更新防火墙和网关以允许访问 - Amazon 带有 Amazon Q 的工具包
Amazon Toolkit for Visual Studio 端点亚马逊 Q 插件终端节点Amazon Q 开发者终端节点亚马逊 Q Code 转换终端节点身份验证端点身份终端节点遥测参考信息
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

更新防火墙和网关以允许访问

如果您使用 Web 内容筛选解决方案筛选对特定 Amazon 域或 URL 终端节点的访问权限,则必须允许列出以下终端节点才能访问通过和 Amazon Toolkit for Visual Studio Amazon Q 提供的所有服务和功能。

Amazon Toolkit for Visual Studio 端点

以下是需要允许列出的 Amazon Toolkit for Visual Studio 特定端点和参考文献的列表。

了解如何查看、监控和管理 SageMaker 端点。


https://idetoolkits-hostedfiles.amazonaws.com/*
https://idetoolkits.amazonwebservices.com/*
http://vstoolkit.amazonwebservices.com/*
https://aws-vs-toolkit.s3.amazonaws.com/*
https://raw.githubusercontent.com/aws/aws-toolkit-visual-studio/main/version.json
https://aws-toolkit-language-servers.amazonaws.com/*

亚马逊 Q 插件终端节点

以下是需要允许列出的特定于 Amazon Q 插件的终端节点和参考的列表。


https://idetoolkits-hostedfiles.amazonaws.com/*    (Plugin for configs)
https://idetoolkits.amazonwebservices.com/*   (Plugin for endpoints)
https://aws-toolkit-language-servers.amazonaws.com/*  (Language Server Process)
https://client-telemetry.us-east-1.amazonaws.com/ (Telemetry)                
https://cognito-identity.us-east-1.amazonaws.com    (Telemetry)
https://aws-language-servers.us-east-1.amazonaws.com (Language Server Process)

Amazon Q 开发者终端节点

以下是需要允许列出的 Amazon Q Developer 特定终端节点和参考文献的列表。


https://codewhisperer.us-east-1.amazonaws.com (Inline,Chat, QSDA,...)
https://q.us-east-1.amazonaws.com (Inline,Chat, QSDA....)
https://desktop-release.codewhisperer.us-east-1.amazonaws.com/ (Download URL for CLI.)
https://specs.q.us-east-1.amazonaws.com (URL for auto-complete specs used by CLI)
* aws-language-servers.us-east-1.amazonaws.com (Local Workspace context)

亚马逊 Q Code 转换终端节点

以下是需要允许列出的 Amazon Q Code Transform 特定终端节点和参考文献的列表。


https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html

身份验证端点

以下是需要允许列出的身份验证端点和参考的列表。


[Directory ID or alias].awsapps.com 
* oidc.[Region].amazonaws.com
*.sso.[Region].amazonaws.com
*.sso-portal.[Region].amazonaws.com
*.aws.dev
*.awsstatic.com
*.console.aws.a2z.com
*.sso.amazonaws.com

身份终端节点

以下列表包含特定于身份的端点,例如 Amazon IAM Identity Center 和 Amazon 生成器 ID。

Amazon IAM Identity Center

有关 IAM 身份中心所需终端节点的详细信息,请参阅Amazon IAM Identity Center用户指南中的启用 IAM 身份中心主题。

企业 IAM 身份中心


https://[Center director id].awsapps.com/start (should be permitted to initiate auth)
https://us-east-1.signin.aws (for facilitating authentication, assuming IAM Identity Center is in IAD)
https://oidc.(us-east-1).amazonaws.com
https://log.sso-portal.eu-west-1.amazonaws.com
https://portal.sso.eu-west-1.amazonaws.com

Amazon 生成器 ID


https://view.awsapps.com/start (must be blocked to disable individual tier) 
https://codewhisperer.us-east-1.amazonaws.com and q.us-east-1.amazonaws.com (should be permitted)

遥测

以下是需要允许列出的遥测特定的端点。


https://client-telemetry.us-east-1.amazonaws.com

参考信息

以下是端点引用的列表。


idetoolkits-hostedfiles.amazonaws.com
cognito-identity.us-east-1.amazonaws.com
amazonwebservices.gallery.vsassets.io
eu-west-1.prod.pr.analytics.console.aws.a2z.com
prod.pa.cdn.uis.awsstatic.com
portal.sso.eu-west-1.amazonaws.com
log.sso-portal.eu-west-1.amazonaws.com
prod.assets.shortbread.aws.dev
prod.tools.shortbread.aws.dev
prod.log.shortbread.aws.dev
a.b.cdn.console.awsstatic.com
assets.sso-portal.eu-west-1.amazonaws.com
oidc.eu-west-1.amazonaws.com
aws-toolkit-language-servers.amazonaws.com
aws-language-servers.us-east-1.amazonaws.com
idetoolkits.amazonwebservices.com