本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 更新防火墙和网关以允许访问
如果您使用 Web 内容筛选解决方案筛选对特定 Amazon 域或 URL 终端节点的访问,则必须允许列出以下终端节点才能访问通过和 Amazon Q 提供的所有服务和功能。有关如何使用 Amazon Toolkit for Visual Studio Amazon Q 对 Toolkit 的防火墙和代理设置进行故障排除的详细步骤,请参阅本用户指南*故障排除*主题中的[防火墙和代理设置](https://docs.amazonaws.cn//toolkit-for-visual-studio/latest/user-guide/general-troubleshoot.html#general-troubleshoot-firewall)部分。 Amazon 有关为 Amazon Q 配置公司代理的详细信息,请参阅《Amazon Q 开发者版用户指南》中的**[在 Amazon Q 中配置公司代理](https://docs.amazonaws.cn//amazonq/latest/qdeveloper-ug/firewall.html#corp-proxy)主题。
## Amazon Toolkit for Visual Studio 端点
以下是需要允许列出的 Amazon Toolkit for Visual Studio 特定端点和参考文献的列表。
### 端点
```
https://idetoolkits-hostedfiles.amazonaws.com/*
https://idetoolkits.amazonwebservices.com/*
http://vstoolkit.amazonwebservices.com/*
https://aws-vs-toolkit.s3.amazonaws.com/*
https://raw.githubusercontent.com/aws/aws-toolkit-visual-studio/main/version.json
https://aws-toolkit-language-servers.amazonaws.com/*
```
## Amazon Q 插件端点
以下是需要纳入允许列表的特定于 Amazon Q 插件的端点和引用的列表。
```
https://idetoolkits-hostedfiles.amazonaws.com/* (Plugin for configs)
https://idetoolkits.amazonwebservices.com/* (Plugin for endpoints)
https://aws-toolkit-language-servers.amazonaws.com/* (Language Server Process)
https://client-telemetry.us-east-1.amazonaws.com/ (Telemetry)
https://cognito-identity.us-east-1.amazonaws.com (Telemetry)
https://aws-language-servers.us-east-1.amazonaws.com (Language Server Process)
```
## Amazon Q 开发者版端点
以下是需要纳入允许列表的特定于 Amazon Q 开发者版的端点和引用的列表。
```
https://codewhisperer.us-east-1.amazonaws.com (Inline,Chat, QSDA,...)
https://q.us-east-1.amazonaws.com (Inline,Chat, QSDA....)
https://desktop-release.codewhisperer.us-east-1.amazonaws.com/ (Download URL for CLI.)
https://specs.q.us-east-1.amazonaws.com (URL for auto-complete specs used by CLI)
* aws-language-servers.us-east-1.amazonaws.com (Local Workspace context)
```
## Amazon Q 代码转换端点
以下是需要纳入允许列表的特定于 Amazon Q 代码转换的端点和引用的列表。
```
https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html
```
## 身份验证端点
以下是需要纳入允许列表的身份验证端点和引用的列表。
```
[Directory ID or alias].awsapps.com
* oidc.[Region].amazonaws.com
*.sso.[Region].amazonaws.com
*.sso-portal.[Region].amazonaws.com
*.aws.dev
*.awsstatic.com
*.console.aws.a2z.com
*.sso.amazonaws.com
```
## 身份端点
以下列表包含特定于身份的端点,例如 Amazon IAM Identity Center 和 Amazon 生成器 ID。
### Amazon IAM Identity Center
有关 IAM Identity Center 所需端点的详细信息,请参阅《Amazon IAM Identity Center用户指南》**中的[启用 IAM Identity Center](https://docs.amazonaws.cn/singlesignon/latest/userguide/enable-identity-center.html) 主题。
### 企业 IAM Identity Center
```
https://[Center director id].awsapps.com/start (should be permitted to initiate auth)
https://us-east-1.signin.aws (for facilitating authentication, assuming IAM Identity Center is in IAD)
https://oidc.(us-east-1).amazonaws.com
https://log.sso-portal.eu-west-1.amazonaws.com
https://portal.sso.eu-west-1.amazonaws.com
```
### Amazon 生成器 ID
```
https://view.awsapps.com/start (must be blocked to disable individual tier)
https://codewhisperer.us-east-1.amazonaws.com and q.us-east-1.amazonaws.com (should be permitted)
```
## 遥测
以下是需要纳入允许列表的特定于遥测的端点。
```
https://telemetry.aws-language-servers.us-east-1.amazonaws.com/
https://client-telemetry.us-east-1.amazonaws.com
```
## 引用
以下是端点引用的列表。
```
idetoolkits-hostedfiles.amazonaws.com
cognito-identity.us-east-1.amazonaws.com
amazonwebservices.gallery.vsassets.io
eu-west-1.prod.pr.analytics.console.aws.a2z.com
prod.pa.cdn.uis.awsstatic.com
portal.sso.eu-west-1.amazonaws.com
log.sso-portal.eu-west-1.amazonaws.com
prod.assets.shortbread.aws.dev
prod.tools.shortbread.aws.dev
prod.log.shortbread.aws.dev
a.b.cdn.console.awsstatic.com
assets.sso-portal.eu-west-1.amazonaws.com
oidc.eu-west-1.amazonaws.com
aws-toolkit-language-servers.amazonaws.com
aws-language-servers.us-east-1.amazonaws.com
idetoolkits.amazonwebservices.com
```