AWS Service Details
Services List (with Resource Support Details)
The following can also be viewed as a Google Sheet.
Note: Only supported service resources are shown by default. Click column headers to adjust.
Unsupported Services
- Athena
- CloudTrail
- Control Tower
- Resource Group and Tag Editor
- Transcoder
Limitations
These constraints might change in the future as we continue development.
General
- Resources may not be tagged with “oreilly-cloudlabs” as this is reserved for marking internal O’Reilly resources
- Resources with this tag can only be modified by internal O’Reilly roles
Regions
- Allowed regions: us-east-1, us-west-2
ACM
- Denied actions:
- PutAccountConfiguration
CodeDeploy
- Denied actions:
- AddTagsToOnPremisesInstances
- RegisterOnPremisesInstance
CloudFormation
- CDK apps / CloudFormation templates are enabled for the supported services mentioned above.
- IAM user provisioned in the lab can’t register the account as a publisher for public extensions.
- Denied actions:
- RegisterPublisher
Dynamodb
- Denied actions:
- PurchaseReservedCapacityOfferings
EC2
- Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small, m3.medium
- Denied actions:
- PurchaseReservedInstancesOffering
Elasticache
- Allowed cache instance types: cache.t2.small, cache.t2.medium, cache.t2.micro, cache.t3.small, cache.t3.medium, cache.t3.micro, cache.t4g.small, cache.t4g.medium, cache.t4g.micro
- Replicas per node group: <= 2
- Node group count: <= 2
- Denied actions:
- CreateGlobalReplicationGroup
- IncreaseNodeGroupsInGlobalReplicationGroup
- ModifyGlobalReplicationGroup
- PurchaseReservedCacheNodesOffering
Elasticsearch
- Denied actions:
- PurchaseReservedInstanceOffering
- PurchaseReservedElasticsearchInstanceOffering
EBS
- Throughput: <= 250MiB/s
- Volume size: <= 125GB
- IOPS: <= 3000
ECR
- Only private repositories are supported at this time.
- Users cannot modify any policies or configurations on the registry itself.
- Users cannot access nor modify their public ECR registry or repositories.
- Denied actions:
- PutRegistryScanningConfiguration
- All actions under the
ecr-public:*
namespace
EventBridge
- Denied actions:
- CreatePartnerEventSource
Glue
- Glue database creation may fail if a KMS key is pending deletion and the user has not specified a customer-managed KMS key for encryption via the security configurations tab or the
put-data-catalog-encryption-settings
CLI command. - Denied actions:
- CreateDevEndpoint
- CreateSecurityConfiguration
IAM
- IAM user provisioned in the lab can’t be edited / removed
- IAM user provisioned in the lab cannot edit/delete their inline policy
- Denied actions:
- CreateAccountAlias
- DeleteAccountAlias
- GenerateCredentialReport
- SetSecurityTokenServicePreferences
- UpdateAccountPasswordPolicy
Kinesis video
- Denied actions:
- CreateSignalingChannel
RDS
- Allowed instance types:
- Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium,
- Memory optimized classes: db.r5d.large
- Standard classes: db.m5d.large,
- Storage size limit: <= 250GB
Route 53
- Denied actions:
- CreateReusableDelegationSet
S3
- Denied actions:
- BypassGovernanceRetention
- PutBucketObjectLockConfiguration
- PutObjectLegalHold
- PutObjectRetention
SES
- Limited to sandbox mode.
- Denied actions:
- PutAccountDetails
Step Functions
- Denied actions:
- CreateActivity
Unavailable
- Billing and Account Settings
- Organizations
- Root user access
- Support