTML coverage reports

What’s Next

The roadmap includes expanding beyond IAM to EC2 and VPC resources, adding search and filtering capabilities, and implementing multi-profile support. The goal is to create a comprehensive read-only AWS resource inspector that can replace AWS Console browsing for daily cloud engineering tasks.

The most exciting part is how the foundation enables rapid feature development. The AWS client patterns, TUI framework, and caching infrastructure can support any AWS service with minimal additional code.

Try It Out

The project is currently in active development. You can build and test it locally:

git clone https://github.com/johnoctubre/nimbus
cd nimbus
make build
./nimbus

The authentication status component works immediately if you have AWS CLI configured, and you can start exploring IAM roles right away.

Key Learnings

  • Infrastructure-first development pays dividends – Building robust foundations before UI features results in faster feature development and fewer bugs
  • k9s navigation patterns are transferable – Users already familiar with k9s immediately understand Nimbus navigation
  • Terminal capability detection is crucial – Supporting different terminal environments from basic SSH to full TTY ensures broad compatibility
  • Concurrent API loading with caching transforms UX – What feels sluggish in AWS Console becomes snappy with intelligent background loading
  • Comprehensive error handling builds user trust – Clear error messages with actionable guidance prevent frustration during authentication issues
  • Real AWS integration testing catches edge cases – Testing against actual AWS APIs reveals issues that mocks miss

Building Nimbus has reinforced my belief that terminal-based tools can significantly improve cloud engineering workflows. When you can stay in your terminal environment and navigate AWS resources with the same efficiency as local files, it fundamentally changes how you approach infrastructure troubleshooting and exploration.

← Back to Blog | Home