EDH - Supported Resources (AWS)
A list of AWS Support Resources for Event-Driven Harvesting
This page includes a complete list of the AWS supported resources for Event-Drive Harvesting (EDH) as an alphabetized list of the AWS resource names.
- Refer to Resource Terminology and our Resource Matrix for details or cross-references on the InsightCloudSec normalized resource terminology.
- Refer to AWS' documentation for details on the differences between the AWS GovCloud (US) Regions and the standard AWS Regions.
Supported Resources
| EDH Supported Resources for AWS |
|---|
| Amazon Macie |
| API Gateway |
| API Gateway Key |
| API Gateway Stage |
| App Stream Fleet |
| AppSync API |
| Athena Workgroup |
| AutoScaling Groups |
| AutoScaling Launch Config |
| Backup Vault |
| Broker MQ Instances |
| Cloud Account |
| CloudFront |
| CloudTrail |
| CloudWatch/Event Bridge Event Bus/Log Groups |
| CFT |
| CodeBuild Project |
| Cognito User Pool |
| Database Migration Service |
| Directory Service |
| DynamoDB |
| DynamoDB Accelerator (DAX) |
| EBS Snapshots |
| EBS Volumes |
| EC2/VPC Instances |
| ECR |
| EKS/ECS/Fargate Cluster |
| Elastic IP Address |
| ElasticSearch |
| Encryption Keys (KMS) |
| Glue Data Catalog |
| Glue Security Configuration |
| GuardDuty (Detector) |
| HyperVisor |
| IAM Groups |
| IAM Password Policy |
| IAM Policies |
| IAM Roles |
| IAM Users |
| Identity Provider |
| Internet Gateways |
| Lambda |
| Lambda Layer |
| Load Balancer |
| Managed Airflow Environment |
| Memcache/Redis |
| MSK Instance |
| NAT Gateways |
| Network Interface |
| Placement Group |
| Private Image |
| RDS Cluster |
| RDS Snapshot |
| RDS |
| Region |
| RedShift |
| Route53 |
| Route Tables |
| S3 |
| S3 Access Point |
| Secret |
| Serverless Application Repository |
| SFTP Server |
| SNS Subscription |
| SNS Topic |
| SSH Keypairs |
| SSM Document |
| Security Groups and Network ACLs |
| Service Access Key |
| Simple Email Service (SES) |
| Subnets |
| SQS |
| Systems Manager (SSM) |
| Transcription Job |
| VPC Endpoints |
| VPC Flow Logs |
| VPC Network Peers |
| VPCs |
| VPC Traffic Mirror Target |
| Workspace Instances |
Supported Events
The following events are currently configured to publish to Consumers.
Resource Type:
SupportedEvent
API Gateway:
CreateAuthorizer
DeleteAuthorizer
UpdateAuthorizer
API Gateway Key:
CreateApiKey
DeleteApiKey
UpdateApiKey
API Gateway Stage:
CreateStage
DeleteStage
UpdateStage
App Stream Fleet:
CreateFleet
DeleteFleet
UpdateFleet
StartFleet
StopFleet
AppSync API:
CreateGraphqlApi
DeleteGraphqlApi
UpdateGraphqlApi
Athena Workgroup:
CreateWorkGroup
DeleteWorkGroup
UpdateWorkGroup
AutoScaling Groups:
AttachInstances
CreateAutoScalingGroup
CreateOrUpdateTags
DeleteAutoScalingGroup
DetachInstances
PutScalingPolicy
SetDesiredCapacity
SetInstanceProtection
UpdateAutoScalingGroup
AutoScaling Launch Config:
CreateLaunchConfiguration
DeleteLaunchConfiguration
Backup Vault:
CreateBackupVault
DeleteBackupVault
PutBackupVaultAccessPolicy
Broker MQ Instances:
CreateBroker
DeleteBroker
UpdateBroker
Cloud Account:
DeleteAccountPasswordPolicy
DeleteAccountPublicAccessBlock
PutAccountPublicAccessBlock
UpdateAccountPasswordPolicy
CloudFront:
CreateDistribution
DeleteDistribution
UpdateDistribution
CloudTrail:
BidEvictedEvent
CreateTrail
DeleteTrail
UpdateTrail
StopLogging
StartLogging
CloudWatch/Event Bridge Event Bus:
CreateEventBus
DeleteEventBus
PutPermission
RemovePermission
CloudWatch/Log Groups:
CreateLogGroup
DeleteLogGroup
ServiceLogGroup
CFT:
CancelUpdateStack
CreateStack
DeleteStack
UpdateStack
UpdateTerminationProtection
CodeBuild Project:
CreateProject
UpdateProject
Cognito User Pool:
CreateUserPool
DeleteUserPool
SetUserPoolMfaConfig
UpdateUserPool
UpdateUserPoolClient
Database Migration Service:
CreateReplicationInstance
DeleteReplicationInstance
ModifyReplicationInstance
Directory Service:
CreateDirectory
CreateMicrosoftAD
DeleteDirectory
EBS Snapshots:
CreateSnapshot
CreateTags
DeleteSnapshot
DeleteTags
ModifyDBClusterSnapshotAttribute
ModifyDBSnapshotAttribute
ModifyDocumentPermission
ModifyImageAttribute
ModifySnapshotAttribute
ResetImageAttribute
SharedSnapshotCopyInitiated
SharedSnapshotVolumeCreated
EBS Volumes:
AttachVolume
CreateTags
CreateVolume
DeleteTags
DeleteVolume
DetachVolume
ModifyVolume
ModifyVolumeAttribute
EC2/VPC Instances:
AssociateIamInstanceProfile
CreateTags
DeleteTags
DisassociateIamInstanceProfile
ModifyInstanceAttribute
MonitorInstances
RebootInstances
RunInstances
StartInstances
StartSession
StopInstances
TerminateInstances
UnmonitorInstances
ECR:
CreateRepository
DeleteLifecyclePolicy
DeleteRepository
DeleteRepositoryPolicy
PutLifecyclePolicy
SetRepositoryPolicy
EKS/ECS/Fargate Cluster:
CreateCluster
DeleteCluster
UpdateClusterConfig
UpdateClusterVersion
ElastiCache
AddTagsToResource
CreateCacheCluster
CreateReplicationGroup
DeleteCacheCluster
DeleteReplicationGroup
ModifyCacheCluster
ModifyReplicationGroup
RebootCacheCluster
RemoveTagsFromResource
Elastic IP Addresses:
AllocateAddress
ElasticSearch:
CreateDomain
CreateElasticsearchDomain
CreateFileSystem
DeleteDomain
DeleteElasticsearchDomain
DeleteFileSystem
PutFileSystemPolicy
UpdateDomainConfig
UpdateFileSystem
UpgradeDomain
UpgradeElasticsearchDomain
UpdateElasticsearchDomainConfig
Encryption Keys (KMS):
CreateKey
DisableKey
DisableKeyRotation
EnableKey
EnableKeyRotation
PutKeyPolicy
TagResource
UntagResource
UpdateKeyDescription
Glue Data Catalog:
DeleteResourcePolicy
PutResourcePolicy
PutDataCatalogEncryptionSettings
Glue Security Configuration:
CreateSecurityConfiguration
DeleteSecurityConfiguration
GuardDuty (Detector):
Get
cw_event.detail.get('requestParameters', {}),
cw_event.detail.get('responseElements', {}),
cw_event.detail.get('userIdentity', {}),
)
HyperVisor:
AllocateHosts
ModifyHosts
ReleaseHosts
IAM Groups:
AttachGroupPolicy
CreateGroup
DeleteGroup
DeleteGroupPolicy
DetachGroupPolicy
PutGroupPolicy
IAM Password Policy:
DeleteAccountPasswordPolicy
DeleteAccountPublicAccessBlock
PutAccountPublicAccessBlock
UpdateAccountPasswordPolicy
IAM Policies:
CreatePolicy
CreatePolicyVersion
CreateSAMLProvider
DeleteAccountPasswordPolicy
DeleteAccountPublicAccessBlock
DeletePolicy
DeletePolicyVersion
DeleteSAMLProvider
PutAccountPublicAccessBlock
UpdateAccountPasswordPolicy
IAM Roles:
AttachRolePolicy
ConsoleLogin
CreateRole
DeleteRole
DeleteRolePermissionsBoundary
DeleteRolePolicy
DetachRolePolicy
PutRolePermissionsBoundary
PutRolePolicy
TagRole
UntagRole
UpdateAssumeRolePolicy
UpdateRole
IAM Users:
AddUserToGroup
AttachUserPolicy
ConsoleLogin
CreateLoginProfile
CreateUser
CreateVirtualMFADevice
DeactivateMFADevice
DeleteLoginProfile
DeleteUser
DeleteUserPolicy
DeleteVirtualMFADevice
DetachUserPolicy
EnableMFADevice
PutUserPolicy
RemoveUserFromGroup
TagUser
UntagUser
UpdateUser
Identity Provider:
CreateSAMLProvider
DeleteSAMLProvider
Internet Gateways:
AttachInternetGateway
CreateInternetGateway
DeleteInternetGateway
DetachInternetGateway
Lambda:
AddPermission
CreateFunction
DeleteFunction
RemovePermission
UpdateFunctionConfiguration
Lambda Layer:
AddLayerVersionPermission
DeleteLayerVersion
PublishLayerVersion
RemoveLayerVersionPermission
Load Balancer:
AddTags
ApplySecurityGroupsToLoadBalancer
AttachLoadBalancerToSubnets
CreateLoadBalancer
CreateLoadBalancerListeners
DeleteLoadBalancer
DeleteLoadBalancerListeners
DeregisterInstancesFromLoadBalancer
DetachLoadBalancerFromSubnets
ModifyLoadBalancerAttributes
RegisterInstancesWithLoadBalancer
RemoveTags
SetSecurityGroups
SetSubnets
Managed Airflow Environment:
CreateEnvironment
DeleteEnvironment
UpdateEnvironment
MSK Instance:
CreateCluster
DeleteCluster
UpdateBrokerCount
UpdateBrokerStorage
UpdateBrokerType
UpdateClusterKafkaVersion
UpdateConnectivity
UpdateMonitoring
UpdateSecurity
NAT Gateways:
CreateNatGateway
DeleteNatGateway
Network Interface:
CreateNetworkInterface
DeleteNetworkInterface
ModifyNetworkInterfaceAttribute
Placement Group:
CreatePlacementGroup
DeletePlacementGroup
Private Image:
CreateImage
DeregisterImage
ImportImage
RegisterImage
RDS Cluster:
CreateDBCluster
DeleteDBCluster
ModifyDBCluster
StartDBCluster
StopDBCluster
RDS Snapshot:
AddTagsToResource
CreateDBClusterSnapshot
CreateDBSnapshot
DeleteDBClusterSnapshot
DeleteDBSnapshot
RemoveTagsFromResource
RDS:
AddTagsToResource
CreateDBInstance
CreateDBInstanceReadReplica
DeleteDBInstance
ModifyDBInstance
RebootDBInstance
RemoveTagsFromResource
StartDBInstance
StopDBInstance
RedShift:
AuthorizeSnapshotAccess
BatchDeleteClusterSnapshots
CreateCluster
CreateClusterSnapshot
CreateTags
DeleteCluster
DeleteClusterSnapshot
DeleteTags
DisableLogging
EnableLogging
ModifyCluster
RebootCluster
ResizeCluster
RevokeSnapshotAccess
Region:
ResetServiceSetting
UpdateServiceSetting
Route53:
CreateHostedZone
DeleteHostedZone
Route Tables:
AssociateRouteTable
CreateRoute
CreateRouteTable
DeleteRoute
DeleteRouteTable
DisassociateRouteTable
ReplaceRoute
ReplaceRouteTableAssociation
S3:
CreateBucket
DeleteBucket
DeleteBucketEncryption
DeleteBucketOwnershipControls
DeleteBucketPolicy
DeleteBucketPublicAccessBlock
DeleteBucketTagging
DeleteBucketWebsite
PutBucketAcl
PutBucketEncryption
PutBucketLogging
PutBucketOwnershipControls
PutBucketPolicy
PutBucketPublicAccessBlock
PutBucketTagging
PutBucketVersioning
PutBucketWebsite
S3 Access Point:
CreateAccessPoint
DeleteAccessPoint
DeleteAccessPointPolicy
PutAccessPointPolicy
Secret:
CancelRotateSecret
CreateSecret
DeleteSecret
PutSecretValue
RotateSecret
TagResource
UntagResource
UpdateSecret
Serverless Application Repository:
CreateApplication
DeleteApplication
PutApplicationPolicy
UpdateApplication
Simple Email Service (+ EmailServiceRules):
CreateConfigurationSe
CreateCustomVerificationEmailTemplate
CreateEmailIdentity
CreateEmailIdentityPolicy
CreateEmailTemplate
CreateReceiptRule
CreateReceiptRuleSet
DeleteEmailIdentity
DeleteConfigurationSet
DeleteCustomVerificationEmailTemplate
DeleteIdentity
DeleteReceiptRule
DeleteReceiptRuleSet
DeleteTemplate
SetActiveReceiptRuleSet
UpdateEmailIdentityPolicy
UpdateReceiptRule
UpdateReceiptRuleSet
SFTP Server:
CreateServer
CreateUser
DeleteServer
DeleteUser
StartServer
StopServer
UpdateServer
UpdateUser
SNS Subscription:
SetSubscriptionAttributes
Unsubscribe
SNS Topic:
CreateTopic
DeleteTopic
SetTopicAttributes
TagQueue
UntagQueue
SSH Keypairs:
CreateKeyPair
DeleteKeyPair
ImportKeyPair
SSM Document:
AddTagsToResource
CreateDocument
DeleteDocument
RemoveTagsFromResource
UpdateDocument
UpdateDocumentDefaultVersion
Security Groups and Network ACLs:
AuthorizeSecurityGroupEgress
AuthorizeSecurityGroupIngress
CreateNetworkAcl
CreateNetworkAclEntry
CreateSecurityGroup
CreateTags
DeleteNetworkAcl
DeleteNetworkAclEntry
DeleteSecurityGroup
DeleteTags
ModifySecurityGroupRules
ReplaceNetworkAclAssociation
ReplaceNetworkAclEntry
RevokeSecurityGroupEgress
RevokeSecurityGroupIngress
UpdateSecurityGroupRuleDescriptionsEgress
UpdateSecurityGroupRuleDescriptionsIngress
Service Access Key:
CreateAccessKey
DeleteAccessKey
UpdateAccessKey
SQS:
AddPermission
CreateQueue
DeleteQueue
RemovePermission
SetQueueAttributes
Systems Manager (SSM) Agent:
DeleteParameter
DeleteParameters
PutParameter
StartSession
Transcription Job:
DeleteMedicalTranscriptionJob
DeleteTranscriptionJob
StartMedicalTranscriptionJob
StartTranscriptionJob
VPC Endpoints:
AcceptVpcEndpointConnections
CreateVpcEndpoint
CreateVpcEndpointServiceConfiguration
DeleteVpcEndpoint
DeleteVpcEndpointServiceConfigurations
ModifyVpcEndpoint
ModifyVpcEndpointServiceConfiguration
ModifyVpcEndpointServicePermissions
RejectVpcEndpointConnections
VPC Flow Logs:
CreateFlowLogs
DeleteFlowLogs
VPC Network Peer:
AcceptVpcPeeringConnection
CreateVpcPeeringConnection
DeleteVpcPeeringConnection
RejectVpcPeeringConnection
VPCs:
AssociateDhcpOptions
AssociateVpcCidrBlock
CreateTags
CreateVpc
DeleteTags
DeleteVpc
DisassociateVpcCidrBlock
VPC Subnets:
CreateSubnet
CreateTags
DeleteSubnet
DeleteTags
VPC Traffic Mirror Targets:
CreateTrafficMirrorTarget
DeleteTrafficMirrorTarget
Workspaces:
CreateWorkspaces
ModifyWorkspaceProperties
RebootWorkspaces
StartWorkspaces
StopWorkspaces
TerminateWorkspaces
Updated 3 months ago