AWS Service Details
Services List (with Resource Support Details)
The following can also be viewed as a Google Sheet.
Note: Only supported service resources are shown by default. Click column headers to adjust.
Unsupported Services
- Amazon Cognito
- Athena
- CloudTrail
- Comprehend
- Control Tower
- EventBridge
- Glue
- Key Management Service (KMS)
- Rekognition
- Resource Group and Tag Editor
- Systems Manager (SSM)
- Transcoder
Limitations
These constraints might change in the future as we continue development.
General
- Resources may not be tagged with “oreilly-cloudlabs” as this is reserved for marking internal O’Reilly resources
- Resources with this tag can only be modified by internal O’Reilly roles
Regions
- Allowed regions: us-east-1, us-west-2
CloudFormation
- CDK apps / CloudFormation templates are enabled for the supported services mentioned above.
- IAM user provisioned in the lab can’t register the account as a publisher for public extensions.
EC2
- Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small
- Denied actions:
- CreateClientVpnEndpoint
- CreateClientVpnRoute
- CreateVpnConnection
- CreateVpnConnectionRoute
- CreateVpnGateway
EBS
- Throughput: <= 250MiB/s
- Volume size: <= 125GB
- IOPS: <= 3000
ECR
- Only private repositories are supported at this time.
- Users cannot modify any policies or configurations on the registry itself.
- Users cannot access nor modify their public ECR registry or repositories.
- Denied actions:
- CreatePullThroughCacheRule
- PutRegistryPolicy
- PutRegistryScanningConfiguration
- PutReplicationConfiguration
- All actions under the
ecr-public:*
namespace
IAM
- IAM user provisioned in the lab can’t be edited / removed
- IAM user provisioned in the lab cannot edit/delete their inline policy
- Denied actions:
- AddClientIDToOpenIDConnectProvider
- AddRoleToInstanceProfile
- CreateInstanceProfile
- CreateOpenIDConnectProvider
- CreateSAMLProvider
- CreateServiceSpecificCredential
- CreateVirtualMFADevice
- DeleteOpenIDConnectProvider
- DeleteSAMLProvider
- DeleteServerCertificate
- DeleteServiceSpecificCredential
- DeleteSigningCertificate
- DeleteVirtualMFADevice
- EnableMFADevice
- GenerateCredentialReport
- RemoveClientIDFromOpenIDConnectProvider
- RemoveRoleFromInstanceProfile
- ResetServiceSpecificCredential
- ResyncMFADevice
- SetSecurityTokenServicePreferences
- UpdateAccountPasswordPolicy
- UpdateOpenIDConnectProviderThumbprint
- UpdateSAMLProvider
- UpdateServerCertificate
- UpdateServiceSpecificCredential
- UpdateSigningCertificate
- UploadServerCertificate
- UploadSigningCertificate
RDS
- Allowed instance types:
- Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium,
- Memory optimized classes: db.r5d.large
- Standard classes: db.m5d.large,
- Storage size limit: <= 250GB
SES
- Limited to sandbox mode.
Unavailable
- Billing and Account Settings
- Organizations
- Root user access
- Support