Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Supported Resource Types for Amazon Config
This page is updated on a monthly cadence at the beginning of each month.
Amazon Config supports the following Amazon resources types and resource relationships.
-
For more detailed information about a resource type,
see its reference information (such as syntax, properties and return values) in the Amazon resource and property types reference in the Amazon CloudFormation User Guide.
-
For Amazon Config recording, some Amazon Regions support a subset of these resource types. For information on which resource types are supported in which Regions,
see Resource Coverage by Region Availability.
-
Advanced queries for Amazon Config supports a subset of these resource types. For a list of those supported resource types, see Supported Resource Types for Advanced Queries.
-
Proactive evaluation for Amazon Config supports a subset of these resource types. For a list of those supported resource types, see Supported Resource Types for Proactive Evaluation.
-
Periodic rules run without the configuration recorder being enabled since periodic rules do not depend on
configuration items (CIs). For more information on the difference between change–triggered rules and
periodic rules, see Evaluation Mode and Trigger Types for Amazon Config Rules.
This means that if you view the rule page, there is no listed CI or supported resource. If you select the resource ID, you will see the following error:
The provided resource ID and resource type cannot be found. This is expected behavior.
Region availability for resource types
Before specifying a resource type for Amazon Config to track,
check Resource Coverage by Region Availability
to see if the resource type is supported in the Amazon Region where you set up Amazon Config.
If a resource type is supported by Amazon Config in at least one Region,
you can enable the recording of that resource type in all Regions supported by Amazon Config,
even if the specified resource type is not supported in the Amazon Region where you set up Amazon Config.
Tagging support for resource types
If a resource type does not support tagging or does not include tag information in its
describe API response, Amazon Config won't capture tag data in the configuration items (CIs) for that
resource type. Amazon Config will still record these resources. However, any functionality that relies
on tag data won't work. This affects tag-based filtering, grouping, or compliance evaluation
that relies on tag data.
Amazon AppStream
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon AppStream |
AWS::AppStream::DirectoryConfig |
NA |
NA |
AWS::AppStream::Application |
NA |
NA |
AWS::AppStream::Stack |
NA |
NA |
AWS::AppStream::Fleet |
NA |
NA |
Amazon AppFlow
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon AppFlow |
AWS::AppFlow::Flow |
NA |
NA |
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon AppIntegrations |
AWS::AppIntegrations::EventIntegration |
NA |
NA |
AWS::AppIntegrations::Application |
NA |
NA |
Amazon API Gateway
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| API Gateway |
AWS::ApiGateway::Stage |
is contained in |
ApiGateway Rest Api |
| is associated with |
WAFRegional WebACL |
AWS::ApiGateway::RestApi |
contains |
ApiGateway Stage |
| API Gateway V2 |
AWS::ApiGatewayV2::Stage |
is contained in |
ApiGatewayV2 Api |
AWS::ApiGatewayV2::Api |
contains |
ApiGatewayV2 Stage |
To learn more about how Amazon Config integrates with Amazon API Gateway, see Monitoring API Gateway API Configuration with
Amazon Config.
Amazon Athena
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Athena |
AWS::Athena::WorkGroup |
NA |
NA |
AWS::Athena::DataCatalog |
NA |
NA |
AWS::Athena::PreparedStatement |
NA |
NA |
Amazon Bedrock
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Bedrock |
AWS::Bedrock::Guardrail |
NA |
NA |
AWS::Bedrock::KnowledgeBase |
NA |
NA |
Amazon CloudFront
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CloudFront |
AWS::CloudFront::Distribution |
is associated with |
Amazon WAF WebACL |
| ACM Certificate |
| S3 Bucket |
| IAM Server Certificate |
AWS::CloudFront::StreamingDistribution |
is associated with |
Amazon WAF WebACL |
| ACM Certificate |
| S3 Bucket |
| IAM Server Certificate |
Amazon CloudWatch
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CloudWatch |
AWS::CloudWatch::Alarm |
NA |
NA |
AWS::CloudWatch::MetricStream |
NA |
NA |
| Amazon CloudWatch Logs |
AWS::Logs::Destination |
NA |
NA |
| Amazon CloudWatch RUM |
AWS::RUM::AppMonitor |
NA |
NA |
| Amazon CloudWatch Evidently |
AWS::Evidently::Project |
NA |
NA |
AWS::Evidently::Launch |
NA |
NA |
AWS::Evidently::Segment |
NA |
NA |
Amazon CodeGuru
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CodeGuru Reviewer |
AWS::CodeGuruReviewer::RepositoryAssociation |
NA |
NA |
| Amazon CodeGuru Profiler |
AWS::CodeGuruProfiler::ProfilingGroup |
NA |
NA |
Amazon Cognito
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Cognito |
AWS::Cognito::UserPool |
NA |
NA |
AWS::Cognito::UserPoolClient |
NA |
NA |
AWS::Cognito::UserPoolGroup |
NA |
NA |
AWS::Cognito::IdentityPool |
NA |
NA |
Amazon Connect
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Connect |
AWS::Connect::PhoneNumber |
NA |
NA |
AWS::Connect::QuickConnect |
NA |
NA |
AWS::Connect::Instance |
NA |
NA |
AWS::Connect::Rule |
NA |
NA |
AWS::Connect::User |
NA |
NA |
| Amazon Connect Customer Profiles |
AWS::CustomerProfiles::Domain |
NA |
NA |
AWS::CustomerProfiles::ObjectType |
NA |
NA |
Amazon Detective
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Detective |
AWS::Detective::Graph |
NA |
NA |
Amazon DynamoDB
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon DynamoDB |
AWS::DynamoDB::Table |
NA |
NA |
Amazon Elastic Compute Cloud
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic Compute Cloud |
AWS::EC2::Host* |
contains |
EC2 instance |
AWS::EC2::EIP |
is attached to |
EC2 instance |
| Network interface |
AWS::EC2::Instance |
contains |
EC2 network interface |
| is associated with |
EC2 security group |
| is attached to |
Amazon EBS volume |
| EC2 Elastic IP (EIP) |
| is contained in |
EC2 Dedicated host |
| Route table |
| Subnet |
| Virtual private cloud (VPC) |
AWS::EC2::NetworkInterface |
is associated with |
EC2 security group |
| is attached to |
EC2 Elastic IP (EIP) |
| EC2 instance |
| is contained in |
Route table |
| Subnet |
| Virtual private cloud (VPC) |
AWS::EC2::SecurityGroup* |
is associated with |
EC2 instance |
| EC2 network interface |
| Virtual private cloud (VPC) |
AWS::EC2::NatGateway |
is contained in |
Virtual private cloud (VPC) |
| is contained in |
Subnet |
AWS::EC2::EgressOnlyInternetGateway |
is attached to |
Virtual private cloud (VPC) |
AWS::EC2::EC2Fleet
|
NA |
NA |
AWS::EC2::SpotFleet
|
NA |
NA |
AWS::EC2::PrefixList
|
NA |
NA |
AWS::EC2::FlowLog |
NA |
NA |
AWS::EC2::TransitGateway |
NA |
NA |
AWS::EC2::TransitGatewayAttachment |
NA |
NA |
AWS::EC2::TransitGatewayRouteTable |
NA |
NA |
AWS::EC2::VPCEndpoint |
is contained in |
Virtual private cloud (VPC) |
| is attached to |
Network interface |
| is contained in |
Subnet |
| is contained in |
Route table |
AWS::EC2::VPCEndpointService |
is associated with |
ElasticLoadBalancingV2 LoadBalancer |
AWS::EC2::VPCPeeringConnection |
is associated with |
Virtual private cloud (VPC) |
AWS::EC2::RegisteredHAInstance |
is associated with |
EC2 instance |
AWS::EC2::SubnetRouteTableAssociation |
NA |
NA |
AWS::EC2::LaunchTemplate |
NA |
NA |
AWS::EC2::NetworkInsightsAccessScopeAnalysis |
NA |
NA |
AWS::EC2::TrafficMirrorTarget |
NA |
NA |
AWS::EC2::TrafficMirrorSession |
NA |
NA |
AWS::EC2::DHCPOptions |
NA |
NA |
AWS::EC2::IPAM |
NA |
NA |
AWS::EC2::IPAMResourceDiscovery |
NA |
NA |
AWS::EC2::IPAMResourceDiscoveryAssociation |
NA |
NA |
AWS::EC2::NetworkInsightsPath |
NA |
NA |
AWS::EC2::TrafficMirrorFilter |
NA |
NA |
AWS::EC2::CapacityReservation |
NA |
NA |
AWS::EC2::ClientVpnEndpoint |
NA |
NA |
AWS::EC2::CustomerGateway |
is attached to |
VPN connection |
AWS::EC2::InternetGateway |
is attached to |
Virtual private cloud (VPC) |
AWS::EC2::NetworkAcl |
NA |
NA |
AWS::EC2::RouteTable |
contains |
EC2 instance |
| EC2 network interface |
| Subnet |
| VPN gateway |
| is contained in |
Virtual private cloud (VPC) |
AWS::EC2::Subnet |
contains |
EC2 instance |
| EC2 network interface |
| is attached to |
Network ACL |
| is contained in |
Route table |
| Virtual private cloud (VPC) |
AWS::EC2::VPC |
contains |
EC2 instance |
| EC2 network interface |
| Network ACL |
| Route table |
| Subnet |
| is associated with |
Security group |
| is attached to |
Internet gateway |
| VPN gateway |
AWS::EC2::VPNConnection |
is attached to |
Customer gateway |
| VPN gateway |
AWS::EC2::VPNConnectionRoute |
NA |
NA |
AWS::EC2::VPNGateway |
is attached to |
Virtual private cloud (VPC) |
| VPN connection |
| is contained in |
Route table |
AWS::EC2::IPAMScope |
NA |
NA |
AWS::EC2::CarrierGateway |
NA |
NA |
AWS::EC2::TransitGatewayConnect |
NA |
NA |
AWS::EC2::IPAMPool |
NA |
NA |
AWS::EC2::TransitGatewayMulticastDomain |
NA |
NA |
AWS::EC2::NetworkInsightsAccessScope |
NA |
NA |
AWS::EC2::NetworkInsightsAnalysis |
NA |
NA |
AWS::EC2::VPCBlockPublicAccessOptions |
NA |
NA |
AWS::EC2::VPCBlockPublicAccessExclusion |
NA |
NA |
AWS::EC2::EIPAssociation |
NA |
NA |
AWS::EC2::InstanceConnectEndpoint |
NA |
NA |
AWS::EC2::SnapshotBlockPublicAccess |
NA |
NA |
AWS::EC2::VPCEndpointConnectionNotification |
NA |
NA |
| Amazon Elastic Block Store |
AWS::EC2::Volume |
is attached to |
EC2 instance |
| EC2 Image Builder |
AWS::ImageBuilder::ImagePipeline |
NA |
NA |
AWS::ImageBuilder::DistributionConfiguration |
NA |
NA |
AWS::ImageBuilder::ContainerRecipe |
NA |
NA |
AWS::ImageBuilder::InfrastructureConfiguration |
NA |
NA |
AWS::ImageBuilder::ImageRecipe |
NA |
NA |
*Amazon Config records the configuration details of Dedicated hosts and
the instances that you launch on them. As a result, you can use Amazon Config as a data source when you
report compliance with your server-bound software licenses. For example, you can view the
configuration history of an instance and determine which Amazon Machine Image (AMI) it is
based on. Then, you can look up the configuration history of the host, which includes details
such as the numbers of sockets and cores, to check that the host complies with the license
requirements of the AMI. For more information, see Tracking Configuration Changes with Amazon Config in the Amazon EC2 User Guide.
*The EC2 SecurityGroup Properties definition contains IP CIDR
blocks, which are converted to IP ranges internally, and may return unexpected results when
trying to find a specific IP range. For workarounds to search for specific IP ranges, see
Limitations for
Advanced Queries.
Amazon Elastic Container Registry
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic Container Registry |
AWS::ECR::Repository |
NA |
NA |
AWS::ECR::RegistryPolicy |
NA |
NA |
AWS::ECR::PullThroughCacheRule
|
NA |
NA |
| Amazon Elastic Container Registry Public |
AWS::ECR::PublicRepository |
NA |
NA |
Amazon Elastic Container Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic Container Service |
AWS::ECS::Cluster |
NA |
NA |
AWS::ECS::TaskDefinition |
NA |
NA |
AWS::ECS::Service* |
NA |
NA |
AWS::ECS::TaskSet |
NA |
NA |
AWS::ECS::CapacityProvider |
NA |
NA |
*This service currently only support the new Amazon Resource
Name (ARN) format. For more information, see Amazon Resource Names (ARNs) and IDs in the ECS developer guide.
Old (not supported):
arn:aws:ecs:region:aws_account_id:service/service-name
New (supported):
arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name
Amazon Elastic File System
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic File System |
AWS::EFS::FileSystem |
NA |
NA |
AWS::EFS::AccessPoint |
NA |
NA |
Amazon Elastic Kubernetes Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic Kubernetes Service |
AWS::EKS::Cluster |
NA |
NA |
AWS::EKS::FargateProfile |
NA |
NA |
AWS::EKS::IdentityProviderConfig |
NA |
NA |
AWS::EKS::Addon |
NA |
NA |
Amazon EMR
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon EMR |
AWS::EMR::SecurityConfiguration |
NA |
NA |
Amazon EventBridge
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon EventBridge |
AWS::Events::EventBus |
NA |
NA |
AWS::Events::ApiDestination |
NA |
NA |
AWS::Events::Archive |
NA |
NA |
AWS::Events::Endpoint |
NA |
NA |
AWS::Events::Connection |
NA |
NA |
AWS::Events::Rule |
NA |
NA |
| Amazon EventBridge schemas |
AWS::EventSchemas::RegistryPolicy |
NA |
NA |
AWS::EventSchemas::Discoverer |
NA |
NA |
AWS::EventSchemas::Schema |
NA |
NA |
AWS::EventSchemas::Registry |
NA |
NA |
Amazon Forecast
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Forecast |
AWS::Forecast::Dataset |
NA |
NA |
AWS::Forecast::DatasetGroup |
NA |
NA |
Amazon Fraud Detector
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Fraud Detector |
AWS::FraudDetector::Label |
NA |
NA |
AWS::FraudDetector::EntityType |
NA |
NA |
AWS::FraudDetector::Variable |
NA |
NA |
AWS::FraudDetector::Outcome |
NA |
NA |
Amazon GuardDuty
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon GuardDuty |
AWS::GuardDuty::Detector |
NA |
NA |
AWS::GuardDuty::ThreatIntelSet |
NA |
NA |
AWS::GuardDuty::IPSet |
NA |
NA |
AWS::GuardDuty::Filter |
NA |
NA |
Amazon Inspector
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Inspector |
AWS::InspectorV2::Filter
|
NA |
NA |
AWS::InspectorV2::Activation |
NA |
NA |
Amazon Interactive Video Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Interactive Video Service |
AWS::IVS::Channel |
NA |
NA |
AWS::IVS::RecordingConfiguration |
NA |
NA |
AWS::IVS::PlaybackKeyPair |
NA |
NA |
Amazon Keyspaces (for Apache Cassandra)
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Keyspaces (for Apache Cassandra) |
AWS::Cassandra::Keyspace |
NA |
NA |
Amazon OpenSearch Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon OpenSearch Service (legacy Elasticsearch) |
AWS::Elasticsearch::Domain |
is associated with |
KMS Key |
| EC2 security group |
| EC2 subnet |
| Virtual private cloud (VPC) |
| Amazon OpenSearch Service |
AWS::OpenSearch::Domain |
NA |
NA |
| Amazon OpenSearch Serverless |
AWS::OpenSearchServerless::VpcEndpoint |
NA |
NA |
AWS::OpenSearchServerless::Collection |
NA |
NA |
Amazon OpenSearch Service rename
On September 8, 2021, Amazon Elasticsearch Service was renamed to Amazon OpenSearch Service. OpenSearch Service supports OpenSearch as well as legacy Elasticsearch OSS.
For more information, see Amazon OpenSearch Service - Summary of changes.
You might continue to see your data for AWS::OpenSearch::Domain under the existing AWS::Elasticsearch::Domain resource type for several weeks, even if you upgrade one or more domains to OpenSearch.
Amazon Personalize
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Personalize |
AWS::Personalize::Dataset |
NA |
NA |
AWS::Personalize::Schema |
NA |
NA |
AWS::Personalize::Solution |
NA |
NA |
AWS::Personalize::DatasetGroup |
NA |
NA |
Amazon Pinpoint
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Pinpoint |
AWS::Pinpoint::ApplicationSettings |
NA |
NA |
AWS::Pinpoint::Segment |
NA |
NA |
AWS::Pinpoint::App |
NA |
NA |
AWS::Pinpoint::Campaign |
NA |
NA |
AWS::Pinpoint::InAppTemplate |
NA |
NA |
AWS::Pinpoint::EmailChannel |
NA |
NA |
AWS::Pinpoint::EmailTemplate |
NA |
NA |
AWS::Pinpoint::EventStream |
NA |
NA |
Amazon Quantum Ledger Database (Amazon QLDB)
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon QLDB |
AWS::QLDB::Ledger |
NA |
NA |
Amazon Kendra
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Kendra |
AWS::Kendra::Index
|
NA |
NA |
Amazon Kinesis
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Kinesis |
AWS::Kinesis::Stream |
NA |
NA |
AWS::Kinesis::StreamConsumer |
NA |
NA |
| Amazon Kinesis Analytics V2 |
AWS::KinesisAnalyticsV2::Application |
NA |
NA |
| Amazon Data Firehose |
AWS::KinesisFirehose::DeliveryStream |
NA |
NA |
| Kinesis video stream |
AWS::KinesisVideo::SignalingChannel |
NA |
NA |
AWS::KinesisVideo::Stream |
NA |
NA |
Amazon Lex
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Lex |
AWS::Lex::BotAlias
|
NA |
NA |
AWS::Lex::Bot |
NA |
NA |
Amazon Lightsail
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Lightsail |
AWS::Lightsail::Disk |
NA |
NA |
AWS::Lightsail::Certificate |
NA |
NA |
AWS::Lightsail::Bucket |
NA |
NA |
AWS::Lightsail::StaticIp |
NA |
NA |
Amazon Lookout for Metrics
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Lookout for Metrics |
AWS::LookoutMetrics::Alert |
NA |
NA |
Amazon Lookout for Vision
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Lookout for Vision |
AWS::LookoutVision::Project |
NA |
NA |
Amazon Macie
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Macie |
AWS::Macie::Session |
NA |
NA |
Amazon Managed Grafana
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Managed Grafana |
AWS::Grafana::Workspace |
NA |
NA |
Amazon Managed Service for Prometheus
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Managed Service for Prometheus |
AWS::APS::RuleGroupsNamespace |
NA |
NA |
Amazon MemoryDB
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon MemoryDB |
AWS::MemoryDB::SubnetGroup |
NA |
NA |
Amazon MQ
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon MQ |
AWS::AmazonMQ::Broker |
NA |
NA |
Amazon Managed Streaming for Apache Kafka
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Managed Streaming for Apache Kafka |
AWS::MSK::Cluster |
NA |
NA |
AWS::MSK::Configuration |
NA |
NA |
AWS::MSK::BatchScramSecret |
NA |
NA |
AWS::MSK::ClusterPolicy |
NA |
NA |
AWS::MSK::VpcConnection |
NA |
NA |
| Amazon Managed Streaming for Apache Kafka Connect |
AWS::KafkaConnect::Connector |
NA |
NA |
Amazon QuickSight
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon QuickSight |
AWS::QuickSight::DataSource |
NA |
NA |
AWS::QuickSight::Template |
NA |
NA |
AWS::QuickSight::Theme |
NA |
NA |
Amazon Redshift
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Redshift |
AWS::Redshift::Cluster |
is associated with |
Cluster parameter group |
| Cluster security group |
| Cluster subnet group |
| Security group |
| Virtual private cloud (VPC) |
AWS::Redshift::ClusterParameterGroup |
NA |
NA |
AWS::Redshift::ClusterSecurityGroup |
NA |
NA |
AWS::Redshift::ScheduledAction |
NA |
NA |
AWS::Redshift::ClusterSnapshot |
is associated with |
Cluster |
| Virtual private cloud (VPC) |
AWS::Redshift::ClusterSubnetGroup |
is associated with |
Subnet |
| Virtual private cloud (VPC) |
AWS::Redshift::EventSubscription |
NA |
NA |
AWS::Redshift::EndpointAccess |
NA |
NA |
AWS::Redshift::EndpointAuthorization |
NA |
NA |
Amazon Relational Database Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Relational Database Service |
AWS::RDS::DBInstance |
is associated with |
EC2 security group |
| RDS DB security group |
| RDS DB subnet group |
AWS::RDS::DBSecurityGroup |
is associated with |
EC2 security group |
| Virtual private cloud (VPC) |
AWS::RDS::DBSnapshot |
is associated with |
Virtual private cloud (VPC) |
AWS::RDS::DBSubnetGroup |
is associated with |
EC2 security group |
| Virtual private cloud (VPC) |
AWS::RDS::EventSubscription |
NA |
NA |
AWS::RDS::DBCluster |
contains |
RDS DB instance |
| is associated with |
RDS DB subnet group |
| EC2 security group |
AWS::RDS::DBClusterSnapshot |
is associated with |
RDS DB cluster |
| Virtual private cloud (VPC) |
AWS::RDS::GlobalCluster |
NA |
NA |
AWS::RDS::OptionGroup |
NA |
NA |
Amazon Route 53
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Route 53 |
AWS::Route53::HostedZone |
NA |
NA |
AWS::Route53::HealthCheck |
NA |
NA |
| Amazon Route 53 Profiles |
AWS::Route53Profiles::Profile |
NA |
NA |
| Amazon Route 53 Resolver |
AWS::Route53Resolver::ResolverEndpoint |
NA |
NA |
AWS::Route53Resolver::ResolverRule |
NA |
NA |
AWS::Route53Resolver::ResolverRuleAssociation |
NA |
NA |
AWS::Route53Resolver::FirewallDomainList |
NA |
NA |
AWS::Route53Resolver::FirewallRuleGroupAssociation |
NA |
NA |
AWS::Route53Resolver::ResolverQueryLoggingConfig |
NA |
NA |
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation |
NA |
NA |
AWS::Route53Resolver::FirewallRuleGroup |
NA |
NA |
| Amazon Application Recovery Controller (ARC) |
AWS::Route53RecoveryReadiness::Cell |
NA |
NA |
AWS::Route53RecoveryReadiness::ReadinessCheck |
NA |
NA |
AWS::Route53RecoveryReadiness::RecoveryGroup |
NA |
NA |
AWS::Route53RecoveryControl::Cluster |
NA |
NA |
AWS::Route53RecoveryControl::ControlPanel |
NA |
NA |
AWS::Route53RecoveryControl::RoutingControl |
NA |
NA |
AWS::Route53RecoveryControl::SafetyRule |
NA |
NA |
AWS::Route53RecoveryReadiness::ResourceSet |
NA |
NA |
Amazon SageMaker AI
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon SageMaker AI |
AWS::SageMaker::CodeRepository |
NA |
NA |
AWS::SageMaker::Domain |
NA |
NA |
AWS::SageMaker::AppImageConfig |
NA |
NA |
AWS::SageMaker::Image |
NA |
NA |
AWS::SageMaker::Model |
NA |
NA |
AWS::SageMaker::NotebookInstance |
NA |
NA |
AWS::SageMaker::NotebookInstanceLifecycleConfig |
NA |
NA |
AWS::SageMaker::EndpointConfig |
NA |
NA |
AWS::SageMaker::Workteam |
NA |
NA |
AWS::SageMaker::FeatureGroup |
NA |
NA |
AWS::SageMaker::InferenceExperiment |
NA |
NA |
Amazon Simple Email Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Simple Email Service |
AWS::SES::ConfigurationSet |
NA |
NA |
AWS::SES::ContactList |
NA |
NA |
AWS::SES::Template |
NA |
NA |
AWS::SES::ReceiptFilter |
NA |
NA |
AWS::SES::ReceiptRuleSet |
NA |
NA |
Amazon Simple Notification Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Simple Notification Service |
AWS::SNS::Topic |
NA |
NA |
Amazon Simple Queue Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Simple Queue Service |
AWS::SQS::Queue |
NA |
NA |
Amazon Simple Storage Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Simple Storage Service |
AWS::S3::Bucket* |
NA |
NA |
AWS::S3::AccountPublicAccessBlock |
NA |
NA |
AWS::S3::MultiRegionAccessPoint |
NA |
NA |
AWS::S3::StorageLens |
NA |
NA |
AWS::S3::AccessPoint |
NA |
NA |
AWS::S3::StorageLensGroup |
NA |
NA |
| Amazon S3 Express One Zone |
AWS::S3Express::DirectoryBucket |
NA |
NA |
AWS::S3Express::BucketPolicy |
NA |
NA |
*If you configured Amazon Config to record your S3 buckets, and are not
receiving configuration change notifications, check that your S3 bucket policies have the
required permissions. For more information, see Managing Permissions for S3
Bucket Recording.
Amazon S3 Bucket Attributes
Amazon Config also records the following attributes for the Amazon S3 bucket resource type.
| Attributes |
Description |
| AccelerateConfiguration |
Transfer acceleration for data over long distances between your client and a
bucket. |
| BucketAcl |
Access control list used to manage access to buckets and objects. |
| BucketPolicy |
Policy that defines the permissions to the bucket. |
| CrossOriginConfiguration |
Allow cross-origin requests to the bucket. |
| LifecycleConfiguration |
Rules that define the lifecycle for objects in your bucket. |
| LoggingConfiguration |
Logging used to track requests for access to the bucket. |
| NotificationConfiguration |
Event notifications used to send alerts or trigger workflows for specified bucket
events. |
| ReplicationConfiguration |
Automatic, asynchronous copying of objects across buckets in different Amazon
Regions. |
| RequestPaymentConfiguration |
Requester pays is enabled. |
| TaggingConfiguration |
Tags added to the bucket to categorize. You can also use tagging to track
billing. |
| WebsiteConfiguration |
Static website hosting is enabled for the bucket. |
| VersioningConfiguration |
Versioning is enabled for objects in the bucket. |
For more information about the attributes, see Bucket Configuration
Options in the Amazon Simple Storage Service User Guide.
Amazon WorkSpaces
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon WorkSpaces |
AWS::WorkSpaces::ConnectionAlias |
NA |
NA |
AWS::WorkSpaces::Workspace |
NA |
NA |
Amazon Amplify
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Amplify |
AWS::Amplify::App |
NA |
NA |
AWS::Amplify::Branch |
NA |
NA |
Amazon AppConfig
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon AppConfig |
AWS::AppConfig::Application |
NA |
NA |
AWS::AppConfig::Environment |
NA |
NA |
AWS::AppConfig::ConfigurationProfile |
NA |
NA |
AWS::AppConfig::DeploymentStrategy |
NA |
NA |
AWS::AppConfig::HostedConfigurationVersion |
NA |
NA |
AWS::AppConfig::ExtensionAssociation |
NA |
NA |
Amazon App Runner
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon App Runner |
AWS::AppRunner::VpcConnector |
NA |
NA |
AWS::AppRunner::Service |
NA |
NA |
Amazon App Mesh
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon App Mesh |
AWS::AppMesh::VirtualNode |
NA |
NA |
AWS::AppMesh::VirtualService |
NA |
NA |
AWS::AppMesh::VirtualGateway |
NA |
NA |
AWS::AppMesh::VirtualRouter |
NA |
NA |
AWS::AppMesh::Route |
NA |
NA |
AWS::AppMesh::GatewayRoute |
NA |
NA |
AWS::AppMesh::Mesh |
NA |
NA |
Amazon AppSync
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon AppSync |
AWS::AppSync::GraphQLApi |
NA |
NA |
Amazon Audit Manager
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Audit Manager |
AWS::AuditManager::Assessment |
NA |
NA |
Amazon Auto Scaling
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Auto Scaling |
AWS::AutoScaling::AutoScalingGroup |
contains |
Amazon EC2 instance |
| is associated with |
Classic Load Balancer |
| Auto Scaling launch configuration |
| Subnet |
AWS::AutoScaling::LaunchConfiguration |
is associated with |
Amazon EC2 security group |
AWS::AutoScaling::ScalingPolicy |
is associated with |
Auto Scaling group |
| Alarm |
AWS::AutoScaling::ScheduledAction |
is associated with |
Auto Scaling group |
AWS::AutoScaling::WarmPool |
NA |
NA |
Amazon Backup
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Backup |
AWS::Backup::BackupPlan |
NA |
NA* |
AWS::Backup::BackupSelection |
NA |
NA |
AWS::Backup::BackupVault |
NA |
NA* |
AWS::Backup::RecoveryPoint |
NA |
NA |
AWS::Backup::ReportPlan |
NA |
NA |
Due to how Amazon Backup works, some of these resource types relate to the other Amazon Backup
resource types in this table.
AWS::Backup::BackupPlan is related to
AWS::Backup::BackupSelection where a Backup Plan has many selections, and
AWS::Backup::BackupVault is related to AWS::Backup::RecoveryPoint
where an Amazon Backup Vault has multiple recovery points.
For more information, see Managing
backups using backup plans and Working with
backup vaults.
Amazon Batch
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Batch |
AWS::Batch::JobQueue |
NA |
NA |
AWS::Batch::ComputeEnvironment |
NA |
NA |
AWS::Batch::SchedulingPolicy |
NA |
NA |
Amazon Budgets
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Budgets |
AWS::Budgets::BudgetsAction |
NA |
NA |
Amazon Certificate Manager
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Certificate Manager |
AWS::ACM::Certificate |
NA |
NA |
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CloudFormation |
AWS::CloudFormation::Stack* |
contains |
Supported Amazon resource types |
*Amazon Config records configuration changes to Amazon CloudFormation stacks and
supported resource types in the stacks. Amazon Config does not record configuration changes for
resource types in the stack that are not yet supported. Unsupported resource types appear in
the supplementary configuration section of the configuration item for the stack.
Amazon CloudTrail
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CloudTrail |
AWS::CloudTrail::Trail |
NA |
NA |
Amazon Cloud9
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Cloud9 |
AWS::Cloud9::EnvironmentEC2 |
NA |
NA |
Amazon Cloud9 access no longer available to new users
After careful consideration, we have made the decision to close new customer access to Amazon Cloud9,
effective July 25, 2024. Amazon Cloud9 existing customers can continue to use the service as normal.
Amazon continues to invest in security, availability, and performance improvements for Amazon Cloud9, but we do not plan to introduce new features.
For more information, see How to migrate from Amazon Cloud9 to Amazon IDE Toolkits or Amazon CloudShell.
Amazon Cloud Map
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Service Discovery |
AWS::ServiceDiscovery::Service |
NA |
NA |
AWS::ServiceDiscovery::PublicDnsNamespace |
NA |
NA |
AWS::ServiceDiscovery::HttpNamespace |
NA |
NA |
AWS::ServiceDiscovery::Instance |
NA |
NA |
Amazon CodeArtifact
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CodeArtifact |
AWS::CodeArtifact::Repository |
NA |
NA |
Amazon CodeBuild
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CodeBuild |
AWS::CodeBuild::Project* |
is associated with |
S3 bucket |
| IAM role |
AWS::CodeBuild::ReportGroup |
NA |
NA |
*To learn more about how Amazon Config integrates with Amazon CodeBuild, see
Use Amazon Config with Amazon CodeBuild
Sample.
Amazon CodeDeploy
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CodeDeploy |
AWS::CodeDeploy::Application |
contains |
DeploymentGroup |
AWS::CodeDeploy::DeploymentConfig |
NA |
NA |
AWS::CodeDeploy::DeploymentGroup |
is contained in |
Application |
Amazon CodePipeline
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon CodePipeline |
AWS::CodePipeline::Pipeline* |
is attached to |
S3 bucket |
| is associated with |
IAM role |
| Code project |
| Lambda function |
| Cloudformation stack |
| ElasticBeanstalk application |
*Amazon Config records configuration changes to CodePipeline pipelines and
supported resource types in the pipelines. Amazon Config does not record configuration changes for
resource types in the pipelines that are not yet supported. Unsupported resource types such as
CodeCommit repository, CodeDeploy application, ECS cluster, and ECS
service appear in the supplementary configuration section of the configuration item
for the stack.
Amazon Config
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Config |
AWS::Config::ResourceCompliance* |
is associated with |
All resources* |
AWS::Config::ConformancePackCompliance |
NA |
NA |
AWS::Config::ConfigurationRecorder* |
NA |
NA |
*The relationship between
AWS::Config::ResourceCompliance and a related resource depends on how
AWS::Config::ResourceCompliance reports compliance for that specific resource
type.
*AWS::Config::ConfigurationRecorder is a system resource type of Amazon Config and recording of this resource type is enabled by default.
Recording for the AWS::Config::ConformancePackCompliance and AWS::Config::ConfigurationRecorder resource types come with no additional charge.
Amazon Database Migration Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Database Migration Service |
AWS::DMS::EventSubscription |
NA |
NA |
AWS::DMS::ReplicationSubnetGroup |
NA |
NA |
AWS::DMS::ReplicationInstance |
NA |
NA |
AWS::DMS::ReplicationTask |
NA |
NA |
AWS::DMS::Certificate |
NA |
NA |
AWS::DMS::Endpoint |
NA |
NA |
Amazon DataSync
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon DataSync |
AWS::DataSync::LocationSMB |
NA |
NA |
AWS::DataSync::LocationFSxLustre |
NA |
NA |
AWS::DataSync::LocationFSxWindows |
NA |
NA |
AWS::DataSync::LocationS3 |
NA |
NA |
AWS::DataSync::LocationEFS |
NA |
NA |
AWS::DataSync::LocationNFS |
NA |
NA |
AWS::DataSync::LocationHDFS |
NA |
NA |
AWS::DataSync::LocationObjectStorage |
NA |
NA |
AWS::DataSync::Task |
NA |
NA |
Amazon Device Farm
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Device Farm |
AWS::DeviceFarm::TestGridProject |
NA |
NA |
AWS::DeviceFarm::InstanceProfile |
NA |
NA |
AWS::DeviceFarm::Project |
NA |
NA |
Amazon Elastic Beanstalk
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Elastic Beanstalk |
AWS::ElasticBeanstalk::Application |
contains |
Elastic Beanstalk Application Version |
| Elastic Beanstalk Environment |
| is associated with |
IAM role |
AWS::ElasticBeanstalk::ApplicationVersion |
is contained in |
Elastic Beanstalk Application |
| is associated with |
Elastic Beanstalk Environment |
| S3 bucket |
AWS::ElasticBeanstalk::Environment |
is contained in |
Elastic Beanstalk Application |
| is associated with |
Elastic Beanstalk Application Version |
| IAM role |
| contains |
CloudFormation Stack |
Amazon Fault Injection Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Fault Injection Service |
AWS::FIS::ExperimentTemplate |
NA |
NA |
Amazon Global Accelerator
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Global Accelerator |
AWS::GlobalAccelerator::Listener |
NA |
NA |
AWS::GlobalAccelerator::EndpointGroup |
NA |
NA |
AWS::GlobalAccelerator::Accelerator |
NA |
NA |
Amazon Glue
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Glue |
AWS::Glue::Job |
NA |
NA |
AWS::Glue::Classifier |
NA |
NA |
AWS::Glue::MLTransform |
NA |
NA |
Amazon Ground Station
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Ground Station |
AWS::GroundStation::Config |
NA |
NA |
AWS::GroundStation::MissionProfile |
NA |
NA |
AWS::GroundStation::DataflowEndpointGroup |
NA |
NA |
Amazon HealthLake
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon HealthLake |
AWS::HealthLake::FHIRDatastore |
NA |
NA |
Amazon Identity and Access Management (IAM)
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Identity and Access Management |
AWS::IAM::User |
is attached to |
IAM group |
| IAM customer managed policy |
AWS::IAM::Group |
contains |
IAM user |
| is attached to |
IAM customer managed policy |
AWS::IAM::Role |
is attached to |
IAM customer managed policy |
AWS::IAM::Policy |
is attached to |
IAM user |
| IAM group |
| IAM role |
AWS::IAM::SAMLProvider |
NA |
NA |
AWS::IAM::ServerCertificate |
NA |
NA |
AWS::IAM::InstanceProfile |
NA |
NA |
AWS::IAM::OIDCProvider |
NA |
NA |
| Amazon Identity and Access Management Access Analyzer |
AWS::AccessAnalyzer::Analyzer |
NA |
NA |
Amazon Config includes inline policies with the configuration details that it records. For more
information on inline policies, see Managed policies
and inline policies in the IAM User Guide.
Amazon IoT
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon IoT |
AWS::IoT::Authorizer |
NA |
NA |
AWS::IoT::SecurityProfile |
NA |
NA |
AWS::IoT::RoleAlias |
NA |
NA |
AWS::IoT::Dimension |
NA |
NA |
AWS::IoT::Policy |
NA |
NA |
AWS::IoT::MitigationAction |
NA |
NA |
AWS::IoT::ScheduledAudit |
NA |
NA |
AWS::IoT::AccountAuditConfiguration |
NA |
NA |
AWS::IoTSiteWise::Gateway |
NA |
NA |
AWS::IoT::CustomMetric |
NA |
NA |
AWS::IoT::JobTemplate |
NA |
NA |
AWS::IoT::ProvisioningTemplate |
NA |
NA |
AWS::IoT::CACertificate |
NA |
NA |
| Amazon IoT Wireless |
AWS::IoTWireless::ServiceProfile |
NA |
NA |
AWS::IoTWireless::MulticastGroup |
NA |
NA |
AWS::IoTWireless::FuotaTask |
NA |
NA |
| Amazon IoT Core |
AWS::IoT::FleetMetric |
NA |
NA |
| Amazon IoT Analytics |
AWS::IoTAnalytics::Datastore |
NA |
NA |
AWS::IoTAnalytics::Dataset |
NA |
NA |
AWS::IoTAnalytics::Pipeline |
NA |
NA |
AWS::IoTAnalytics::Channel |
NA |
NA |
| Amazon IoT Events |
AWS::IoTEvents::Input |
NA |
NA |
AWS::IoTEvents::DetectorModel |
NA |
NA |
AWS::IoTEvents::AlarmModel |
NA |
NA |
| Amazon IoT TwinMaker |
AWS::IoTTwinMaker::Workspace |
NA |
NA |
AWS::IoTTwinMaker::Entity |
NA |
NA |
AWS::IoTTwinMaker::Scene |
NA |
NA |
AWS::IoTTwinMaker::SyncJob |
NA |
NA |
AWS::IoTTwinMaker::ComponentType |
NA |
NA |
| Amazon IoT SiteWise |
AWS::IoTSiteWise::Dashboard |
NA |
NA |
AWS::IoTSiteWise::Project |
NA |
NA |
AWS::IoTSiteWise::Portal |
NA |
NA |
AWS::IoTSiteWise::AssetModel |
NA |
NA |
| Amazon IoT Greengrass Version 2 |
AWS::GreengrassV2::ComponentVersion |
NA |
NA |
Amazon Key Management Service
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Key Management Service |
AWS::KMS::Key |
NA |
NA |
AWS::KMS::Alias |
NA |
NA |
Amazon Lambda
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Lambda |
AWS::Lambda::Function |
is associated with |
IAM role |
| EC2 security group |
| is contained in |
EC2 subnet |
AWS::Lambda::CodeSigningConfig |
NA |
NA |
Amazon Mainframe Modernization
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Mainframe Modernization |
AWS::M2::Environment |
NA |
NA |
Amazon Network Firewall
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Network Firewall |
AWS::NetworkFirewall::Firewall |
is attached to |
EC2 Subnet |
| is associated with |
NetworkFirewall FirewallPolicy |
AWS::NetworkFirewall::FirewallPolicy |
is associated with |
NetworkFirewall RuleGroup |
AWS::NetworkFirewall::RuleGroup |
NA |
NA |
AWS::NetworkFirewall::TLSInspectionConfiguration |
NA |
NA |
AWS::NetworkFirewall::VpcEndpointAssociation |
NA |
NA |
Amazon Network Manager
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Network Manager |
AWS::NetworkManager::TransitGatewayRegistration |
NA |
NA |
AWS::NetworkManager::Site |
NA |
NA |
AWS::NetworkManager::Device |
NA |
NA |
AWS::NetworkManager::Link |
NA |
NA |
AWS::NetworkManager::GlobalNetwork |
NA |
NA |
AWS::NetworkManager::CustomerGatewayAssociation |
NA |
NA |
AWS::NetworkManager::LinkAssociation |
NA |
NA |
AWS::NetworkManager::ConnectPeer |
NA |
NA |
Amazon Panorama
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Panorama |
AWS::Panorama::Package |
NA |
NA |
Amazon Private Certificate Authority
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Private Certificate Authority |
AWS::ACMPCA::CertificateAuthority |
NA |
NA |
AWS::ACMPCA::CertificateAuthorityActivation |
NA |
NA |
Amazon Resilience Hub
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Resilience Hub |
AWS::ResilienceHub::ResiliencyPolicy |
NA |
NA |
AWS::ResilienceHub::App |
NA |
NA |
Amazon Resource Explorer
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Resource Explorer |
AWS::ResourceExplorer2::Index |
NA |
NA |
Amazon RoboMaker
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon RoboMaker |
AWS::RoboMaker::RobotApplicationVersion |
NA |
NA |
AWS::RoboMaker::RobotApplication |
NA |
NA |
AWS::RoboMaker::SimulationApplication |
NA |
NA |
Amazon Signer
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Signer |
AWS::Signer::SigningProfile |
NA |
NA |
Amazon Secrets Manager
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Secrets Manager |
AWS::SecretsManager::Secret |
is associated with |
Lambda function |
| is associated with |
KMS Key |
Amazon Security Hub
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Security Hub |
AWS::SecurityHub::Standard |
NA |
NA |
Amazon Service Catalog
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Service Catalog |
AWS::ServiceCatalog::CloudFormationProduct |
is contained in |
Portfolio |
| is associated with |
CloudFormationProvisionedProduct |
AWS::ServiceCatalog::CloudFormationProvisionedProduct |
is associated with |
Portfolio |
| CloudFormationProduct |
| CloudFormationStack |
AWS::ServiceCatalog::Portfolio |
contains |
CloudFormationProduct |
Amazon Shield
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Shield |
AWS::Shield::Protection |
is associated with |
Amazon CloudFront distribution |
AWS::ShieldRegional::Protection |
is associated with |
EC2 EIP |
| is associated with |
ElasticLoadBalancing Balancer |
| is associated with |
ElasticLoadBalancingV2 LoadBalancer |
Amazon Step Functions
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Step Functions |
AWS::StepFunctions::Activity |
NA |
NA |
AWS::StepFunctions::StateMachine |
NA |
NA |
Amazon Systems Manager
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Systems Manager |
AWS::SSM::ManagedInstanceInventory* |
is associated with |
EC2 instance |
AWS::SSM::PatchCompliance |
is associated with |
Managed Instance Inventory |
AWS::SSM::AssociationCompliance |
is associated with |
Managed Instance Inventory |
AWS::SSM::FileData |
is associated with |
Managed Instance Inventory |
AWS::SSM::Document |
NA |
NA |
*To learn more about managed instance inventory, see Recording Software Configuration for Managed Instances.
Amazon Transfer Family
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon Transfer Family |
AWS::Transfer::Agreement |
NA |
NA |
AWS::Transfer::Connector |
NA |
NA |
AWS::Transfer::Workflow |
NA |
NA |
AWS::Transfer::Certificate |
NA |
NA |
AWS::Transfer::Profile |
NA |
NA |
Amazon WAF
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon WAF |
AWS::WAF::RateBasedRule |
NA |
NA |
AWS::WAF::Rule |
NA |
NA |
AWS::WAF::WebACL |
is associated with |
WAF Rule |
| WAF rate based rule |
| WAF Rulegroup |
AWS::WAF::RuleGroup |
is associated with |
WAF Rule |
AWS::WAFRegional::RateBasedRule |
NA |
NA |
AWS::WAFRegional::Rule |
NA |
NA |
AWS::WAFRegional::WebACL |
is associated with |
ElasticLoadBalancingV2 LoadBalancer |
| WAFRegional Rule |
| WAFRegional rate based rule |
| WAFRegional Rulegroup |
AWS::WAFRegional::RuleGroup |
is associated with |
WAFRegional Rule |
| Amazon WAF V2 |
AWS::WAFv2::WebACL |
is associated with |
ElasticLoadBalancingV2 LoadBalancer |
| ApiGateway Stage |
| WAFv2 IPSet |
| WAFv2 RegexPatternSet |
| WAFv2 RuleGroup |
| WAFv2 ManagedRuleSet |
AWS::WAFv2::RuleGroup |
is associated with |
WAFv2 IPSet |
| WAFv2 RegexPatternSet |
AWS::WAFv2::ManagedRuleSet |
is associated with |
WAFv2 RuleGroup |
AWS::WAFv2::IPSet |
NA |
NA |
AWS::WAFv2::RegexPatternSet |
NA |
NA |
Amazon X-Ray
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Amazon X-Ray |
AWS::XRay::EncryptionConfig |
NA |
NA |
Elastic Load Balancing
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| Elastic Load Balancing |
Application Load Balancer
AWS::ElasticLoadBalancingV2::LoadBalancer
|
is associated with |
EC2 security group |
| is attached to |
Subnet |
| is contained in |
Virtual private cloud (VPC) |
|
Application Load Balancer Listener
AWS::ElasticLoadBalancingV2::Listener
|
NA |
NA |
|
Classic Load Balancer
AWS::ElasticLoadBalancing::LoadBalancer
|
is associated with |
EC2 security group |
| is attached to |
Subnet |
| is contained in |
Virtual private cloud (VPC) |
|
Network Load Balancer
AWS::ElasticLoadBalancingV2::LoadBalancer
|
NA |
NA |
AWS Elemental MediaConnect
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| AWS Elemental MediaConnect |
AWS::MediaConnect::FlowEntitlement |
NA |
NA |
AWS::MediaConnect::FlowVpcInterface |
NA |
NA |
AWS::MediaConnect::FlowSource |
NA |
NA |
AWS::MediaConnect::Gateway |
NA |
NA |
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| AWS Elemental MediaPackage |
AWS::MediaPackage::PackagingGroup |
NA |
NA |
AWS::MediaPackage::PackagingConfiguration |
NA |
NA |
| Amazon Service |
Resource Type Value |
Relationship |
Related Resource |
| AWS Elemental MediaTailor |
AWS::MediaTailor::PlaybackConfiguration |
NA |
NA |