Link Search Menu Expand Document

AWS Service Details

Services List (with Resource Support Details)

The following can also be viewed as a Google Sheet.

Note: Only supported service resources are shown by default. Click column headers to adjust.

Unsupported Services

  • Athena
  • CloudTrail
  • Control Tower
  • Resource Group and Tag Editor
  • Transcoder

Limitations

These constraints might change in the future as we continue development.

General
  • Resources may not be tagged with “oreilly-cloudlabs” as this is reserved for marking internal O’Reilly resources
    • Resources with this tag can only be modified by internal O’Reilly roles
Regions
  • Allowed regions: us-east-1, us-west-2
ACM
  • Denied actions:
    • PutAccountConfiguration
CodeDeploy
  • Denied actions:
    • AddTagsToOnPremisesInstances
    • RegisterOnPremisesInstance
CloudFormation
  • CDK apps / CloudFormation templates are enabled for the supported services mentioned above.
  • IAM user provisioned in the lab can’t register the account as a publisher for public extensions.
  • Denied actions:
    • RegisterPublisher
Dynamodb
  • Denied actions:
    • PurchaseReservedCapacityOfferings
EC2
  • Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small, m3.medium
  • Denied actions:
    • PurchaseReservedInstancesOffering
Elasticache
  • Allowed cache instance types: cache.t2.small, cache.t2.medium, cache.t2.micro, cache.t3.small, cache.t3.medium, cache.t3.micro, cache.t4g.small, cache.t4g.medium, cache.t4g.micro
  • Replicas per node group: <= 2
  • Node group count: <= 2
  • Denied actions:
    • CreateGlobalReplicationGroup
    • IncreaseNodeGroupsInGlobalReplicationGroup
    • ModifyGlobalReplicationGroup
    • PurchaseReservedCacheNodesOffering
Elasticsearch
  • Denied actions:
    • PurchaseReservedInstanceOffering
    • PurchaseReservedElasticsearchInstanceOffering
EBS
  • Throughput: <= 250MiB/s
  • Volume size: <= 125GB
  • IOPS: <= 3000
ECR
  • Only private repositories are supported at this time.
  • Users cannot modify any policies or configurations on the registry itself.
  • Users cannot access nor modify their public ECR registry or repositories.
  • Denied actions:
    • PutRegistryScanningConfiguration
    • All actions under the ecr-public:* namespace
EventBridge
  • Denied actions:
    • CreatePartnerEventSource
Glue
  • Glue database creation may fail if a KMS key is pending deletion and the user has not specified a customer-managed KMS key for encryption via the security configurations tab or the put-data-catalog-encryption-settings CLI command.
  • Denied actions:
    • CreateDevEndpoint
    • CreateSecurityConfiguration
IAM
  • IAM user provisioned in the lab can’t be edited / removed
  • IAM user provisioned in the lab cannot edit/delete their inline policy
  • Denied actions:
    • CreateAccountAlias
    • DeleteAccountAlias
    • GenerateCredentialReport
    • SetSecurityTokenServicePreferences
    • UpdateAccountPasswordPolicy
Kinesis video
  • Denied actions:
    • CreateSignalingChannel
RDS
  • Allowed instance types:
    • Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium,
    • Memory optimized classes: db.r5d.large
    • Standard classes: db.m5d.large,
  • Storage size limit: <= 250GB
Route 53
  • Denied actions:
    • CreateReusableDelegationSet
S3
  • Denied actions:
    • BypassGovernanceRetention
    • PutBucketObjectLockConfiguration
    • PutObjectLegalHold
    • PutObjectRetention
SES
  • Limited to sandbox mode.
  • Denied actions:
    • PutAccountDetails
Step Functions
  • Denied actions:
    • CreateActivity

Unavailable

  • Billing and Account Settings
  • Organizations
  • Root user access
  • Support