Service Coverage - AWS & AWS GovCloud¶
Note
For supported Azure services, see Service Coverage - Azure.
Tip
To interact with the API using query parameters, use the resource names as formatted below. When using request body parameters, add quotation marks around each resource name like this: "AWS.AutoScaling.AutoScalingGroup", "AWS.SNS.Topic", etc.
The following services and resources are supported in the latest version of Fugue.
(beta) denotes resources with beta support. To request access, contact support@fugue.co.
AWS Standard Regions: Supported Resource Types and Fugue-Recommended Resource Types
AWS GovCloud: Supported Resource Types and Fugue-Recommended Resource Types
For more information about resources and regions, see details here.
AWS Standard Regions¶
AWS Certificate Manager (ACM)¶
AWS.ACM.Certificate
ACM Private Certificate Authority (ACM PCA) – beta¶
AWS.ACMPCA.CertificateAuthority
API Gateway¶
AWS.ApiGateway.Authorizer
AWS.ApiGateway.ClientCertificate
AWS.ApiGateway.Deployment
AWS.ApiGateway.DomainName
AWS.ApiGateway.RequestValidator
AWS.ApiGateway.Resource
AWS.ApiGateway.RestApi
AWS.ApiGateway.Stage
AWS.ApiGateway.UsagePlan
AWS.ApiGateway.VpcLink
AutoScaling¶
AWS.AutoScaling.AutoScalingGroup
AWS.AutoScaling.LaunchConfiguration
AWS.AutoScaling.LaunchTemplate
AWS.AutoScaling.LifecycleHook
AWS.AutoScaling.Policy
AWS.AutoScaling.Schedule
CloudFront¶
AWS.CloudFront.Distribution
CloudTrail¶
AWS.CloudTrail.Trail
CloudWatch¶
AWS.CloudWatch.Dashboard
AWS.CloudWatch.MetricAlarm
AWS.CloudWatchEvents.Rule
AWS.CloudWatchEvents.Target
AWS.CloudWatchLogs.Destination
AWS.CloudWatchLogs.DestinationPolicy
AWS.CloudWatchLogs.LogGroup
AWS.CloudWatchLogs.MetricFilter
AWS.CloudWatchLogs.ResourcePolicy
AWS.CloudWatchLogs.SubscriptionFilter
Cognito¶
AWS.Cognito.IdentityProvider
AWS.Cognito.ResourceServer
AWS.Cognito.UserGroup
AWS.Cognito.UserPool
AWS.Cognito.UserPoolClient
AWS.Cognito.UserPoolDomain
Config¶
AWS.Config.AggregationAuthorization
AWS.Config.ConfigurationAggregator
AWS.Config.ConfigurationRecorder
AWS.Config.ConfigurationRecorderStatus
AWS.Config.DeliveryChannel
AWS.Config.Rule
Directory Service – beta¶
AWS.DirectoryService.ConditionalForwarder
AWS.DirectoryService.Directory
DynamoDB¶
AWS.DynamoDB.Table
EC2¶
AWS.EC2.CustomerGateway
AWS.EC2.DhcpOptions
AWS.EC2.DhcpOptionsAssociation
AWS.EC2.EgressOnlyInternetGateway
AWS.EC2.ElasticIP
AWS.EC2.FlowLog
AWS.EC2.Instance
AWS.EC2.InternetGateway
AWS.EC2.KeyPair
AWS.EC2.NATGateway
AWS.EC2.NetworkACL
AWS.EC2.NetworkInterface
AWS.EC2.PlacementGroup
AWS.EC2.RouteTable
AWS.EC2.RouteTableAssociation
AWS.EC2.SecurityGroup
AWS.EC2.SpotFleetRequest
AWS.EC2.Subnet
AWS.EC2.Volume
AWS.EC2.Vpc
AWS.EC2.VpcEndpoint
AWS.EC2.VpcEndpointConnectionNotification
AWS.EC2.VpcEndpointService
AWS.EC2.VpcIpv4CidrBlockAssociation
AWS.EC2.VpcPeeringConnection
AWS.EC2.VpnConnection
AWS.EC2.VpnConnectionRoute
AWS.EC2.VpnGateway
ECR¶
AWS.ECR.Repository
ECS¶
AWS.ECS.Cluster
AWS.ECS.Service
AWS.ECS.Task
AWS.ECS.TaskDefinition
EFS – beta¶
AWS.EFS.FileSystem
AWS.EFS.MountTarget
EKS¶
AWS.EKS.Cluster
ELB¶
AWS.ELB.BackendServerPolicy
AWS.ELB.ListenerPolicy
AWS.ELB.LoadBalancer
AWS.ELB.Policy
ELBv2¶
AWS.ELBv2.Listener
AWS.ELBv2.ListenerRule
AWS.ELBv2.LoadBalancer
AWS.ELBv2.TargetGroup
ElastiCache¶
Note
When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.
AWS.ElastiCache.Cluster
AWS.ElastiCache.ParameterGroup
AWS.ElastiCache.ReplicationGroup
Glacier – beta¶
AWS.Glacier.Vault
GuardDuty¶
AWS.GuardDuty.Detector
AWS.GuardDuty.Member
IAM¶
AWS.IAM.AccessKey
AWS.IAM.AccountPasswordPolicy
AWS.IAM.CredentialReport
AWS.IAM.Group
AWS.IAM.GroupMembership
AWS.IAM.GroupPolicy
AWS.IAM.GroupPolicyAttachment
AWS.IAM.InstanceProfile
AWS.IAM.OpenIDConnectProvider
AWS.IAM.Policy
AWS.IAM.Role
AWS.IAM.RolePolicy
AWS.IAM.RolePolicyAttachment
AWS.IAM.SAMLProvider
AWS.IAM.User
AWS.IAM.UserPolicy
AWS.IAM.UserPolicyAttachment
Inspector – beta¶
AWS.Inspector.AssessmentTarget
AWS.Inspector.AssessmentTemplate
KMS¶
AWS.KMS.Alias
AWS.KMS.Grant
AWS.KMS.Key
Kinesis – beta¶
AWS.Kinesis.Stream
AWS.KinesisFirehose.DeliveryStream
Lambda¶
AWS.Lambda.Alias
AWS.Lambda.EventSourceMapping
AWS.Lambda.Function
Macie¶
AWS.Macie.MemberAccountAssociation
AWS.Macie.S3BucketAssociation
MediaStore¶
AWS.MediaStore.Container
AWS.MediaStore.ContainerPolicy
Organizations – beta¶
AWS.Organizations.Organization
RDS¶
AWS.RDS.Cluster
AWS.RDS.ClusterParameterGroup
AWS.RDS.EventSubscription
AWS.RDS.Instance
AWS.RDS.OptionGroup
AWS.RDS.ParameterGroup
AWS.RDS.SubnetGroup
Redshift¶
AWS.Redshift.Cluster
AWS.Redshift.ParameterGroup
AWS.Redshift.SubnetGroup
Route 53¶
AWS.Route53.DelegationSet
AWS.Route53.HealthCheck
AWS.Route53.QueryLog
AWS.Route53.Record
AWS.Route53.Zone
AWS.Route53.ZoneAssociation
S3¶
AWS.S3.Bucket
AWS.S3.BucketInventory
AWS.S3.BucketMetric
AWS.S3.BucketNotification
AWS.S3.BucketPolicy
AWS.S3.BucketPublicAccessBlock
Step Functions (SFN)¶
AWS.SFN.StateMachine
SNS¶
AWS.SNS.Subscription
AWS.SNS.Topic
SQS¶
AWS.SQS.Queue
Systems Manager (SSM) – beta¶
AWS.SSM.Activation
AWS.SSM.Association
AWS.SSM.Document
AWS.SSM.MaintenanceWindow
AWS.SSM.MaintenanceWindowTarget
AWS.SSM.MaintenanceWindowTask
AWS.SSM.Parameter
AWS.SSM.PatchBaseline
AWS.SSM.PatchGroup
AWS.SSM.ResourceDataSync
Secrets Manager¶
AWS.SecretsManager.Secret
WAF¶
AWS.WAF.WebACL
Recommended Resource Types: AWS¶
In order to get the most out of Fugue, you can opt to scan a Fugue-recommended set of resource types. We’ve chosen these resources because of their high impact on security, and they include security groups, IAM roles, S3 buckets, and more.
AWS Certificate Manager (ACM)¶
AWS.ACM.Certificate
API Gateway¶
AWS.ApiGateway.Authorizer
AWS.ApiGateway.ClientCertificate
AWS.ApiGateway.Deployment
AWS.ApiGateway.DomainName
AWS.ApiGateway.RequestValidator
AWS.ApiGateway.Resource
AWS.ApiGateway.RestApi
AWS.ApiGateway.Stage
AWS.ApiGateway.UsagePlan
AWS.ApiGateway.VpcLink
AutoScaling¶
AWS.AutoScaling.AutoScalingGroup
AWS.AutoScaling.LaunchConfiguration
AWS.AutoScaling.LaunchTemplate
AWS.AutoScaling.LifecycleHook
AWS.AutoScaling.Policy
AWS.AutoScaling.Schedule
CloudFront¶
AWS.CloudFront.Distribution
CloudTrail¶
AWS.CloudTrail.Trail
CloudWatch¶
AWS.CloudWatch.Dashboard
AWS.CloudWatch.MetricAlarm
AWS.CloudWatchEvents.Rule
AWS.CloudWatchEvents.Target
AWS.CloudWatchLogs.Destination
AWS.CloudWatchLogs.DestinationPolicy
AWS.CloudWatchLogs.LogGroup
AWS.CloudWatchLogs.MetricFilter
AWS.CloudWatchLogs.ResourcePolicy
AWS.CloudWatchLogs.SubscriptionFilter
Cognito¶
AWS.Cognito.IdentityProvider
AWS.Cognito.ResourceServer
AWS.Cognito.UserGroup
AWS.Cognito.UserPool
AWS.Cognito.UserPoolClient
AWS.Cognito.UserPoolDomain
Config¶
AWS.Config.AggregationAuthorization
AWS.Config.ConfigurationAggregator
AWS.Config.ConfigurationRecorder
AWS.Config.ConfigurationRecorderStatus
AWS.Config.DeliveryChannel
AWS.Config.Rule
DynamoDB¶
AWS.DynamoDB.Table
EC2¶
AWS.EC2.CustomerGateway
AWS.EC2.DhcpOptions
AWS.EC2.DhcpOptionsAssociation
AWS.EC2.EgressOnlyInternetGateway
AWS.EC2.ElasticIP
AWS.EC2.FlowLog
AWS.EC2.Instance
AWS.EC2.InternetGateway
AWS.EC2.KeyPair
AWS.EC2.NATGateway
AWS.EC2.NetworkACL
AWS.EC2.PlacementGroup
AWS.EC2.RouteTable
AWS.EC2.RouteTableAssociation
AWS.EC2.SecurityGroup
AWS.EC2.SpotFleetRequest
AWS.EC2.Subnet
AWS.EC2.Volume
AWS.EC2.Vpc
AWS.EC2.VpcEndpoint
AWS.EC2.VpcEndpointConnectionNotification
AWS.EC2.VpcEndpointService
AWS.EC2.VpcIpv4CidrBlockAssociation
AWS.EC2.VpcPeeringConnection
AWS.EC2.VpnConnection
AWS.EC2.VpnConnectionRoute
AWS.EC2.VpnGateway
ECR¶
AWS.ECR.Repository
ECS¶
AWS.ECS.Cluster
AWS.ECS.Service
AWS.ECS.Task
AWS.ECS.TaskDefinition
EFS – beta¶
AWS.EFS.FileSystem
AWS.EFS.MountTarget
EKS¶
AWS.EKS.Cluster
ELB¶
AWS.ELB.BackendServerPolicy
AWS.ELB.ListenerPolicy
AWS.ELB.LoadBalancer
AWS.ELB.Policy
ELBv2¶
AWS.ELBv2.Listener
AWS.ELBv2.ListenerRule
AWS.ELBv2.LoadBalancer
AWS.ELBv2.TargetGroup
ElastiCache¶
Note
When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.
AWS.ElastiCache.Cluster
AWS.ElastiCache.ParameterGroup
AWS.ElastiCache.ReplicationGroup
Glacier – beta¶
AWS.Glacier.Vault
GuardDuty¶
AWS.GuardDuty.Detector
AWS.GuardDuty.Member
IAM¶
AWS.IAM.AccessKey
AWS.IAM.AccountPasswordPolicy
AWS.IAM.CredentialReport
AWS.IAM.Group
AWS.IAM.GroupMembership
AWS.IAM.GroupPolicy
AWS.IAM.GroupPolicyAttachment
AWS.IAM.InstanceProfile
AWS.IAM.OpenIDConnectProvider
AWS.IAM.Policy
AWS.IAM.Role
AWS.IAM.RolePolicy
AWS.IAM.RolePolicyAttachment
AWS.IAM.SAMLProvider
AWS.IAM.User
AWS.IAM.UserPolicy
AWS.IAM.UserPolicyAttachment
KMS¶
AWS.KMS.Alias
AWS.KMS.Grant
AWS.KMS.Key
Kinesis – beta¶
AWS.Kinesis.Stream
AWS.KinesisFirehose.DeliveryStream
Lambda¶
AWS.Lambda.Alias
AWS.Lambda.EventSourceMapping
AWS.Lambda.Function
Macie¶
AWS.Macie.MemberAccountAssociation
AWS.Macie.S3BucketAssociation
MediaStore¶
AWS.MediaStore.Container
AWS.MediaStore.ContainerPolicy
RDS¶
AWS.RDS.Cluster
AWS.RDS.ClusterParameterGroup
AWS.RDS.EventSubscription
AWS.RDS.Instance
AWS.RDS.OptionGroup
AWS.RDS.ParameterGroup
AWS.RDS.SubnetGroup
Redshift¶
AWS.Redshift.Cluster
AWS.Redshift.ParameterGroup
AWS.Redshift.SubnetGroup
S3¶
AWS.S3.Bucket
AWS.S3.BucketInventory
AWS.S3.BucketMetric
AWS.S3.BucketNotification
AWS.S3.BucketPolicy
AWS.S3.BucketPublicAccessBlock
Step Functions (SFN)¶
AWS.SFN.StateMachine
SNS¶
AWS.SNS.Subscription
AWS.SNS.Topic
SQS¶
AWS.SQS.Queue
Supported Services: AWS GovCloud¶
AWS Certificate Manager (ACM)¶
AWS.ACM.Certificate
ACM Private Certificate Authority (ACM PCA) – beta¶
AWS.ACMPCA.CertificateAuthority
API Gateway¶
AWS.ApiGateway.Authorizer
AWS.ApiGateway.ClientCertificate
AWS.ApiGateway.Deployment
AWS.ApiGateway.DomainName
AWS.ApiGateway.RequestValidator
AWS.ApiGateway.Resource
AWS.ApiGateway.RestApi
AWS.ApiGateway.Stage
AWS.ApiGateway.UsagePlan
AWS.ApiGateway.VpcLink
AutoScaling¶
AWS.AutoScaling.AutoScalingGroup
AWS.AutoScaling.LaunchConfiguration
AWS.AutoScaling.LaunchTemplate
AWS.AutoScaling.LifecycleHook
AWS.AutoScaling.Policy
AWS.AutoScaling.Schedule
CloudTrail¶
AWS.CloudTrail.Trail
CloudWatch¶
AWS.CloudWatch.Dashboard
AWS.CloudWatch.MetricAlarm
AWS.CloudWatchEvents.Rule
AWS.CloudWatchEvents.Target
AWS.CloudWatchLogs.Destination
AWS.CloudWatchLogs.DestinationPolicy
AWS.CloudWatchLogs.LogGroup
AWS.CloudWatchLogs.MetricFilter
AWS.CloudWatchLogs.ResourcePolicy
AWS.CloudWatchLogs.SubscriptionFilter
Config¶
AWS.Config.ConfigurationRecorder
AWS.Config.ConfigurationRecorderStatus
AWS.Config.DeliveryChannel
AWS.Config.Rule
Directory Service – beta¶
AWS.DirectoryService.ConditionalForwarder
AWS.DirectoryService.Directory
DynamoDB¶
AWS.DynamoDB.Table
EC2¶
AWS.EC2.CustomerGateway
AWS.EC2.DhcpOptions
AWS.EC2.DhcpOptionsAssociation
AWS.EC2.EgressOnlyInternetGateway
AWS.EC2.ElasticIP
AWS.EC2.FlowLog
AWS.EC2.Instance
AWS.EC2.InternetGateway
AWS.EC2.KeyPair
AWS.EC2.NATGateway
AWS.EC2.NetworkACL
AWS.EC2.NetworkInterface
AWS.EC2.PlacementGroup
AWS.EC2.RouteTable
AWS.EC2.RouteTableAssociation
AWS.EC2.SecurityGroup
AWS.EC2.Subnet
AWS.EC2.Volume
AWS.EC2.Vpc
AWS.EC2.VpcIpv4CidrBlockAssociation
AWS.EC2.VpcPeeringConnection
AWS.EC2.VpnConnection
AWS.EC2.VpnConnectionRoute
AWS.EC2.VpnGateway
ECR¶
AWS.ECR.Repository
ECS¶
AWS.ECS.Cluster
AWS.ECS.Service
AWS.ECS.Task
AWS.ECS.TaskDefinition
ELB¶
AWS.ELB.BackendServerPolicy
AWS.ELB.ListenerPolicy
AWS.ELB.LoadBalancer
AWS.ELB.Policy
ELBv2¶
AWS.ELBv2.Listener
AWS.ELBv2.ListenerRule
AWS.ELBv2.LoadBalancer
AWS.ELBv2.TargetGroup
ElastiCache¶
Note
When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.
AWS.ElastiCache.Cluster
AWS.ElastiCache.ParameterGroup
AWS.ElastiCache.ReplicationGroup
Glacier – beta¶
AWS.Glacier.Vault
IAM¶
AWS.IAM.AccessKey
AWS.IAM.AccountPasswordPolicy
AWS.IAM.CredentialReport
AWS.IAM.Group
AWS.IAM.GroupMembership
AWS.IAM.GroupPolicy
AWS.IAM.GroupPolicyAttachment
AWS.IAM.InstanceProfile
AWS.IAM.OpenIDConnectProvider
AWS.IAM.Policy
AWS.IAM.Role
AWS.IAM.RolePolicy
AWS.IAM.RolePolicyAttachment
AWS.IAM.SAMLProvider
AWS.IAM.User
AWS.IAM.UserPolicy
AWS.IAM.UserPolicyAttachment
Inspector – beta¶
AWS.Inspector.AssessmentTarget
AWS.Inspector.AssessmentTemplate
KMS¶
AWS.KMS.Alias
AWS.KMS.Grant
AWS.KMS.Key
Kinesis – beta¶
AWS.Kinesis.Stream
AWS.KinesisFirehose.DeliveryStream
Lambda¶
AWS.Lambda.Alias
AWS.Lambda.EventSourceMapping
AWS.Lambda.Function
Organizations – beta¶
AWS.Organizations.Organization
RDS¶
AWS.RDS.Cluster
AWS.RDS.ClusterParameterGroup
AWS.RDS.EventSubscription
AWS.RDS.Instance
AWS.RDS.OptionGroup
AWS.RDS.ParameterGroup
AWS.RDS.SubnetGroup
Redshift¶
AWS.Redshift.Cluster
AWS.Redshift.ParameterGroup
AWS.Redshift.SubnetGroup
S3¶
AWS.S3.Bucket
AWS.S3.BucketInventory
AWS.S3.BucketMetric
AWS.S3.BucketNotification
AWS.S3.BucketPolicy
AWS.S3.BucketPublicAccessBlock
Step Functions (SFN)¶
AWS.SFN.StateMachine
SNS¶
AWS.SNS.Subscription
AWS.SNS.Topic
SQS¶
AWS.SQS.Queue
Systems Manager (SSM) – beta¶
AWS.SSM.Activation
AWS.SSM.Association
AWS.SSM.Document
AWS.SSM.MaintenanceWindow
AWS.SSM.MaintenanceWindowTarget
AWS.SSM.MaintenanceWindowTask
AWS.SSM.Parameter
AWS.SSM.PatchBaseline
AWS.SSM.PatchGroup
AWS.SSM.ResourceDataSync
Recommended Resource Types: AWS GovCloud¶
In order to get the most out of Fugue, you can opt to scan a Fugue-recommended set of resource types. We’ve chosen these resources because of their high impact on security, and they include security groups, IAM roles, S3 buckets, and more.
AWS Certificate Manager (ACM)¶
AWS.ACM.Certificate
API Gateway¶
AWS.ApiGateway.Authorizer
AWS.ApiGateway.ClientCertificate
AWS.ApiGateway.Deployment
AWS.ApiGateway.DomainName
AWS.ApiGateway.RequestValidator
AWS.ApiGateway.Resource
AWS.ApiGateway.RestApi
AWS.ApiGateway.Stage
AWS.ApiGateway.UsagePlan
AWS.ApiGateway.VpcLink
AutoScaling¶
AWS.AutoScaling.AutoScalingGroup
AWS.AutoScaling.LaunchConfiguration
AWS.AutoScaling.LaunchTemplate
AWS.AutoScaling.LifecycleHook
AWS.AutoScaling.Policy
AWS.AutoScaling.Schedule
CloudTrail¶
AWS.CloudTrail.Trail
CloudWatch¶
AWS.CloudWatch.Dashboard
AWS.CloudWatch.MetricAlarm
AWS.CloudWatchEvents.Rule
AWS.CloudWatchEvents.Target
AWS.CloudWatchLogs.Destination
AWS.CloudWatchLogs.DestinationPolicy
AWS.CloudWatchLogs.LogGroup
AWS.CloudWatchLogs.MetricFilter
AWS.CloudWatchLogs.ResourcePolicy
AWS.CloudWatchLogs.SubscriptionFilter
Config¶
AWS.Config.ConfigurationRecorder
AWS.Config.ConfigurationRecorderStatus
AWS.Config.DeliveryChannel
AWS.Config.Rule
DynamoDB¶
AWS.DynamoDB.Table
EC2¶
AWS.EC2.CustomerGateway
AWS.EC2.DhcpOptions
AWS.EC2.DhcpOptionsAssociation
AWS.EC2.EgressOnlyInternetGateway
AWS.EC2.ElasticIP
AWS.EC2.FlowLog
AWS.EC2.Instance
AWS.EC2.InternetGateway
AWS.EC2.KeyPair
AWS.EC2.NATGateway
AWS.EC2.NetworkACL
AWS.EC2.PlacementGroup
AWS.EC2.RouteTable
AWS.EC2.RouteTableAssociation
AWS.EC2.SecurityGroup
AWS.EC2.Subnet
AWS.EC2.Volume
AWS.EC2.Vpc
AWS.EC2.VpcIpv4CidrBlockAssociation
AWS.EC2.VpcPeeringConnection
AWS.EC2.VpnConnection
AWS.EC2.VpnConnectionRoute
AWS.EC2.VpnGateway
ECR¶
AWS.ECR.Repository
ECS¶
AWS.ECS.Cluster
AWS.ECS.Service
AWS.ECS.Task
AWS.ECS.TaskDefinition
ELB¶
AWS.ELB.BackendServerPolicy
AWS.ELB.ListenerPolicy
AWS.ELB.LoadBalancer
AWS.ELB.Policy
ELBv2¶
AWS.ELBv2.Listener
AWS.ELBv2.ListenerRule
AWS.ELBv2.LoadBalancer
AWS.ELBv2.TargetGroup
ElastiCache¶
Note
When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.
AWS.ElastiCache.Cluster
AWS.ElastiCache.ParameterGroup
AWS.ElastiCache.ReplicationGroup
Glacier – beta¶
AWS.Glacier.Vault
IAM¶
AWS.IAM.AccessKey
AWS.IAM.AccountPasswordPolicy
AWS.IAM.CredentialReport
AWS.IAM.Group
AWS.IAM.GroupMembership
AWS.IAM.GroupPolicy
AWS.IAM.GroupPolicyAttachment
AWS.IAM.InstanceProfile
AWS.IAM.OpenIDConnectProvider
AWS.IAM.Policy
AWS.IAM.Role
AWS.IAM.RolePolicy
AWS.IAM.RolePolicyAttachment
AWS.IAM.SAMLProvider
AWS.IAM.User
AWS.IAM.UserPolicy
AWS.IAM.UserPolicyAttachment
KMS¶
AWS.KMS.Alias
AWS.KMS.Grant
AWS.KMS.Key
Kinesis – beta¶
AWS.Kinesis.Stream
AWS.KinesisFirehose.DeliveryStream
Lambda¶
AWS.Lambda.Alias
AWS.Lambda.EventSourceMapping
AWS.Lambda.Function
RDS¶
AWS.RDS.Cluster
AWS.RDS.ClusterParameterGroup
AWS.RDS.EventSubscription
AWS.RDS.Instance
AWS.RDS.OptionGroup
AWS.RDS.ParameterGroup
AWS.RDS.SubnetGroup
Redshift¶
AWS.Redshift.Cluster
AWS.Redshift.ParameterGroup
AWS.Redshift.SubnetGroup
S3¶
AWS.S3.Bucket
AWS.S3.BucketInventory
AWS.S3.BucketMetric
AWS.S3.BucketNotification
AWS.S3.BucketPolicy
AWS.S3.BucketPublicAccessBlock
Step Functions (SFN)¶
AWS.SFN.StateMachine
SNS¶
AWS.SNS.Subscription
AWS.SNS.Topic
SQS¶
AWS.SQS.Queue
Resources Not Included In Fugue-Recommended List¶
The following is the list of resources that are not included in the Fugue’s recommended list of resource types to scan.
ACM Private Certificate Authority (ACM PCA) – beta¶
AWS.ACMPCA.CertificateAuthority
Directory Service – beta¶
AWS.DirectoryService.ConditionalForwarder
AWS.DirectoryService.Directory
EC2¶
AWS.EC2.NetworkInterface
Inspector – beta¶
AWS.Inspector.AssessmentTarget
AWS.Inspector.AssessmentTemplate
Organizations – beta¶
AWS.Organizations.Organization
Route 53¶
AWS.Route53.DelegationSet
AWS.Route53.HealthCheck
AWS.Route53.QueryLog
AWS.Route53.Record
AWS.Route53.Zone
AWS.Route53.ZoneAssociation
Systems Manager (SSM) – beta¶
AWS.SSM.Activation
AWS.SSM.Association
AWS.SSM.Document
AWS.SSM.MaintenanceWindow
AWS.SSM.MaintenanceWindowTarget
AWS.SSM.MaintenanceWindowTask
AWS.SSM.Parameter
AWS.SSM.PatchBaseline
AWS.SSM.PatchGroup
AWS.SSM.ResourceDataSync
Secrets Manager¶
AWS.SecretsManager.Secret