Service Coverage - AWS & AWS GovCloud

Note

For supported Azure services, see Service Coverage - Azure & Azure Government. For Google, see Service Coverage - Google Cloud.

Tip

To interact with the API using query parameters, use the Fugue resource names as formatted below (the Terraform resource name is also acceptable). When using request body parameters, add quotation marks around each resource name like this: "AWS.AutoScaling.AutoScalingGroup", "AWS.SNS.Topic", etc.

The following services and resources are supported in the latest version of Fugue.

(beta) denotes resources with beta support. To request access, contact support@fugue.co.

Each resource is listed with its Terraform type in parentheses for the purpose of writing custom rules.

For more information about resources and regions, see details here.

AWS Standard Regions

AWS Certificate Manager (ACM)

  • AWS.ACM.Certificate (aws_acm_certificate)

ACM Private Certificate Authority (ACM PCA)

  • AWS.ACMPCA.CertificateAuthority (aws_acmpca_certificate_authority)

API Gateway

  • AWS.ApiGateway.Authorizer (aws_api_gateway_authorizer)

  • AWS.ApiGateway.ClientCertificate (aws_api_gateway_client_certificate)

  • AWS.ApiGateway.Deployment (aws_api_gateway_deployment)

  • AWS.ApiGateway.DomainName (aws_api_gateway_domain_name)

  • AWS.ApiGateway.RequestValidator (aws_api_gateway_request_validator)

  • AWS.ApiGateway.Resource (aws_api_gateway_resource)

  • AWS.ApiGateway.RestApi (aws_api_gateway_rest_api)

  • AWS.ApiGateway.Stage (aws_api_gateway_stage)

  • AWS.ApiGateway.UsagePlan (aws_api_gateway_usage_plan)

  • AWS.ApiGateway.VpcLink (aws_api_gateway_vpc_link)

API Gateway Version 2 (beta)

  • AWS.ApiGatewayV2.Api (aws_apigatewayv2_api)

  • AWS.ApiGatewayV2.ApiMapping (aws_apigatewayv2_api_mapping)

  • AWS.ApiGatewayV2.Authorizer (aws_apigatewayv2_authorizer)

  • AWS.ApiGatewayV2.Deployment (aws_apigatewayv2_deployment)

  • AWS.ApiGatewayV2.DomainName (aws_apigatewayv2_domain_name)

  • AWS.ApiGatewayV2.Integration (aws_apigatewayv2_integration)

  • AWS.ApiGatewayV2.IntegrationResponse (aws_apigatewayv2_integration_response)

  • AWS.ApiGatewayV2.Model (aws_apigatewayv2_model)

  • AWS.ApiGatewayV2.Route (aws_apigatewayv2_route)

  • AWS.ApiGatewayV2.RouteResponse (aws_apigatewayv2_route_response)

  • AWS.ApiGatewayV2.Stage (aws_apigatewayv2_stage)

  • AWS.ApiGatewayV2.VpcLink (aws_apigatewayv2_vpc_link)

Athena (beta)

  • AWS.Athena.Workgroup (aws_athena_workgroup)

Auto Scaling

  • AWS.AutoScaling.AutoScalingGroup (aws_autoscaling_group)

  • AWS.AutoScaling.LaunchConfiguration (aws_launch_configuration)

  • AWS.AutoScaling.LaunchTemplate (aws_launch_template)

  • AWS.AutoScaling.LifecycleHook (aws_autoscaling_lifecycle_hook)

  • AWS.AutoScaling.Policy (aws_autoscaling_policy)

  • AWS.AutoScaling.Schedule (aws_autoscaling_schedule)

CloudFormation (beta)

  • AWS.CloudFormation.Stack (aws_cloudformation_stack)

  • AWS.CloudFormation.StackSet (aws_cloudformation_stack_set)

CloudFront

  • AWS.CloudFront.Distribution (aws_cloudfront_distribution)

CloudTrail

  • AWS.CloudTrail.Trail (aws_cloudtrail)

CloudWatch

  • AWS.CloudWatch.Dashboard (aws_cloudwatch_dashboard)

  • AWS.CloudWatch.MetricAlarm (aws_cloudwatch_metric_alarm)

  • AWS.CloudWatchEvents.Rule (aws_cloudwatch_event_rule)

  • AWS.CloudWatchEvents.Target (aws_cloudwatch_event_target)

  • AWS.CloudWatchLogs.Destination (aws_cloudwatch_log_destination)

  • AWS.CloudWatchLogs.DestinationPolicy (aws_cloudwatch_log_destination_policy)

  • AWS.CloudWatchLogs.LogGroup (aws_cloudwatch_log_group)

  • AWS.CloudWatchLogs.MetricFilter (aws_cloudwatch_log_metric_filter)

  • AWS.CloudWatchLogs.ResourcePolicy (aws_cloudwatch_log_resource_policy)

  • AWS.CloudWatchLogs.SubscriptionFilter (aws_cloudwatch_log_subscription_filter)

Cognito

  • AWS.Cognito.IdentityProvider (aws_cognito_identity_provider)

  • AWS.Cognito.ResourceServer (aws_cognito_resource_server)

  • AWS.Cognito.UserGroup (aws_cognito_user_group)

  • AWS.Cognito.UserPool (aws_cognito_user_pool)

  • AWS.Cognito.UserPoolClient (aws_cognito_user_pool_client)

  • AWS.Cognito.UserPoolDomain (aws_cognito_user_pool_domain)

Config

  • AWS.Config.AggregationAuthorization (aws_config_aggregate_authorization)

  • AWS.Config.ConfigurationAggregator (aws_config_configuration_aggregator)

  • AWS.Config.ConfigurationRecorder (aws_config_configuration_recorder)

  • AWS.Config.ConfigurationRecorderStatus (aws_config_configuration_recorder_status)

  • AWS.Config.DeliveryChannel (aws_config_delivery_channel)

  • AWS.Config.Rule (aws_config_config_rule)

Directory Service

  • AWS.DirectoryService.ConditionalForwarder (aws_directory_service_conditional_forwarder)

  • AWS.DirectoryService.Directory (aws_directory_service_directory)

DocumentDB (beta)

  • AWS.DocDB.Cluster (aws_docdb_cluster)

  • AWS.DocDB.ClusterInstance (aws_docdb_cluster_instance)

  • AWS.DocDB.ClusterSnapshot (aws_docdb_cluster_snapshot)

DynamoDB

  • AWS.DynamoDB.Table (aws_dynamodb_table)

EC2

Note

Fugue does not support the legacy EC2-Classic platform.

  • AWS.EC2.CustomerGateway (aws_customer_gateway)

  • AWS.EC2.DhcpOptions (aws_vpc_dhcp_options)

  • AWS.EC2.DhcpOptionsAssociation (aws_vpc_dhcp_options_association)

  • AWS.EC2.EgressOnlyInternetGateway (aws_egress_only_internet_gateway)

  • AWS.EC2.ElasticIP (aws_eip)

  • AWS.EC2.FlowLog (aws_flow_log)

  • AWS.EC2.Image (aws_ami)

  • AWS.EC2.Instance (aws_instance)

  • AWS.EC2.InternetGateway (aws_internet_gateway)

  • AWS.EC2.KeyPair (aws_key_pair)

  • AWS.EC2.NATGateway (aws_nat_gateway)

  • AWS.EC2.NetworkACL (aws_network_acl)

  • AWS.EC2.NetworkInterface (aws_network_interface)

  • AWS.EC2.PlacementGroup (aws_placement_group)

  • AWS.EC2.RouteTable (aws_route_table)

  • AWS.EC2.RouteTableAssociation (aws_route_table_association)

  • AWS.EC2.SecurityGroup (aws_security_group)

  • AWS.EC2.Snapshot (aws_ebs_snapshot) (beta)

  • AWS.EC2.SpotFleetRequest (aws_spot_fleet_request)

  • AWS.EC2.Subnet (aws_subnet)

  • AWS.EC2.Volume (aws_ebs_volume)

  • AWS.EC2.Vpc (aws_vpc)

  • AWS.EC2.VpcEndpoint (aws_vpc_endpoint)

  • AWS.EC2.VpcEndpointConnectionNotification (aws_vpc_endpoint_connection_notification)

  • AWS.EC2.VpcEndpointService (aws_vpc_endpoint_service)

  • AWS.EC2.VpcIpv4CidrBlockAssociation (aws_vpc_ipv4_cidr_block_association)

  • AWS.EC2.VpcPeeringConnection (aws_vpc_peering_connection)

  • AWS.EC2.VpnConnection (aws_vpn_connection)

  • AWS.EC2.VpnConnectionRoute (aws_vpn_connection_route)

  • AWS.EC2.VpnGateway (aws_vpn_gateway)

ECR

  • AWS.ECR.LifecyclePolicy (aws_ecr_lifecycle_policy) (beta)

  • AWS.ECR.Repository (aws_ecr_repository)

  • AWS.ECR.RepositoryPolicy (aws_ecr_repository_policy) (beta)

ECS

  • AWS.ECS.Cluster (aws_ecs_cluster)

  • AWS.ECS.Service (aws_ecs_service)

  • AWS.ECS.Task (aws_ecs_task)

  • AWS.ECS.TaskDefinition (aws_ecs_task_definition)

EFS

  • AWS.EFS.FileSystem (aws_efs_file_system)

  • AWS.EFS.MountTarget (aws_efs_mount_target)

EKS

  • AWS.EKS.Cluster (aws_eks_cluster)

ELB (Elastic Load Balancing)

  • AWS.ELB.BackendServerPolicy (aws_load_balancer_backend_server_policy)

  • AWS.ELB.ListenerPolicy (aws_load_balancer_listener_policy)

  • AWS.ELB.LoadBalancer (aws_elb)

  • AWS.ELB.Policy (aws_load_balancer_policy)

ELBv2 (Elastic Load Balancing v2)

  • AWS.ELBv2.Listener (aws_lb_listener)

  • AWS.ELBv2.ListenerRule (aws_lb_listener_rule)

  • AWS.ELBv2.LoadBalancer (aws_lb)

  • AWS.ELBv2.TargetGroup (aws_lb_target_group)

ElastiCache

Note

When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.

  • AWS.ElastiCache.Cluster (aws_elasticache_cluster)

  • AWS.ElastiCache.ParameterGroup (aws_elasticache_parameter_group)

  • AWS.ElastiCache.ReplicationGroup (aws_elasticache_replication_group)

Elasticsearch (beta)

  • AWS.Elasticsearch.Domain (aws_elasticsearch_domain)

Glacier (S3 Glacier)

  • AWS.Glacier.Vault (aws_glacier_vault)

Glue (beta)

  • AWS.Glue.CatalogDatabase (aws_glue_catalog_database)

  • AWS.Glue.CatalogTable (aws_glue_catalog_table)

  • AWS.Glue.Connection (aws_glue_connection)

  • AWS.Glue.Crawler (aws_glue_crawler)

  • AWS.Glue.Job (aws_glue_job)

  • AWS.Glue.SecurityConfiguration (aws_glue_security_configuration)

  • AWS.Glue.Trigger (aws_glue_trigger)

  • AWS.Glue.Workflow (aws_glue_workflow)

GuardDuty

  • AWS.GuardDuty.Detector (aws_guardduty_detector)

  • AWS.GuardDuty.Member (aws_guardduty_member)

IAM (Identity & Access Management)

  • AWS.IAM.AccessKey (aws_iam_access_key)

  • AWS.IAM.AccountPasswordPolicy (aws_iam_account_password_policy)

  • AWS.IAM.CredentialReport (aws_iam_credential_report)

  • AWS.IAM.Group (aws_iam_group)

  • AWS.IAM.GroupMembership (aws_iam_group_membership)

  • AWS.IAM.GroupPolicy (aws_iam_group_policy)

  • AWS.IAM.GroupPolicyAttachment (aws_iam_group_policy_attachment)

  • AWS.IAM.InstanceProfile (aws_iam_instance_profile)

  • AWS.IAM.OpenIDConnectProvider (aws_iam_openid_connect_provider)

  • AWS.IAM.Policy (aws_iam_policy)

  • AWS.IAM.Role (aws_iam_role)

  • AWS.IAM.RolePolicy (aws_iam_role_policy)

  • AWS.IAM.RolePolicyAttachment (aws_iam_role_policy_attachment)

  • AWS.IAM.SAMLProvider (aws_iam_saml_provider)

  • AWS.IAM.ServerCertificate (aws_iam_server_certificate) (beta)

  • AWS.IAM.User (aws_iam_user)

  • AWS.IAM.UserPolicy (aws_iam_user_policy)

  • AWS.IAM.UserPolicyAttachment (aws_iam_user_policy_attachment)

IAM Access Analyzer (beta)

  • AWS.AccessAnalyzer.Analyzer (aws_accessanalyzer_analyzer)

Inspector

  • AWS.Inspector.AssessmentTarget (aws_inspector_assessment_target)

  • AWS.Inspector.AssessmentTemplate (aws_inspector_assessment_template)

KMS (Key Management Service)

  • AWS.KMS.Alias (aws_kms_alias)

  • AWS.KMS.Grant (aws_kms_grant)

  • AWS.KMS.Key (aws_kms_key)

Kinesis

  • AWS.Kinesis.Stream (aws_kinesis_stream)

  • AWS.KinesisFirehose.DeliveryStream (aws_kinesis_firehose_delivery_stream)

Lambda

  • AWS.Lambda.Alias (aws_lambda_alias)

  • AWS.Lambda.EventSourceMapping (aws_lambda_event_source_mapping)

  • AWS.Lambda.Function (aws_lambda_function)

  • AWS.Lambda.Permission (aws_lambda_permission) (beta)

Macie

  • AWS.Macie.MemberAccountAssociation (aws_macie_member_account_association)

  • AWS.Macie.S3BucketAssociation (aws_macie_s3_bucket_association)

MediaStore (Elemental MediaStore)

  • AWS.MediaStore.Container (aws_media_store_container)

  • AWS.MediaStore.ContainerPolicy (aws_media_store_container_policy)

Neptune (beta)

  • AWS.Neptune.Cluster (aws_neptune_cluster)

  • AWS.Neptune.ClusterInstance (aws_neptune_cluster_instance)

  • AWS.Neptune.ClusterSnapshot (aws_neptune_cluster_snapshot)

Organizations

  • AWS.Organizations.Organization (aws_organizations_organization)

Resource Access Manager (RAM) (beta)

  • AWS.RAM.PrincipalAssociation (aws_ram_principal_association)

  • AWS.RAM.ResourceAssociation (aws_ram_resource_association)

  • AWS.RAM.ResourceShare (aws_ram_resource_share)

RDS

  • AWS.RDS.Cluster (aws_rds_cluster)

  • AWS.RDS.ClusterInstance (aws_rds_cluster_instance) (beta)

  • AWS.RDS.ClusterParameterGroup (aws_rds_cluster_parameter_group)

  • AWS.RDS.EventSubscription (aws_db_event_subscription)

  • AWS.RDS.Instance (aws_db_instance)

  • AWS.RDS.OptionGroup (aws_db_option_group)

  • AWS.RDS.ParameterGroup (aws_db_parameter_group)

  • AWS.RDS.Snapshot (aws_db_snapshot) (beta)

  • AWS.RDS.SubnetGroup (aws_db_subnet_group)

Redshift

  • AWS.Redshift.Cluster (aws_redshift_cluster)

  • AWS.Redshift.ParameterGroup (aws_redshift_parameter_group)

  • AWS.Redshift.SubnetGroup (aws_redshift_subnet_group)

Route 53

  • AWS.Route53.DelegationSet (aws_route53_delegation_set)

  • AWS.Route53.HealthCheck (aws_route53_health_check)

  • AWS.Route53.QueryLog (aws_route53_query_log)

  • AWS.Route53.Record (aws_route53_record)

  • AWS.Route53.Zone (aws_route53_zone)

  • AWS.Route53.ZoneAssociation (aws_route53_zone_association)

S3

  • AWS.S3.AccountPublicAccessBlock (aws_s3_account_public_access_block) (beta)

  • AWS.S3.Bucket (aws_s3_bucket)

  • AWS.S3.BucketInventory (aws_s3_bucket_inventory)

  • AWS.S3.BucketMetric (aws_s3_bucket_metric)

  • AWS.S3.BucketNotification (aws_s3_bucket_notification)

  • AWS.S3.BucketPolicy (aws_s3_bucket_policy)

  • AWS.S3.BucketPublicAccessBlock (aws_s3_bucket_public_access_block)

SageMaker (beta)

  • AWS.Sagemaker.Endpoint (aws_sagemaker_endpoint)

  • AWS.Sagemaker.EndpointConfiguration (aws_sagemaker_endpoint_configuration)

  • AWS.Sagemaker.Model (aws_sagemaker_model)

  • AWS.Sagemaker.NotebookInstance (aws_sagemaker_notebook_instance)

  • AWS.Sagemaker.NotebookInstanceLifecycleConfiguration (aws_sagemaker_notebook_instance_lifecycle_configuration)

Step Functions (SFN)

  • AWS.SFN.StateMachine (aws_sfn_state_machine)

SNS

  • AWS.SNS.Subscription (aws_sns_topic_subscription)

  • AWS.SNS.Topic (aws_sns_topic)

SQS

  • AWS.SQS.Queue (aws_sqs_queue)

Systems Manager (SSM)

  • AWS.SSM.Activation (aws_ssm_activation)

  • AWS.SSM.Association (aws_ssm_association)

  • AWS.SSM.Document (aws_ssm_document)

  • AWS.SSM.MaintenanceWindow (aws_ssm_maintenance_window)

  • AWS.SSM.MaintenanceWindowTarget (aws_ssm_maintenance_window_target)

  • AWS.SSM.MaintenanceWindowTask (aws_ssm_maintenance_window_task)

  • AWS.SSM.Parameter (aws_ssm_parameter)

  • AWS.SSM.PatchBaseline (aws_ssm_patch_baseline)

  • AWS.SSM.PatchGroup (aws_ssm_patch_group)

  • AWS.SSM.ResourceDataSync (aws_ssm_resource_data_sync)

Secrets Manager

  • AWS.SecretsManager.Secret (aws_secretsmanager_secret)

WAF

  • AWS.WAF.ByteMatchSet (aws_waf_byte_match_set)

  • AWS.WAF.GeoMatchSet (aws_waf_geo_match_set)

  • AWS.WAF.RateBasedRule (aws_waf_rate_based_rule)

  • AWS.WAF.RegexMatchSet (aws_waf_regex_match_set)

  • AWS.WAF.RegexPatternSet (aws_waf_regex_pattern_set)

  • AWS.WAF.Rule (aws_waf_rule)

  • AWS.WAF.RuleGroup (aws_waf_rule_group)

  • AWS.WAF.SQLInjectionMatchSet (aws_waf_sql_injection_match_set)

  • AWS.WAF.SizeConstraintSet (aws_waf_size_constraint_set)

  • AWS.WAF.WebACL (aws_waf_web_acl)

  • AWS.WAF.XSSMatchSet (aws_waf_xss_match_set)

WAFRegional

  • AWS.WAFRegional.ByteMatchSet (aws_wafregional_byte_match_set)

  • AWS.WAFRegional.GeoMatchSet (aws_wafregional_geo_match_set)

  • AWS.WAFRegional.RateBasedRule (aws_wafregional_rate_based_rule)

  • AWS.WAFRegional.RegexMatchSet (aws_wafregional_regex_match_set)

  • AWS.WAFRegional.RegexPatternSet (aws_wafregional_regex_pattern_set)

  • AWS.WAFRegional.Rule (aws_wafregional_rule)

  • AWS.WAFRegional.RuleGroup (aws_wafregional_rule_group)

  • AWS.WAFRegional.SQLInjectionMatchSet (aws_wafregional_sql_injection_match_set)

  • AWS.WAFRegional.SizeConstraintSet (aws_wafregional_size_constraint_set)

  • AWS.WAFRegional.WebACL (aws_wafregional_web_acl)

  • AWS.WAFRegional.XSSMatchSet (aws_wafregional_xss_match_set)

WAFv2

  • AWS.WAFv2.LoggingConfiguration (aws_wafv2_logging_configuration)

  • AWS.WAFv2.RegexPatternSet (aws_wafv2_regex_pattern_set)

  • AWS.WAFv2.RuleGroup (aws_wafv2_rule_group)

  • AWS.WAFv2.WebACL (aws_wafv2_web_acl)

  • AWS.WAFv2.WebACLAssociation (aws_wafv2_web_acl_association)

WorkSpaces (beta)

  • AWS.Workspaces.Directory (aws_workspaces_directory)

  • AWS.Workspaces.IPGroup (aws_workspaces_ip_group)

  • AWS.Workspaces.Workspace (aws_workspaces_workspace)

Supported Services: AWS GovCloud

AWS Certificate Manager (ACM)

  • AWS.ACM.Certificate (aws_acm_certificate)

ACM Private Certificate Authority (ACM PCA)

  • AWS.ACMPCA.CertificateAuthority (aws_acmpca_certificate_authority)

API Gateway

  • AWS.ApiGateway.Authorizer (aws_api_gateway_authorizer)

  • AWS.ApiGateway.ClientCertificate (aws_api_gateway_client_certificate)

  • AWS.ApiGateway.Deployment (aws_api_gateway_deployment)

  • AWS.ApiGateway.DomainName (aws_api_gateway_domain_name)

  • AWS.ApiGateway.RequestValidator (aws_api_gateway_request_validator)

  • AWS.ApiGateway.Resource (aws_api_gateway_resource)

  • AWS.ApiGateway.RestApi (aws_api_gateway_rest_api)

  • AWS.ApiGateway.Stage (aws_api_gateway_stage)

  • AWS.ApiGateway.UsagePlan (aws_api_gateway_usage_plan)

  • AWS.ApiGateway.VpcLink (aws_api_gateway_vpc_link)

API Gateway Version 2 (beta)

  • AWS.ApiGatewayV2.Api (aws_apigatewayv2_api)

  • AWS.ApiGatewayV2.ApiMapping (aws_apigatewayv2_api_mapping)

  • AWS.ApiGatewayV2.Authorizer (aws_apigatewayv2_authorizer)

  • AWS.ApiGatewayV2.Deployment (aws_apigatewayv2_deployment)

  • AWS.ApiGatewayV2.DomainName (aws_apigatewayv2_domain_name)

  • AWS.ApiGatewayV2.Integration (aws_apigatewayv2_integration)

  • AWS.ApiGatewayV2.IntegrationResponse (aws_apigatewayv2_integration_response)

  • AWS.ApiGatewayV2.Model (aws_apigatewayv2_model)

  • AWS.ApiGatewayV2.Route (aws_apigatewayv2_route)

  • AWS.ApiGatewayV2.RouteResponse (aws_apigatewayv2_route_response)

  • AWS.ApiGatewayV2.Stage (aws_apigatewayv2_stage)

  • AWS.ApiGatewayV2.VpcLink (aws_apigatewayv2_vpc_link)

Athena (beta)

  • AWS.Athena.Workgroup (aws_athena_workgroup)

Auto Scaling

  • AWS.AutoScaling.AutoScalingGroup (aws_autoscaling_group)

  • AWS.AutoScaling.LaunchConfiguration (aws_launch_configuration)

  • AWS.AutoScaling.LaunchTemplate (aws_launch_template)

  • AWS.AutoScaling.LifecycleHook (aws_autoscaling_lifecycle_hook)

  • AWS.AutoScaling.Policy (aws_autoscaling_policy)

  • AWS.AutoScaling.Schedule (aws_autoscaling_schedule)

CloudFormation (beta)

  • AWS.CloudFormation.Stack (aws_cloudformation_stack)

  • AWS.CloudFormation.StackSet (aws_cloudformation_stack_set)

CloudTrail

  • AWS.CloudTrail.Trail (aws_cloudtrail)

CloudWatch

  • AWS.CloudWatch.Dashboard (aws_cloudwatch_dashboard)

  • AWS.CloudWatch.MetricAlarm (aws_cloudwatch_metric_alarm)

  • AWS.CloudWatchEvents.Rule (aws_cloudwatch_event_rule)

  • AWS.CloudWatchEvents.Target (aws_cloudwatch_event_target)

  • AWS.CloudWatchLogs.Destination (aws_cloudwatch_log_destination)

  • AWS.CloudWatchLogs.DestinationPolicy (aws_cloudwatch_log_destination_policy)

  • AWS.CloudWatchLogs.LogGroup (aws_cloudwatch_log_group)

  • AWS.CloudWatchLogs.MetricFilter (aws_cloudwatch_log_metric_filter)

  • AWS.CloudWatchLogs.ResourcePolicy (aws_cloudwatch_log_resource_policy)

  • AWS.CloudWatchLogs.SubscriptionFilter (aws_cloudwatch_log_subscription_filter)

Cognito

  • AWS.Cognito.IdentityProvider (aws_cognito_identity_provider)

  • AWS.Cognito.ResourceServer (aws_cognito_resource_server)

  • AWS.Cognito.UserGroup (aws_cognito_user_group)

  • AWS.Cognito.UserPool (aws_cognito_user_pool)

  • AWS.Cognito.UserPoolClient (aws_cognito_user_pool_client)

  • AWS.Cognito.UserPoolDomain (aws_cognito_user_pool_domain)

Config

  • AWS.Config.AggregationAuthorization (aws_config_aggregate_authorization)

  • AWS.Config.ConfigurationAggregator (aws_config_configuration_aggregator)

  • AWS.Config.ConfigurationRecorder (aws_config_configuration_recorder)

  • AWS.Config.ConfigurationRecorderStatus (aws_config_configuration_recorder_status)

  • AWS.Config.DeliveryChannel (aws_config_delivery_channel)

  • AWS.Config.Rule (aws_config_config_rule)

Directory Service

  • AWS.DirectoryService.ConditionalForwarder (aws_directory_service_conditional_forwarder)

  • AWS.DirectoryService.Directory (aws_directory_service_directory)

DocumentDB (beta)

  • AWS.DocDB.Cluster (aws_docdb_cluster)

  • AWS.DocDB.ClusterInstance (aws_docdb_cluster_instance)

  • AWS.DocDB.ClusterSnapshot (aws_docdb_cluster_snapshot)

DynamoDB

  • AWS.DynamoDB.Table (aws_dynamodb_table)

EC2

Note

Fugue does not support the legacy EC2-Classic platform.

  • AWS.EC2.CustomerGateway (aws_customer_gateway)

  • AWS.EC2.DhcpOptions (aws_vpc_dhcp_options)

  • AWS.EC2.DhcpOptionsAssociation (aws_vpc_dhcp_options_association)

  • AWS.EC2.EgressOnlyInternetGateway (aws_egress_only_internet_gateway)

  • AWS.EC2.ElasticIP (aws_eip)

  • AWS.EC2.FlowLog (aws_flow_log)

  • AWS.EC2.Image (aws_ami)

  • AWS.EC2.Instance (aws_instance)

  • AWS.EC2.InternetGateway (aws_internet_gateway)

  • AWS.EC2.KeyPair (aws_key_pair)

  • AWS.EC2.NATGateway (aws_nat_gateway)

  • AWS.EC2.NetworkACL (aws_network_acl)

  • AWS.EC2.NetworkInterface (aws_network_interface)

  • AWS.EC2.PlacementGroup (aws_placement_group)

  • AWS.EC2.RouteTable (aws_route_table)

  • AWS.EC2.RouteTableAssociation (aws_route_table_association)

  • AWS.EC2.SecurityGroup (aws_security_group)

  • AWS.EC2.SpotFleetRequest (aws_spot_fleet_request)

  • AWS.EC2.Snapshot (aws_ebs_snapshot) (beta)

  • AWS.EC2.Subnet (aws_subnet)

  • AWS.EC2.Volume (aws_ebs_volume)

  • AWS.EC2.Vpc (aws_vpc)

  • AWS.EC2.VpcEndpoint (aws_vpc_endpoint)

  • AWS.EC2.VpcEndpointConnectionNotification (aws_vpc_endpoint_connection_notification)

  • AWS.EC2.VpcEndpointService (aws_vpc_endpoint_service)

  • AWS.EC2.VpcIpv4CidrBlockAssociation (aws_vpc_ipv4_cidr_block_association)

  • AWS.EC2.VpcPeeringConnection (aws_vpc_peering_connection)

  • AWS.EC2.VpnConnection (aws_vpn_connection)

  • AWS.EC2.VpnConnectionRoute (aws_vpn_connection_route)

  • AWS.EC2.VpnGateway (aws_vpn_gateway)

ECR

  • AWS.ECR.LifecyclePolicy (aws_ecr_lifecycle_policy) (beta)

  • AWS.ECR.Repository (aws_ecr_repository)

  • AWS.ECR.RepositoryPolicy (aws_ecr_repository_policy) (beta)

ECS

  • AWS.ECS.Cluster (aws_ecs_cluster)

  • AWS.ECS.Service (aws_ecs_service)

  • AWS.ECS.Task (aws_ecs_task)

  • AWS.ECS.TaskDefinition (aws_ecs_task_definition)

EFS

  • AWS.EFS.FileSystem (aws_efs_file_system)

  • AWS.EFS.MountTarget (aws_efs_mount_target)

EKS

  • AWS.EKS.Cluster (aws_eks_cluster)

ELB (Elastic Load Balancing)

  • AWS.ELB.BackendServerPolicy (aws_load_balancer_backend_server_policy)

  • AWS.ELB.ListenerPolicy (aws_load_balancer_listener_policy)

  • AWS.ELB.LoadBalancer (aws_elb)

  • AWS.ELB.Policy (aws_load_balancer_policy)

ELBv2 (Elastic Load Balancing v2)

  • AWS.ELBv2.Listener (aws_lb_listener)

  • AWS.ELBv2.ListenerRule (aws_lb_listener_rule)

  • AWS.ELBv2.LoadBalancer (aws_lb)

  • AWS.ELBv2.TargetGroup (aws_lb_target_group)

ElastiCache

Note

When ElastiCache.Cluster resources belong to an ElastiCache.ReplicationGroup, the clusters themselves are not scanned but the replication group is. The replication group manages the clusters and contains all of the relevant settings, so there is no need to scan the clusters individually. In contrast, ElastiCache clusters that do not belong to a replication group are scanned individually.

  • AWS.ElastiCache.Cluster (aws_elasticache_cluster)

  • AWS.ElastiCache.ParameterGroup (aws_elasticache_parameter_group)

  • AWS.ElastiCache.ReplicationGroup (aws_elasticache_replication_group)

Elasticsearch (beta)

  • AWS.Elasticsearch.Domain (aws_elasticsearch_domain)

Glacier (S3 Glacier)

  • AWS.Glacier.Vault (aws_glacier_vault)

Glue (beta)

  • AWS.Glue.CatalogDatabase (aws_glue_catalog_database)

  • AWS.Glue.CatalogTable (aws_glue_catalog_table)

  • AWS.Glue.Connection (aws_glue_connection)

  • AWS.Glue.Crawler (aws_glue_crawler)

  • AWS.Glue.Job (aws_glue_job)

  • AWS.Glue.SecurityConfiguration (aws_glue_security_configuration)

  • AWS.Glue.Trigger (aws_glue_trigger)

  • AWS.Glue.Workflow (aws_glue_workflow)

GuardDuty

  • AWS.GuardDuty.Detector (aws_guardduty_detector)

  • AWS.GuardDuty.Member (aws_guardduty_member)

IAM (Identity & Access Management)

  • AWS.IAM.AccessKey (aws_iam_access_key)

  • AWS.IAM.AccountPasswordPolicy (aws_iam_account_password_policy)

  • AWS.IAM.CredentialReport (aws_iam_credential_report)

  • AWS.IAM.Group (aws_iam_group)

  • AWS.IAM.GroupMembership (aws_iam_group_membership)

  • AWS.IAM.GroupPolicy (aws_iam_group_policy)

  • AWS.IAM.GroupPolicyAttachment (aws_iam_group_policy_attachment)

  • AWS.IAM.InstanceProfile (aws_iam_instance_profile)

  • AWS.IAM.OpenIDConnectProvider (aws_iam_openid_connect_provider)

  • AWS.IAM.Policy (aws_iam_policy)

  • AWS.IAM.Role (aws_iam_role)

  • AWS.IAM.RolePolicy (aws_iam_role_policy)

  • AWS.IAM.RolePolicyAttachment (aws_iam_role_policy_attachment)

  • AWS.IAM.SAMLProvider (aws_iam_saml_provider)

  • AWS.IAM.ServerCertificate (aws_iam_server_certificate) (beta)

  • AWS.IAM.User (aws_iam_user)

  • AWS.IAM.UserPolicy (aws_iam_user_policy)

  • AWS.IAM.UserPolicyAttachment (aws_iam_user_policy_attachment)

IAM Access Analyzer (beta)

  • AWS.AccessAnalyzer.Analyzer (aws_accessanalyzer_analyzer)

Inspector

  • AWS.Inspector.AssessmentTarget (aws_inspector_assessment_target)

  • AWS.Inspector.AssessmentTemplate (aws_inspector_assessment_template)

KMS (Key Management Service)

  • AWS.KMS.Alias (aws_kms_alias)

  • AWS.KMS.Grant (aws_kms_grant)

  • AWS.KMS.Key (aws_kms_key)

Kinesis

  • AWS.Kinesis.Stream (aws_kinesis_stream)

  • AWS.KinesisFirehose.DeliveryStream (aws_kinesis_firehose_delivery_stream)

Lambda

  • AWS.Lambda.Alias (aws_lambda_alias)

  • AWS.Lambda.EventSourceMapping (aws_lambda_event_source_mapping)

  • AWS.Lambda.Function (aws_lambda_function)

  • AWS.Lambda.Permission (aws_lambda_permission) (beta)

Neptune (beta)

  • AWS.Neptune.Cluster (aws_neptune_cluster)

  • AWS.Neptune.ClusterInstance (aws_neptune_cluster_instance)

  • AWS.Neptune.ClusterSnapshot (aws_neptune_cluster_snapshot)

Organizations

  • AWS.Organizations.Organization (aws_organizations_organization)

Resource Access Manager (RAM) (beta)

  • AWS.RAM.PrincipalAssociation (aws_ram_principal_association)

  • AWS.RAM.ResourceAssociation (aws_ram_resource_association)

  • AWS.RAM.ResourceShare (aws_ram_resource_share)

RDS

  • AWS.RDS.Cluster (aws_rds_cluster)

  • AWS.RDS.ClusterInstance (aws_rds_cluster_instance) (beta)

  • AWS.RDS.ClusterParameterGroup (aws_rds_cluster_parameter_group)

  • AWS.RDS.EventSubscription (aws_db_event_subscription)

  • AWS.RDS.Instance (aws_db_instance)

  • AWS.RDS.OptionGroup (aws_db_option_group)

  • AWS.RDS.ParameterGroup (aws_db_parameter_group)

  • AWS.RDS.Snapshot (aws_db_snapshot) (beta)

  • AWS.RDS.SubnetGroup (aws_db_subnet_group)

Redshift

  • AWS.Redshift.Cluster (aws_redshift_cluster)

  • AWS.Redshift.ParameterGroup (aws_redshift_parameter_group)

  • AWS.Redshift.SubnetGroup (aws_redshift_subnet_group)

S3

  • AWS.S3.AccountPublicAccessBlock (aws_s3_account_public_access_block) (beta)

  • AWS.S3.Bucket (aws_s3_bucket)

  • AWS.S3.BucketInventory (aws_s3_bucket_inventory)

  • AWS.S3.BucketMetric (aws_s3_bucket_metric)

  • AWS.S3.BucketNotification (aws_s3_bucket_notification)

  • AWS.S3.BucketPolicy (aws_s3_bucket_policy)

  • AWS.S3.BucketPublicAccessBlock (aws_s3_bucket_public_access_block)

SageMaker (beta)

  • AWS.Sagemaker.Endpoint (aws_sagemaker_endpoint)

  • AWS.Sagemaker.EndpointConfiguration (aws_sagemaker_endpoint_configuration)

  • AWS.Sagemaker.Model (aws_sagemaker_model)

  • AWS.Sagemaker.NotebookInstance (aws_sagemaker_notebook_instance)

  • AWS.Sagemaker.NotebookInstanceLifecycleConfiguration (aws_sagemaker_notebook_instance_lifecycle_configuration)

Secrets Manager

  • AWS.SecretsManager.Secret (aws_secretsmanager_secret)

Step Functions (SFN)

  • AWS.SFN.StateMachine (aws_sfn_state_machine)

SNS

  • AWS.SNS.Subscription (aws_sns_topic_subscription)

  • AWS.SNS.Topic (aws_sns_topic)

SQS

  • AWS.SQS.Queue (aws_sqs_queue)

Systems Manager (SSM)

  • AWS.SSM.Activation (aws_ssm_activation)

  • AWS.SSM.Association (aws_ssm_association)

  • AWS.SSM.Document (aws_ssm_document)

  • AWS.SSM.MaintenanceWindow (aws_ssm_maintenance_window)

  • AWS.SSM.MaintenanceWindowTarget (aws_ssm_maintenance_window_target)

  • AWS.SSM.MaintenanceWindowTask (aws_ssm_maintenance_window_task)

  • AWS.SSM.Parameter (aws_ssm_parameter)

  • AWS.SSM.PatchBaseline (aws_ssm_patch_baseline)

  • AWS.SSM.PatchGroup (aws_ssm_patch_group)

  • AWS.SSM.ResourceDataSync (aws_ssm_resource_data_sync)

WAFRegional

  • AWS.WAFRegional.ByteMatchSet (aws_wafregional_byte_match_set)

  • AWS.WAFRegional.GeoMatchSet (aws_wafregional_geo_match_set)

  • AWS.WAFRegional.RateBasedRule (aws_wafregional_rate_based_rule)

  • AWS.WAFRegional.RegexMatchSet (aws_wafregional_regex_match_set)

  • AWS.WAFRegional.RegexPatternSet (aws_wafregional_regex_pattern_set)

  • AWS.WAFRegional.Rule (aws_wafregional_rule)

  • AWS.WAFRegional.RuleGroup (aws_wafregional_rule_group)

  • AWS.WAFRegional.SQLInjectionMatchSet (aws_wafregional_sql_injection_match_set)

  • AWS.WAFRegional.SizeConstraintSet (aws_wafregional_size_constraint_set)

  • AWS.WAFRegional.WebACL (aws_wafregional_web_acl)

  • AWS.WAFRegional.XSSMatchSet (aws_wafregional_xss_match_set)

WAFv2

  • AWS.WAFv2.LoggingConfiguration (aws_wafv2_logging_configuration)

  • AWS.WAFv2.RegexPatternSet (aws_wafv2_regex_pattern_set)

  • AWS.WAFv2.RuleGroup (aws_wafv2_rule_group)

  • AWS.WAFv2.WebACL (aws_wafv2_web_acl)

  • AWS.WAFv2.WebACLAssociation (aws_wafv2_web_acl_association)