Link Search Menu Expand Document

AWS Service Details

Services List (with Resource Support Details)

The following can also be viewed as a Google Sheet.

Note: Only supported service resources are shown by default. Click column headers to adjust.

Unsupported Services

  • Amazon Cognito
  • Athena
  • CloudTrail
  • Comprehend
  • Control Tower
  • EventBridge
  • Glue
  • Key Management Service (KMS)
  • Rekognition
  • Resource Group and Tag Editor
  • Systems Manager (SSM)
  • Transcoder

Limitations

These constraints might change in the future as we continue development.

General
  • Resources may not be tagged with “oreilly-cloudlabs” as this is reserved for marking internal O’Reilly resources
    • Resources with this tag can only be modified by internal O’Reilly roles
Regions
  • Allowed regions: us-east-1, us-west-2
CloudFormation
  • CDK apps / CloudFormation templates are enabled for the supported services mentioned above.
  • IAM user provisioned in the lab can’t register the account as a publisher for public extensions.
EC2
  • Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small
  • Denied actions:
    • CreateClientVpnEndpoint
    • CreateClientVpnRoute
    • CreateVpnConnection
    • CreateVpnConnectionRoute
    • CreateVpnGateway
EBS
  • Throughput: <= 250MiB/s
  • Volume size: <= 125GB
  • IOPS: <= 3000
ECR
  • Only private repositories are supported at this time.
  • Users cannot modify any policies or configurations on the registry itself.
  • Users cannot access nor modify their public ECR registry or repositories.
  • Denied actions:
    • CreatePullThroughCacheRule
    • PutRegistryPolicy
    • PutRegistryScanningConfiguration
    • PutReplicationConfiguration
    • All actions under the ecr-public:* namespace
IAM
  • IAM user provisioned in the lab can’t be edited / removed
  • IAM user provisioned in the lab cannot edit/delete their inline policy
  • Denied actions:
    • AddClientIDToOpenIDConnectProvider
    • AddRoleToInstanceProfile
    • CreateInstanceProfile
    • CreateOpenIDConnectProvider
    • CreateSAMLProvider
    • CreateServiceSpecificCredential
    • CreateVirtualMFADevice
    • DeleteOpenIDConnectProvider
    • DeleteSAMLProvider
    • DeleteServerCertificate
    • DeleteServiceSpecificCredential
    • DeleteSigningCertificate
    • DeleteVirtualMFADevice
    • EnableMFADevice
    • GenerateCredentialReport
    • RemoveClientIDFromOpenIDConnectProvider
    • RemoveRoleFromInstanceProfile
    • ResetServiceSpecificCredential
    • ResyncMFADevice
    • SetSecurityTokenServicePreferences
    • UpdateAccountPasswordPolicy
    • UpdateOpenIDConnectProviderThumbprint
    • UpdateSAMLProvider
    • UpdateServerCertificate
    • UpdateServiceSpecificCredential
    • UpdateSigningCertificate
    • UploadServerCertificate
    • UploadSigningCertificate
RDS
  • Allowed instance types:
    • Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium,
    • Memory optimized classes: db.r5d.large
    • Standard classes: db.m5d.large,
  • Storage size limit: <= 250GB
SES

Unavailable

  • Billing and Account Settings
  • Organizations
  • Root user access
  • Support