Service Coverage - AWS & AWS GovCloud

Note

For supported Azure services, see Service Coverage - Azure & Azure Government. For Google, see Service Coverage - Google Cloud.

Tip

To interact with the API using query parameters, use the Fugue resource names as formatted below (the Terraform resource name is also acceptable). When using request body parameters, add quotation marks around each resource name like this: "AWS.AutoScaling.AutoScalingGroup", "AWS.SNS.Topic", etc.

The following services and resources are supported in the latest version of Fugue.

• (beta) denotes resources with beta support. To request access, contact support@fugue.co.

• (G) denotes resources supported in AWS GovCloud.

• (R) denotes resources included in the Fugue Recommended Resource Types list.

Each resource is listed with its Terraform type in parentheses for the purpose of writing custom rules.

For more information about resources and regions, see details here.

AWS Account Management (beta)

• AWS.Account.AlternateContact (aws_account_alternate_contact) (beta) (G) (R)

AWS Certificate Manager (ACM)

• AWS.ACM.Certificate (aws_acm_certificate) (G) (R)

ACM Private Certificate Authority (ACM PCA)

• AWS.ACMPCA.CertificateAuthority (aws_acmpca_certificate_authority) (G)

API Gateway

• AWS.ApiGateway.Authorizer (aws_api_gateway_authorizer) (G) (R)

• AWS.ApiGateway.ClientCertificate (aws_api_gateway_client_certificate) (G) (R)

• AWS.ApiGateway.Deployment (aws_api_gateway_deployment) (G) (R)

• AWS.ApiGateway.DomainName (aws_api_gateway_domain_name) (G) (R)

• AWS.ApiGateway.RequestValidator (aws_api_gateway_request_validator) (G) (R)

• AWS.ApiGateway.Resource (aws_api_gateway_resource) (G) (R)

• AWS.ApiGateway.RestApi (aws_api_gateway_rest_api) (G) (R)

• AWS.ApiGateway.Stage (aws_api_gateway_stage) (G) (R)

• AWS.ApiGateway.UsagePlan (aws_api_gateway_usage_plan) (G) (R)

• AWS.ApiGateway.VpcLink (aws_api_gateway_vpc_link) (G) (R)

API Gateway Version 2 (beta)

• AWS.ApiGatewayV2.Api (aws_apigatewayv2_api) (beta) (G) (R)

• AWS.ApiGatewayV2.ApiMapping (aws_apigatewayv2_api_mapping) (beta) (G) (R)

• AWS.ApiGatewayV2.Authorizer (aws_apigatewayv2_authorizer) (beta) (G) (R)

• AWS.ApiGatewayV2.Deployment (aws_apigatewayv2_deployment) (beta) (G) (R)

• AWS.ApiGatewayV2.DomainName (aws_apigatewayv2_domain_name) (beta) (G) (R)

• AWS.ApiGatewayV2.Integration (aws_apigatewayv2_integration) (beta) (G) (R)

• AWS.ApiGatewayV2.IntegrationResponse (aws_apigatewayv2_integration_response) (beta) (G) (R)

• AWS.ApiGatewayV2.Model (aws_apigatewayv2_model) (beta) (G) (R)

• AWS.ApiGatewayV2.Route (aws_apigatewayv2_route) (beta) (G) (R)

• AWS.ApiGatewayV2.RouteResponse (aws_apigatewayv2_route_response) (beta) (G) (R)

• AWS.ApiGatewayV2.Stage (aws_apigatewayv2_stage) (beta) (G) (R)

• AWS.ApiGatewayV2.VpcLink (aws_apigatewayv2_vpc_link) (beta) (G) (R)

Athena (beta)

• AWS.Athena.Workgroup (aws_athena_workgroup) (beta) (G) (R)

Auto Scaling

• AWS.AutoScaling.AutoScalingGroup (aws_autoscaling_group) (G) (R)

• AWS.AutoScaling.LaunchConfiguration (aws_launch_configuration) (G) (R)

• AWS.AutoScaling.LaunchTemplate (aws_launch_template) (G) (R)

• AWS.AutoScaling.LifecycleHook (aws_autoscaling_lifecycle_hook) (G) (R)

• AWS.AutoScaling.Policy (aws_autoscaling_policy) (G) (R)

• AWS.AutoScaling.Schedule (aws_autoscaling_schedule) (G) (R)

CloudFormation (beta)

• AWS.CloudFormation.Stack (aws_cloudformation_stack) (beta) (G) (R)

• AWS.CloudFormation.StackSet (aws_cloudformation_stack_set) (beta) (G) (R)

CloudFront

• AWS.CloudFront.Distribution (aws_cloudfront_distribution) (R)

CloudTrail

• AWS.CloudTrail.Trail (aws_cloudtrail) (G) (R)

CloudWatch

• AWS.CloudWatch.Dashboard (aws_cloudwatch_dashboard) (G) (R)

• AWS.CloudWatch.MetricAlarm (aws_cloudwatch_metric_alarm) (G) (R)

• AWS.CloudWatchEvents.Rule (aws_cloudwatch_event_rule) (G) (R)

• AWS.CloudWatchEvents.Target (aws_cloudwatch_event_target) (G) (R)

• AWS.CloudWatchLogs.Destination (aws_cloudwatch_log_destination) (G) (R)

• AWS.CloudWatchLogs.DestinationPolicy (aws_cloudwatch_log_destination_policy) (G) (R)

• AWS.CloudWatchLogs.LogGroup (aws_cloudwatch_log_group) (G) (R)

• AWS.CloudWatchLogs.MetricFilter (aws_cloudwatch_log_metric_filter) (G) (R)

• AWS.CloudWatchLogs.ResourcePolicy (aws_cloudwatch_log_resource_policy) (G) (R)

• AWS.CloudWatchLogs.SubscriptionFilter (aws_cloudwatch_log_subscription_filter) (G) (R)

Cognito

• AWS.Cognito.IdentityProvider (aws_cognito_identity_provider) (R)

• AWS.Cognito.ResourceServer (aws_cognito_resource_server) (R)

• AWS.Cognito.UserGroup (aws_cognito_user_group) (R)

• AWS.Cognito.UserPool (aws_cognito_user_pool) (R)

• AWS.Cognito.UserPoolClient (aws_cognito_user_pool_client) (R)

• AWS.Cognito.UserPoolDomain (aws_cognito_user_pool_domain) (R)

Config

• AWS.Config.AggregationAuthorization (aws_config_aggregate_authorization) (G) (R)

• AWS.Config.ConfigurationAggregator (aws_config_configuration_aggregator) (G) (R)

• AWS.Config.ConfigurationRecorder (aws_config_configuration_recorder) (G) (R)

• AWS.Config.ConfigurationRecorderStatus (aws_config_configuration_recorder_status) (G) (R)

• AWS.Config.DeliveryChannel (aws_config_delivery_channel) (G) (R)

• AWS.Config.Rule (aws_config_config_rule) (G) (R)

Directory Service

• AWS.DirectoryService.ConditionalForwarder (aws_directory_service_conditional_forwarder) (G)

• AWS.DirectoryService.Directory (aws_directory_service_directory) (G)

DocumentDB (beta)

• AWS.DocDB.Cluster (aws_docdb_cluster) (beta) (R)

• AWS.DocDB.ClusterInstance (aws_docdb_cluster_instance) (beta) (R)

• AWS.DocDB.ClusterSnapshot (aws_docdb_cluster_snapshot) (beta) (R)

DynamoDB

• AWS.DynamoDB.Table (aws_dynamodb_table) (G) (R)

EC2

Note

Fugue does not support the legacy EC2-Classic platform.

• AWS.EC2.CustomerGateway (aws_customer_gateway) (G) (R)

• AWS.EC2.DhcpOptions (aws_vpc_dhcp_options) (G) (R)

• AWS.EC2.DhcpOptionsAssociation (aws_vpc_dhcp_options_association) (G) (R)

• AWS.EC2.EgressOnlyInternetGateway (aws_egress_only_internet_gateway) (G) (R)

• AWS.EC2.ElasticIP (aws_eip) (G) (R)

• AWS.EC2.FlowLog (aws_flow_log) (G) (R)

• AWS.EC2.Image (aws_ami) (G) (R)

• AWS.EC2.Instance (aws_instance) (G) (R)

• AWS.EC2.InternetGateway (aws_internet_gateway) (G) (R)

• AWS.EC2.KeyPair (aws_key_pair) (G) (R)

• AWS.EC2.NATGateway (aws_nat_gateway) (G) (R)

• AWS.EC2.NetworkACL (aws_network_acl) (G) (R)

• AWS.EC2.NetworkInterface (aws_network_interface) (G)

• AWS.EC2.PlacementGroup (aws_placement_group) (G) (R)

• AWS.EC2.RouteTable (aws_route_table) (G) (R)

• AWS.EC2.RouteTableAssociation (aws_route_table_association) (G) (R)

• AWS.EC2.SecurityGroup (aws_security_group) (G) (R)

• AWS.EC2.Snapshot (aws_ebs_snapshot) (beta) (G) (R)

• AWS.EC2.SpotFleetRequest (aws_spot_fleet_request) (G) (R)

• AWS.EC2.Subnet (aws_subnet) (G) (R)

• AWS.EC2.Volume (aws_ebs_volume) (G) (R)

• AWS.EC2.Vpc (aws_vpc) (G) (R)

• AWS.EC2.VpcEndpoint (aws_vpc_endpoint) (G) (R)

• AWS.EC2.VpcEndpointConnectionNotification (aws_vpc_endpoint_connection_notification) (G) (R)

• AWS.EC2.VpcEndpointService (aws_vpc_endpoint_service) (G) (R)

• AWS.EC2.VpcIpv4CidrBlockAssociation (aws_vpc_ipv4_cidr_block_association) (G) (R)

• AWS.EC2.VpcPeeringConnection (aws_vpc_peering_connection) (G) (R)

• AWS.EC2.VpnConnection (aws_vpn_connection) (G) (R)

• AWS.EC2.VpnConnectionRoute (aws_vpn_connection_route) (G) (R)

• AWS.EC2.VpnGateway (aws_vpn_gateway) (G) (R)

ECR

• AWS.ECR.LifecyclePolicy (aws_ecr_lifecycle_policy) (beta) (G) (R)

• AWS.ECR.Repository (aws_ecr_repository) (G) (R)

• AWS.ECR.RepositoryPolicy (aws_ecr_repository_policy) (beta) (G) (R)

ECS

• AWS.ECS.Cluster (aws_ecs_cluster) (G) (R)

• AWS.ECS.Service (aws_ecs_service) (G) (R)

• AWS.ECS.Task (aws_ecs_task) (G) (R)

• AWS.ECS.TaskDefinition (aws_ecs_task_definition) (G) (R)

EFS

• AWS.EFS.FileSystem (aws_efs_file_system) (G) (R)

• AWS.EFS.MountTarget (aws_efs_mount_target) (G) (R)

EKS

• AWS.EKS.Cluster (aws_eks_cluster) (G) (R)

ELB (Elastic Load Balancing)

• AWS.ELB.BackendServerPolicy (aws_load_balancer_backend_server_policy) (G) (R)

• AWS.ELB.ListenerPolicy (aws_load_balancer_listener_policy) (G) (R)

• AWS.ELB.LoadBalancer (aws_elb) (G) (R)

• AWS.ELB.Policy (aws_load_balancer_policy) (G) (R)

ELBv2 (Elastic Load Balancing v2)

• AWS.ELBv2.Listener (aws_lb_listener) (G) (R)

• AWS.ELBv2.ListenerRule (aws_lb_listener_rule) (G) (R)

• AWS.ELBv2.LoadBalancer (aws_lb) (G) (R)

• AWS.ELBv2.TargetGroup (aws_lb_target_group) (G) (R)

ElastiCache

Note

When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.

• AWS.ElastiCache.Cluster (aws_elasticache_cluster) (G) (R)

• AWS.ElastiCache.ParameterGroup (aws_elasticache_parameter_group) (G) (R)

• AWS.ElastiCache.ReplicationGroup (aws_elasticache_replication_group) (G) (R)

Elasticsearch (beta)

• AWS.Elasticsearch.Domain (aws_elasticsearch_domain) (beta) (G) (R)

Glacier (S3 Glacier)

• AWS.Glacier.Vault (aws_glacier_vault) (G) (R)

Glue (beta)

• AWS.Glue.CatalogDatabase (aws_glue_catalog_database) (beta) (G) (R)

• AWS.Glue.CatalogTable (aws_glue_catalog_table) (beta) (G) (R)

• AWS.Glue.Connection (aws_glue_connection) (beta) (G) (R)

• AWS.Glue.Crawler (aws_glue_crawler) (beta) (G) (R)

• AWS.Glue.Job (aws_glue_job) (beta) (G) (R)

• AWS.Glue.SecurityConfiguration (aws_glue_security_configuration) (beta) (G) (R)

• AWS.Glue.Trigger (aws_glue_trigger) (beta) (G) (R)

• AWS.Glue.Workflow (aws_glue_workflow) (beta) (G) (R)

GuardDuty

• AWS.GuardDuty.Detector (aws_guardduty_detector) (G) (R)

• AWS.GuardDuty.Member (aws_guardduty_member) (G) (R)

IAM (Identity & Access Management)

• AWS.IAM.AccessKey (aws_iam_access_key) (G) (R)

• AWS.IAM.AccountPasswordPolicy (aws_iam_account_password_policy) (G) (R)

• AWS.IAM.CredentialReport (aws_iam_credential_report) (G) (R)

• AWS.IAM.Group (aws_iam_group) (G) (R)

• AWS.IAM.GroupMembership (aws_iam_group_membership) (G) (R)

• AWS.IAM.GroupPolicy (aws_iam_group_policy) (G) (R)

• AWS.IAM.GroupPolicyAttachment (aws_iam_group_policy_attachment) (G) (R)

• AWS.IAM.InstanceProfile (aws_iam_instance_profile) (G) (R)

• AWS.IAM.OpenIDConnectProvider (aws_iam_openid_connect_provider) (G) (R)

• AWS.IAM.Policy (aws_iam_policy) (G) (R)

• AWS.IAM.Role (aws_iam_role) (G) (R)

• AWS.IAM.RolePolicy (aws_iam_role_policy) (G) (R)

• AWS.IAM.RolePolicyAttachment (aws_iam_role_policy_attachment) (G) (R)

• AWS.IAM.SAMLProvider (aws_iam_saml_provider) (G) (R)

• AWS.IAM.ServerCertificate (aws_iam_server_certificate) (beta) (G) (R)

• AWS.IAM.User (aws_iam_user) (G) (R)

• AWS.IAM.UserPolicy (aws_iam_user_policy) (G) (R)

• AWS.IAM.UserPolicyAttachment (aws_iam_user_policy_attachment) (G) (R)

IAM Access Analyzer (beta)

• AWS.AccessAnalyzer.Analyzer (aws_accessanalyzer_analyzer) (beta) (G) (R)

Inspector

• AWS.Inspector.AssessmentTarget (aws_inspector_assessment_target) (G)

• AWS.Inspector.AssessmentTemplate (aws_inspector_assessment_template) (G)

KMS (Key Management Service)

• AWS.KMS.Alias (aws_kms_alias) (G) (R)

• AWS.KMS.Grant (aws_kms_grant) (G) (R)

• AWS.KMS.Key (aws_kms_key) (G) (R)

Kinesis

• AWS.Kinesis.Stream (aws_kinesis_stream) (G) (R)

• AWS.KinesisFirehose.DeliveryStream (aws_kinesis_firehose_delivery_stream) (G) (R)

Lambda

• AWS.Lambda.Alias (aws_lambda_alias) (G) (R)

• AWS.Lambda.EventSourceMapping (aws_lambda_event_source_mapping) (G) (R)

• AWS.Lambda.Function (aws_lambda_function) (G) (R)

• AWS.Lambda.Permission (aws_lambda_permission) (beta) (G) (R)

MediaStore (Elemental MediaStore)

• AWS.MediaStore.Container (aws_media_store_container) (R)

• AWS.MediaStore.ContainerPolicy (aws_media_store_container_policy) (R)

Neptune (beta)

• AWS.Neptune.Cluster (aws_neptune_cluster) (beta) (G) (R)

• AWS.Neptune.ClusterInstance (aws_neptune_cluster_instance) (beta) (G) (R)

• AWS.Neptune.ClusterSnapshot (aws_neptune_cluster_snapshot) (beta) (G) (R)

Organizations

• AWS.Organizations.Organization (aws_organizations_organization) (G)

• AWS.Organizations.Account (aws_organizations_account) (beta) (G) (R)

Resource Access Manager (RAM) (beta)

• AWS.RAM.PrincipalAssociation (aws_ram_principal_association) (beta) (G) (R)

• AWS.RAM.ResourceAssociation (aws_ram_resource_association) (beta) (G) (R)

• AWS.RAM.ResourceShare (aws_ram_resource_share) (beta) (G) (R)

RDS

• AWS.RDS.Cluster (aws_rds_cluster) (G) (R)

• AWS.RDS.ClusterInstance (aws_rds_cluster_instance) (beta) (G) (R)

• AWS.RDS.ClusterParameterGroup (aws_rds_cluster_parameter_group) (G) (R)

• AWS.RDS.EventSubscription (aws_db_event_subscription) (G) (R)

• AWS.RDS.Instance (aws_db_instance) (G) (R)

• AWS.RDS.OptionGroup (aws_db_option_group) (G) (R)

• AWS.RDS.ParameterGroup (aws_db_parameter_group) (G) (R)

• AWS.RDS.Snapshot (aws_db_snapshot) (beta) (G) (R)

• AWS.RDS.SubnetGroup (aws_db_subnet_group) (G) (R)

Redshift

• AWS.Redshift.Cluster (aws_redshift_cluster) (G) (R)

• AWS.Redshift.ParameterGroup (aws_redshift_parameter_group) (G) (R)

• AWS.Redshift.SubnetGroup (aws_redshift_subnet_group) (G) (R)

Route 53

• AWS.Route53.DelegationSet (aws_route53_delegation_set)

• AWS.Route53.HealthCheck (aws_route53_health_check)

• AWS.Route53.QueryLog (aws_route53_query_log)

• AWS.Route53.Record (aws_route53_record)

• AWS.Route53.Zone (aws_route53_zone)

• AWS.Route53.ZoneAssociation (aws_route53_zone_association)

S3

• AWS.S3.AccountPublicAccessBlock (aws_s3_account_public_access_block) (beta) (G) (R)

• AWS.S3.Bucket (aws_s3_bucket) (G) (R)

• AWS.S3.BucketInventory (aws_s3_bucket_inventory) (G) (R)

• AWS.S3.BucketMetric (aws_s3_bucket_metric) (G) (R)

• AWS.S3.BucketNotification (aws_s3_bucket_notification) (G) (R)

• AWS.S3.BucketPolicy (aws_s3_bucket_policy) (G) (R)

• AWS.S3.BucketPublicAccessBlock (aws_s3_bucket_public_access_block) (G) (R)

SageMaker (beta)

• AWS.Sagemaker.Endpoint (aws_sagemaker_endpoint) (beta) (R)

• AWS.Sagemaker.EndpointConfiguration (aws_sagemaker_endpoint_configuration) (beta) (R)

• AWS.Sagemaker.Model (aws_sagemaker_model) (beta) (R)

• AWS.Sagemaker.NotebookInstance (aws_sagemaker_notebook_instance) (beta) (R)

• AWS.Sagemaker.NotebookInstanceLifecycleConfiguration (aws_sagemaker_notebook_instance_lifecycle_configuration) (beta) (R)

Step Functions (SFN)

• AWS.SFN.StateMachine (aws_sfn_state_machine) (G) (R)

SNS

• AWS.SNS.Subscription (aws_sns_topic_subscription) (G) (R)

• AWS.SNS.Topic (aws_sns_topic) (G) (R)

SQS

• AWS.SQS.Queue (aws_sqs_queue) (G) (R)

Systems Manager (SSM)

• AWS.SSM.Activation (aws_ssm_activation) (G)

• AWS.SSM.Association (aws_ssm_association) (G)

• AWS.SSM.Document (aws_ssm_document) (G)

• AWS.SSM.MaintenanceWindow (aws_ssm_maintenance_window) (G)

• AWS.SSM.MaintenanceWindowTarget (aws_ssm_maintenance_window_target) (G)

• AWS.SSM.MaintenanceWindowTask (aws_ssm_maintenance_window_task) (G)

• AWS.SSM.Parameter (aws_ssm_parameter) (G)

• AWS.SSM.PatchBaseline (aws_ssm_patch_baseline) (G)

• AWS.SSM.PatchGroup (aws_ssm_patch_group) (G)

• AWS.SSM.ResourceDataSync (aws_ssm_resource_data_sync) (G)

Secrets Manager

• AWS.SecretsManager.Secret (aws_secretsmanager_secret) (G)

WAF

• AWS.WAF.ByteMatchSet (aws_waf_byte_match_set) (R)

• AWS.WAF.GeoMatchSet (aws_waf_geo_match_set) (R)

• AWS.WAF.RateBasedRule (aws_waf_rate_based_rule) (R)

• AWS.WAF.RegexMatchSet (aws_waf_regex_match_set) (R)

• AWS.WAF.RegexPatternSet (aws_waf_regex_pattern_set) (R)

• AWS.WAF.Rule (aws_waf_rule) (R)

• AWS.WAF.RuleGroup (aws_waf_rule_group) (R)

• AWS.WAF.SQLInjectionMatchSet (aws_waf_sql_injection_match_set) (R)

• AWS.WAF.SizeConstraintSet (aws_waf_size_constraint_set) (R)

• AWS.WAF.WebACL (aws_waf_web_acl) (R)

• AWS.WAF.XSSMatchSet (aws_waf_xss_match_set) (R)

WAFRegional

• AWS.WAFRegional.ByteMatchSet (aws_wafregional_byte_match_set) (G) (R)

• AWS.WAFRegional.GeoMatchSet (aws_wafregional_geo_match_set) (G) (R)

• AWS.WAFRegional.RateBasedRule (aws_wafregional_rate_based_rule) (G) (R)

• AWS.WAFRegional.RegexMatchSet (aws_wafregional_regex_match_set) (G) (R)

• AWS.WAFRegional.RegexPatternSet (aws_wafregional_regex_pattern_set) (G) (R)

• AWS.WAFRegional.Rule (aws_wafregional_rule) (G) (R)

• AWS.WAFRegional.RuleGroup (aws_wafregional_rule_group) (G) (R)

• AWS.WAFRegional.SQLInjectionMatchSet (aws_wafregional_sql_injection_match_set) (G) (R)

• AWS.WAFRegional.SizeConstraintSet (aws_wafregional_size_constraint_set) (G) (R)

• AWS.WAFRegional.WebACL (aws_wafregional_web_acl) (G) (R)

• AWS.WAFRegional.XSSMatchSet (aws_wafregional_xss_match_set) (G) (R)

WAFv2

• AWS.WAFv2.LoggingConfiguration (aws_wafv2_logging_configuration) (G) (R)

• AWS.WAFv2.RegexPatternSet (aws_wafv2_regex_pattern_set) (G) (R)

• AWS.WAFv2.RuleGroup (aws_wafv2_rule_group) (G) (R)

• AWS.WAFv2.WebACL (aws_wafv2_web_acl) (G) (R)

• AWS.WAFv2.WebACLAssociation (aws_wafv2_web_acl_association) (G) (R)

WorkSpaces (beta)

• AWS.Workspaces.Directory (aws_workspaces_directory) (beta) (R)

• AWS.Workspaces.IPGroup (aws_workspaces_ip_group) (beta) (R)

• AWS.Workspaces.Workspace (aws_workspaces_workspace) (beta) (R)