Service Coverage - AWS & AWS GovCloud

Note

For supported Azure services, see Service Coverage - Azure.

Tip

To interact with the API using query parameters, use the resource names as formatted below. When using request body parameters, add quotation marks around each resource name like this: "AWS.AutoScaling.AutoScalingGroup", "AWS.SNS.Topic", etc.

The following services and resources are supported in the latest version of Fugue.

(beta) denotes resources with beta support. To request access, contact support@fugue.co.

For more information about resources and regions, see details here.

AWS Standard Regions

AWS Certificate Manager (ACM)

  • AWS.ACM.Certificate

ACM Private Certificate Authority (ACM PCA)

  • AWS.ACMPCA.CertificateAuthority

API Gateway

  • AWS.ApiGateway.Authorizer

  • AWS.ApiGateway.ClientCertificate

  • AWS.ApiGateway.Deployment

  • AWS.ApiGateway.DomainName

  • AWS.ApiGateway.RequestValidator

  • AWS.ApiGateway.Resource

  • AWS.ApiGateway.RestApi

  • AWS.ApiGateway.Stage

  • AWS.ApiGateway.UsagePlan

  • AWS.ApiGateway.VpcLink

AutoScaling

  • AWS.AutoScaling.AutoScalingGroup

  • AWS.AutoScaling.LaunchConfiguration

  • AWS.AutoScaling.LaunchTemplate

  • AWS.AutoScaling.LifecycleHook

  • AWS.AutoScaling.Policy

  • AWS.AutoScaling.Schedule

CloudFront

  • AWS.CloudFront.Distribution

CloudTrail

  • AWS.CloudTrail.Trail

CloudWatch

  • AWS.CloudWatch.Dashboard

  • AWS.CloudWatch.MetricAlarm

  • AWS.CloudWatchEvents.Rule

  • AWS.CloudWatchEvents.Target

  • AWS.CloudWatchLogs.Destination

  • AWS.CloudWatchLogs.DestinationPolicy

  • AWS.CloudWatchLogs.LogGroup

  • AWS.CloudWatchLogs.MetricFilter

  • AWS.CloudWatchLogs.ResourcePolicy

  • AWS.CloudWatchLogs.SubscriptionFilter

Cognito

  • AWS.Cognito.IdentityProvider

  • AWS.Cognito.ResourceServer

  • AWS.Cognito.UserGroup

  • AWS.Cognito.UserPool

  • AWS.Cognito.UserPoolClient

  • AWS.Cognito.UserPoolDomain

Config

  • AWS.Config.AggregationAuthorization

  • AWS.Config.ConfigurationAggregator

  • AWS.Config.ConfigurationRecorder

  • AWS.Config.ConfigurationRecorderStatus

  • AWS.Config.DeliveryChannel

  • AWS.Config.Rule

Directory Service

  • AWS.DirectoryService.ConditionalForwarder

  • AWS.DirectoryService.Directory

DynamoDB

  • AWS.DynamoDB.Table

EC2

Note

Fugue does not support the legacy EC2-Classic platform.

  • AWS.EC2.CustomerGateway

  • AWS.EC2.DhcpOptions

  • AWS.EC2.DhcpOptionsAssociation

  • AWS.EC2.EgressOnlyInternetGateway

  • AWS.EC2.ElasticIP

  • AWS.EC2.FlowLog

  • AWS.EC2.Instance

  • AWS.EC2.InternetGateway

  • AWS.EC2.KeyPair

  • AWS.EC2.NATGateway

  • AWS.EC2.NetworkACL

  • AWS.EC2.NetworkInterface

  • AWS.EC2.PlacementGroup

  • AWS.EC2.RouteTable

  • AWS.EC2.RouteTableAssociation

  • AWS.EC2.SecurityGroup

  • AWS.EC2.SpotFleetRequest

  • AWS.EC2.Subnet

  • AWS.EC2.Volume

  • AWS.EC2.Vpc

  • AWS.EC2.VpcEndpoint

  • AWS.EC2.VpcEndpointConnectionNotification

  • AWS.EC2.VpcEndpointService

  • AWS.EC2.VpcIpv4CidrBlockAssociation

  • AWS.EC2.VpcPeeringConnection

  • AWS.EC2.VpnConnection

  • AWS.EC2.VpnConnectionRoute

  • AWS.EC2.VpnGateway

ECR

  • AWS.ECR.Repository

ECS

  • AWS.ECS.Cluster

  • AWS.ECS.Service

  • AWS.ECS.Task

  • AWS.ECS.TaskDefinition

EFS

  • AWS.EFS.FileSystem

  • AWS.EFS.MountTarget

EKS

  • AWS.EKS.Cluster

ELB

  • AWS.ELB.BackendServerPolicy

  • AWS.ELB.ListenerPolicy

  • AWS.ELB.LoadBalancer

  • AWS.ELB.Policy

ELBv2

  • AWS.ELBv2.Listener

  • AWS.ELBv2.ListenerRule

  • AWS.ELBv2.LoadBalancer

  • AWS.ELBv2.TargetGroup

ElastiCache

Note

When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.

  • AWS.ElastiCache.Cluster

  • AWS.ElastiCache.ParameterGroup

  • AWS.ElastiCache.ReplicationGroup

Glacier

  • AWS.Glacier.Vault

GuardDuty

  • AWS.GuardDuty.Detector

  • AWS.GuardDuty.Member

IAM

  • AWS.IAM.AccessKey

  • AWS.IAM.AccountPasswordPolicy

  • AWS.IAM.CredentialReport

  • AWS.IAM.Group

  • AWS.IAM.GroupMembership

  • AWS.IAM.GroupPolicy

  • AWS.IAM.GroupPolicyAttachment

  • AWS.IAM.InstanceProfile

  • AWS.IAM.OpenIDConnectProvider

  • AWS.IAM.Policy

  • AWS.IAM.Role

  • AWS.IAM.RolePolicy

  • AWS.IAM.RolePolicyAttachment

  • AWS.IAM.SAMLProvider

  • AWS.IAM.User

  • AWS.IAM.UserPolicy

  • AWS.IAM.UserPolicyAttachment

Inspector

  • AWS.Inspector.AssessmentTarget

  • AWS.Inspector.AssessmentTemplate

KMS

  • AWS.KMS.Alias

  • AWS.KMS.Grant

  • AWS.KMS.Key

Kinesis

  • AWS.Kinesis.Stream

  • AWS.KinesisFirehose.DeliveryStream

Lambda

  • AWS.Lambda.Alias

  • AWS.Lambda.EventSourceMapping

  • AWS.Lambda.Function

Macie

  • AWS.Macie.MemberAccountAssociation

  • AWS.Macie.S3BucketAssociation

MediaStore

  • AWS.MediaStore.Container

  • AWS.MediaStore.ContainerPolicy

Organizations

  • AWS.Organizations.Organization

RDS

  • AWS.RDS.Cluster

  • AWS.RDS.ClusterParameterGroup

  • AWS.RDS.EventSubscription

  • AWS.RDS.Instance

  • AWS.RDS.OptionGroup

  • AWS.RDS.ParameterGroup

  • AWS.RDS.SubnetGroup

Redshift

  • AWS.Redshift.Cluster

  • AWS.Redshift.ParameterGroup

  • AWS.Redshift.SubnetGroup

Route 53

  • AWS.Route53.DelegationSet

  • AWS.Route53.HealthCheck

  • AWS.Route53.QueryLog

  • AWS.Route53.Record

  • AWS.Route53.Zone

  • AWS.Route53.ZoneAssociation

S3

  • AWS.S3.Bucket

  • AWS.S3.BucketInventory

  • AWS.S3.BucketMetric

  • AWS.S3.BucketNotification

  • AWS.S3.BucketPolicy

  • AWS.S3.BucketPublicAccessBlock

Step Functions (SFN)

  • AWS.SFN.StateMachine

SNS

  • AWS.SNS.Subscription

  • AWS.SNS.Topic

SQS

  • AWS.SQS.Queue

Systems Manager (SSM)

  • AWS.SSM.Activation

  • AWS.SSM.Association

  • AWS.SSM.Document

  • AWS.SSM.MaintenanceWindow

  • AWS.SSM.MaintenanceWindowTarget

  • AWS.SSM.MaintenanceWindowTask

  • AWS.SSM.Parameter

  • AWS.SSM.PatchBaseline

  • AWS.SSM.PatchGroup

  • AWS.SSM.ResourceDataSync

Secrets Manager

  • AWS.SecretsManager.Secret

WAF

  • AWS.WAF.WebACL

Supported Services: AWS GovCloud

AWS Certificate Manager (ACM)

  • AWS.ACM.Certificate

ACM Private Certificate Authority (ACM PCA)

  • AWS.ACMPCA.CertificateAuthority

API Gateway

  • AWS.ApiGateway.Authorizer

  • AWS.ApiGateway.ClientCertificate

  • AWS.ApiGateway.Deployment

  • AWS.ApiGateway.DomainName

  • AWS.ApiGateway.RequestValidator

  • AWS.ApiGateway.Resource

  • AWS.ApiGateway.RestApi

  • AWS.ApiGateway.Stage

  • AWS.ApiGateway.UsagePlan

  • AWS.ApiGateway.VpcLink

AutoScaling

  • AWS.AutoScaling.AutoScalingGroup

  • AWS.AutoScaling.LaunchConfiguration

  • AWS.AutoScaling.LaunchTemplate

  • AWS.AutoScaling.LifecycleHook

  • AWS.AutoScaling.Policy

  • AWS.AutoScaling.Schedule

CloudTrail

  • AWS.CloudTrail.Trail

CloudWatch

  • AWS.CloudWatch.Dashboard

  • AWS.CloudWatch.MetricAlarm

  • AWS.CloudWatchEvents.Rule

  • AWS.CloudWatchEvents.Target

  • AWS.CloudWatchLogs.Destination

  • AWS.CloudWatchLogs.DestinationPolicy

  • AWS.CloudWatchLogs.LogGroup

  • AWS.CloudWatchLogs.MetricFilter

  • AWS.CloudWatchLogs.ResourcePolicy

  • AWS.CloudWatchLogs.SubscriptionFilter

Config

  • AWS.Config.ConfigurationRecorder

  • AWS.Config.ConfigurationRecorderStatus

  • AWS.Config.DeliveryChannel

  • AWS.Config.Rule

Directory Service

  • AWS.DirectoryService.ConditionalForwarder

  • AWS.DirectoryService.Directory

DynamoDB

  • AWS.DynamoDB.Table

EC2

Note

Fugue does not support the legacy EC2-Classic platform.

  • AWS.EC2.CustomerGateway

  • AWS.EC2.DhcpOptions

  • AWS.EC2.DhcpOptionsAssociation

  • AWS.EC2.EgressOnlyInternetGateway

  • AWS.EC2.ElasticIP

  • AWS.EC2.FlowLog

  • AWS.EC2.Instance

  • AWS.EC2.InternetGateway

  • AWS.EC2.KeyPair

  • AWS.EC2.NATGateway

  • AWS.EC2.NetworkACL

  • AWS.EC2.NetworkInterface

  • AWS.EC2.PlacementGroup

  • AWS.EC2.RouteTable

  • AWS.EC2.RouteTableAssociation

  • AWS.EC2.SecurityGroup

  • AWS.EC2.Subnet

  • AWS.EC2.Volume

  • AWS.EC2.Vpc

  • AWS.EC2.VpcIpv4CidrBlockAssociation

  • AWS.EC2.VpcPeeringConnection

  • AWS.EC2.VpnConnection

  • AWS.EC2.VpnConnectionRoute

  • AWS.EC2.VpnGateway

ECR

  • AWS.ECR.Repository

ECS

  • AWS.ECS.Cluster

  • AWS.ECS.Service

  • AWS.ECS.Task

  • AWS.ECS.TaskDefinition

ELB

  • AWS.ELB.BackendServerPolicy

  • AWS.ELB.ListenerPolicy

  • AWS.ELB.LoadBalancer

  • AWS.ELB.Policy

ELBv2

  • AWS.ELBv2.Listener

  • AWS.ELBv2.ListenerRule

  • AWS.ELBv2.LoadBalancer

  • AWS.ELBv2.TargetGroup

ElastiCache

Note

When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.

  • AWS.ElastiCache.Cluster

  • AWS.ElastiCache.ParameterGroup

  • AWS.ElastiCache.ReplicationGroup

Glacier

  • AWS.Glacier.Vault

IAM

  • AWS.IAM.AccessKey

  • AWS.IAM.AccountPasswordPolicy

  • AWS.IAM.CredentialReport

  • AWS.IAM.Group

  • AWS.IAM.GroupMembership

  • AWS.IAM.GroupPolicy

  • AWS.IAM.GroupPolicyAttachment

  • AWS.IAM.InstanceProfile

  • AWS.IAM.OpenIDConnectProvider

  • AWS.IAM.Policy

  • AWS.IAM.Role

  • AWS.IAM.RolePolicy

  • AWS.IAM.RolePolicyAttachment

  • AWS.IAM.SAMLProvider

  • AWS.IAM.User

  • AWS.IAM.UserPolicy

  • AWS.IAM.UserPolicyAttachment

Inspector

  • AWS.Inspector.AssessmentTarget

  • AWS.Inspector.AssessmentTemplate

KMS

  • AWS.KMS.Alias

  • AWS.KMS.Grant

  • AWS.KMS.Key

Kinesis

  • AWS.Kinesis.Stream

  • AWS.KinesisFirehose.DeliveryStream

Lambda

  • AWS.Lambda.Alias

  • AWS.Lambda.EventSourceMapping

  • AWS.Lambda.Function

Organizations

  • AWS.Organizations.Organization

RDS

  • AWS.RDS.Cluster

  • AWS.RDS.ClusterParameterGroup

  • AWS.RDS.EventSubscription

  • AWS.RDS.Instance

  • AWS.RDS.OptionGroup

  • AWS.RDS.ParameterGroup

  • AWS.RDS.SubnetGroup

Redshift

  • AWS.Redshift.Cluster

  • AWS.Redshift.ParameterGroup

  • AWS.Redshift.SubnetGroup

S3

  • AWS.S3.Bucket

  • AWS.S3.BucketInventory

  • AWS.S3.BucketMetric

  • AWS.S3.BucketNotification

  • AWS.S3.BucketPolicy

  • AWS.S3.BucketPublicAccessBlock

Step Functions (SFN)

  • AWS.SFN.StateMachine

SNS

  • AWS.SNS.Subscription

  • AWS.SNS.Topic

SQS

  • AWS.SQS.Queue

Systems Manager (SSM)

  • AWS.SSM.Activation

  • AWS.SSM.Association

  • AWS.SSM.Document

  • AWS.SSM.MaintenanceWindow

  • AWS.SSM.MaintenanceWindowTarget

  • AWS.SSM.MaintenanceWindowTask

  • AWS.SSM.Parameter

  • AWS.SSM.PatchBaseline

  • AWS.SSM.PatchGroup

  • AWS.SSM.ResourceDataSync