Describes the status of the StartReportCreation operation.
You can call this operation only from the organization's master account and from the us-east-1 Region.
" }, "GetComplianceSummary":{ "name":"GetComplianceSummary", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetComplianceSummaryInput"}, "output":{"shape":"GetComplianceSummaryOutput"}, "errors":[ {"shape":"ConstraintViolationException"}, {"shape":"InternalServiceException"}, {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], "documentation":"Returns a table that shows counts of resources that are noncompliant with their tag policies.
For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.
You can call this operation only from the organization's master account and from the us-east-1 Region.
" }, "GetResources":{ "name":"GetResources", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetResourcesInput"}, "output":{"shape":"GetResourcesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], "documentation":"Returns all the tagged or previously tagged resources that are located in the specified Region for the AWS account.
Depending on what information you want returned, you can also specify the following:
Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.
Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.
You can check the PaginationToken response parameter to determine if a query is complete. Queries occasionally return fewer results on a page than allowed. The PaginationToken response parameter value is null only when there are no more results to display.
Returns all tag keys in the specified Region for the AWS account.
" }, "GetTagValues":{ "name":"GetTagValues", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"GetTagValuesInput"}, "output":{"shape":"GetTagValuesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], "documentation":"Returns all tag values for the specified key in the specified Region for the AWS account.
" }, "StartReportCreation":{ "name":"StartReportCreation", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"StartReportCreationInput"}, "output":{"shape":"StartReportCreationOutput"}, "errors":[ {"shape":"ConcurrentModificationException"}, {"shape":"ConstraintViolationException"}, {"shape":"InternalServiceException"}, {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], "documentation":"Generates a report that lists all tagged resources in accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily.
The generated report is saved to the following location:
s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv
You can call this operation only from the organization's master account and from the us-east-1 Region.
" }, "TagResources":{ "name":"TagResources", "http":{ "method":"POST", "requestUri":"/" }, "input":{"shape":"TagResourcesInput"}, "output":{"shape":"TagResourcesOutput"}, "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"}, {"shape":"InternalServiceException"} ], "documentation":"Applies one or more tags to the specified resources. Note the following:
Not all resources can have tags. For a list of services that support tagging, see this list.
Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the AWS General Reference.
You can only tag resources that are located in the specified Region for the AWS account.
To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see this list.
Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:
To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see this list.
You can only tag resources that are located in the specified Region for the AWS account.
These tag keys on the resource are noncompliant with the effective tag policy.
" }, "KeysWithNoncompliantValues":{ "shape":"TagKeyList", "documentation":"These are keys defined in the effective policy that are on the resource with either incorrect case treatment or noncompliant values.
" }, "ComplianceStatus":{ "shape":"ComplianceStatus", "documentation":"Whether a resource is compliant with the effective tag policy.
" } }, "documentation":"Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.
" }, "ComplianceStatus":{"type":"boolean"}, "ConcurrentModificationException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"The target of the operation is currently being modified by a different request. Try again later.
", "exception":true }, "ConstraintViolationException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"The request was denied because performing this operation violates a constraint.
Some of the reasons in the following list might not apply to this specific operation.
You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.
You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.
You must have a tag policy attached to the organization root, an OU, or an account.
Reports the status of the operation.
The operation status can be one of the following:
RUNNING - Report creation is in progress.
SUCCEEDED - Report creation is complete. You can open the report from the Amazon S3 bucket that you specified when you ran StartReportCreation.
FAILED - Report creation timed out or the Amazon S3 bucket is not accessible.
NO REPORT - No report was generated in the last 90 days.
The path to the Amazon S3 bucket where the report was stored on creation.
" }, "ErrorMessage":{ "shape":"ErrorMessage", "documentation":"Details of the common errors that all operations return.
" } } }, "ErrorCode":{ "type":"string", "enum":[ "InternalServiceException", "InvalidParameterException" ] }, "ErrorMessage":{"type":"string"}, "ExceptionMessage":{ "type":"string", "max":2048, "min":0 }, "ExcludeCompliantResources":{"type":"boolean"}, "FailedResourcesMap":{ "type":"map", "key":{"shape":"ResourceARN"}, "value":{"shape":"FailureInfo"} }, "FailureInfo":{ "type":"structure", "members":{ "StatusCode":{ "shape":"StatusCode", "documentation":"The HTTP status code of the common error.
" }, "ErrorCode":{ "shape":"ErrorCode", "documentation":"The code of the common error. Valid values include InternalServiceException, InvalidParameterException, and any valid error code returned by the AWS service that hosts the resource that you want to tag.
The message of the common error.
" } }, "documentation":"Information about the errors that are returned for each failed resource. This information can include InternalServiceException and InvalidParameterException errors. It can also include any valid error code returned by the AWS service that hosts the resource that the ARN key represents.
The following are common error codes that you might receive from other AWS services:
InternalServiceException – This can mean that the Resource Groups Tagging API didn't receive a response from another AWS service. It can also mean the the resource type in the request is not supported by the Resource Groups Tagging API. In these cases, it's safe to retry the request and then call GetResources to verify the changes.
AccessDeniedException – This can mean that you need permission to calling tagging operations in the AWS service that contains the resource. For example, to use the Resource Groups Tagging API to tag a CloudWatch alarm resource, you need permission to call TagResources and TagResource in the CloudWatch API.
For more information on errors that are generated from other AWS services, see the documentation for that service.
" }, "GetComplianceSummaryInput":{ "type":"structure", "members":{ "TargetIdFilters":{ "shape":"TargetIdFilterList", "documentation":"The target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.
" }, "RegionFilters":{ "shape":"RegionFilterList", "documentation":"A list of Regions to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.
" }, "ResourceTypeFilters":{ "shape":"ResourceTypeFilterList", "documentation":"The constraints on the resources that you want returned. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
For a list of service name strings, see AWS Service Namespaces.
For resource type strings, see Example ARNs.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
" }, "TagKeyFilters":{ "shape":"TagKeyFilterList", "documentation":"A list of tag keys to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.
" }, "GroupBy":{ "shape":"GroupBy", "documentation":"A list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.
" }, "MaxResults":{ "shape":"MaxResultsGetComplianceSummary", "documentation":"A limit that restricts the number of results that are returned per page.
" }, "PaginationToken":{ "shape":"PaginationToken", "documentation":"A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.
A table that shows counts of noncompliant resources.
" }, "PaginationToken":{ "shape":"PaginationToken", "documentation":"A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.
A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.
A list of TagFilters (keys and values). Each TagFilter specified must contain a key with values as optional. A request can include up to 50 keys, and each key can include up to 20 values.
Note the following when deciding how to use TagFilters:
If you do specify a TagFilter, the response returns only those resources that are currently associated with the specified tag.
If you don't specify a TagFilter, the response includes all resources that were ever associated with tags. Resources that currently don't have associated tags are shown with an empty tag set, like this: \"Tags\": [].
If you specify more than one filter in a single request, the response returns only those resources that satisfy all specified filters.
If you specify a filter that contains more than one value for a key, the response returns resources that match any of the specified values for that key.
If you don't specify any values for a key, the response returns resources that are tagged with that key irrespective of the value.
For example, for filters: filter1 = {key1, {value1}}, filter2 = {key2, {value2,value3,value4}} , filter3 = {key3}:
GetResources( {filter1} ) returns resources tagged with key1=value1
GetResources( {filter2} ) returns resources tagged with key2=value2 or key2=value3 or key2=value4
GetResources( {filter3} ) returns resources tagged with any tag containing key3 as its tag key, irrespective of its value
GetResources( {filter1,filter2,filter3} ) returns resources tagged with ( key1=value1) and ( key2=value2 or key2=value3 or key2=value4) and (key3, irrespective of the value)
A limit that restricts the number of resources returned by GetResources in paginated output. You can set ResourcesPerPage to a minimum of 1 item and the maximum of 100 items.
" }, "TagsPerPage":{ "shape":"TagsPerPage", "documentation":"AWS recommends using ResourcesPerPage instead of this parameter.
A limit that restricts the number of tags (key and value pairs) returned by GetResources in paginated output. A resource with no tags is counted as having one tag (one key and value pair).
GetResources does not split a resource and its associated tags across pages. If the specified TagsPerPage would cause such a break, a PaginationToken is returned in place of the affected resource and its tags. Use that token in another request to get the remaining data. For example, if you specify a TagsPerPage of 100 and the account has 22 resources with 10 tags each (meaning that each resource has 10 key and value pairs), the output will consist of three pages. The first page displays the first 10 resources, each with its 10 tags. The second page displays the next 10 resources, each with its 10 tags. The third page displays the remaining 2 resources, each with its 10 tags.
You can set TagsPerPage to a minimum of 100 items and the maximum of 500 items.
The constraints on the resources that you want returned. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:
For a list of service name strings, see AWS Service Namespaces.
For resource type strings, see Example ARNs.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
" }, "IncludeComplianceDetails":{ "shape":"IncludeComplianceDetails", "documentation":"Specifies whether to include details regarding the compliance with the effective tag policy. Set this to true to determine whether resources are compliant with the tag policy and to get details.
Specifies whether to exclude resources that are compliant with the tag policy. Set this to true if you are interested in retrieving information on noncompliant resources only.
You can use this parameter only if the IncludeComplianceDetails parameter is also set to true.
A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.
A list of resource ARNs and the tags (keys and values) associated with each.
" } } }, "GetTagKeysInput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.
A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.
A list of all tag keys in the AWS account.
" } } }, "GetTagValuesInput":{ "type":"structure", "required":["Key"], "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"A string that indicates that additional data is available. Leave this value empty for your initial request. If the response includes a PaginationToken, use that string for this value to request an additional page of data.
The key for which you want to list all existing values in the specified Region for the AWS account.
" } } }, "GetTagValuesOutput":{ "type":"structure", "members":{ "PaginationToken":{ "shape":"PaginationToken", "documentation":"A string that indicates that the response contains more data than can be returned in a single response. To receive additional data, specify this string for the PaginationToken value in a subsequent request.
A list of all tag values for the specified key in the AWS account.
" } } }, "GroupBy":{ "type":"list", "member":{"shape":"GroupByAttribute"} }, "GroupByAttribute":{ "type":"string", "enum":[ "TARGET_ID", "REGION", "RESOURCE_TYPE" ] }, "IncludeComplianceDetails":{"type":"boolean"}, "InternalServiceException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"The request processing failed because of an unknown error, exception, or failure. You can retry the request.
", "exception":true, "fault":true }, "InvalidParameterException":{ "type":"structure", "members":{ "Message":{"shape":"ExceptionMessage"} }, "documentation":"This error indicates one of the following:
A parameter is missing.
A malformed string was supplied for the request parameter.
An out-of-range value was supplied for the request parameter.
The target ID is invalid, unsupported, or doesn't exist.
You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.
A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.
The ARN of the resource.
" }, "Tags":{ "shape":"TagList", "documentation":"The tags that have been applied to one or more AWS resources.
" }, "ComplianceDetails":{ "shape":"ComplianceDetails", "documentation":"Information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.
" } }, "documentation":"A list of resource ARNs and the tags (keys and values) that are associated with each.
" }, "ResourceTagMappingList":{ "type":"list", "member":{"shape":"ResourceTagMapping"} }, "ResourceTypeFilterList":{ "type":"list", "member":{"shape":"AmazonResourceType"} }, "ResourcesPerPage":{"type":"integer"}, "S3Bucket":{ "type":"string", "max":63, "min":3, "pattern":"[\\s\\S]*" }, "S3Location":{"type":"string"}, "StartReportCreationInput":{ "type":"structure", "required":["S3Bucket"], "members":{ "S3Bucket":{ "shape":"S3Bucket", "documentation":"The name of the Amazon S3 bucket where the report will be stored; for example:
awsexamplebucket
For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.
" } } }, "StartReportCreationOutput":{ "type":"structure", "members":{ } }, "Status":{"type":"string"}, "StatusCode":{"type":"integer"}, "Summary":{ "type":"structure", "members":{ "LastUpdated":{ "shape":"LastUpdated", "documentation":"The timestamp that shows when this summary was generated in this Region.
" }, "TargetId":{ "shape":"TargetId", "documentation":"The account identifier or the root identifier of the organization. If you don't know the root ID, you can call the AWS Organizations ListRoots API.
" }, "TargetIdType":{ "shape":"TargetIdType", "documentation":"Whether the target is an account, an OU, or the organization root.
" }, "Region":{ "shape":"Region", "documentation":"The AWS Region that the summary applies to.
" }, "ResourceType":{ "shape":"AmazonResourceType", "documentation":"The AWS resource type.
" }, "NonCompliantResources":{ "shape":"NonCompliantResources", "documentation":"The count of noncompliant resources.
" } }, "documentation":"A count of noncompliant resources.
" }, "SummaryList":{ "type":"list", "member":{"shape":"Summary"} }, "Tag":{ "type":"structure", "required":[ "Key", "Value" ], "members":{ "Key":{ "shape":"TagKey", "documentation":"One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
" }, "Value":{ "shape":"TagValue", "documentation":"The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
" } }, "documentation":"The metadata that you apply to AWS resources to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. For more information, see Tagging AWS Resources in the AWS General Reference.
" }, "TagFilter":{ "type":"structure", "members":{ "Key":{ "shape":"TagKey", "documentation":"One part of a key-value pair that makes up a tag. A key is a general label that acts like a category for more specific tag values.
" }, "Values":{ "shape":"TagValueList", "documentation":"The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
" } }, "documentation":"A list of tags (keys and values) that are used to specify the associated resources.
" }, "TagFilterList":{ "type":"list", "member":{"shape":"TagFilter"}, "max":50, "min":0 }, "TagKey":{ "type":"string", "max":128, "min":1, "pattern":"[\\s\\S]*" }, "TagKeyFilterList":{ "type":"list", "member":{"shape":"TagKey"}, "max":50, "min":1 }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"} }, "TagKeyListForUntag":{ "type":"list", "member":{"shape":"TagKey"}, "max":50, "min":1 }, "TagList":{ "type":"list", "member":{"shape":"Tag"} }, "TagMap":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":50, "min":1 }, "TagResourcesInput":{ "type":"structure", "required":[ "ResourceARNList", "Tags" ], "members":{ "ResourceARNList":{ "shape":"ResourceARNList", "documentation":"A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource. You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to tag. An ARN can be set to a maximum of 1600 characters. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
" }, "Tags":{ "shape":"TagMap", "documentation":"The tags that you want to add to the specified resources. A tag consists of a key and a value that you define.
" } } }, "TagResourcesOutput":{ "type":"structure", "members":{ "FailedResourcesMap":{ "shape":"FailedResourcesMap", "documentation":"A map containing a key-value pair for each failed item that couldn't be tagged. The key is the ARN of the failed resource. The value is a FailureInfo object that contains an error code, a status code, and an error message. If there are no errors, the FailedResourcesMap is empty.
The request was denied to limit the frequency of submitted requests.
", "exception":true }, "UntagResourcesInput":{ "type":"structure", "required":[ "ResourceARNList", "TagKeys" ], "members":{ "ResourceARNList":{ "shape":"ResourceARNList", "documentation":"A list of ARNs. An ARN (Amazon Resource Name) uniquely identifies a resource. You can specify a minimum of 1 and a maximum of 20 ARNs (resources) to untag. An ARN can be set to a maximum of 1600 characters. For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
" }, "TagKeys":{ "shape":"TagKeyListForUntag", "documentation":"A list of the tag keys that you want to remove from the specified resources.
" } } }, "UntagResourcesOutput":{ "type":"structure", "members":{ "FailedResourcesMap":{ "shape":"FailedResourcesMap", "documentation":"Details of resources that could not be untagged. An error code, status code, and error message are returned for each failed item.
" } } } }, "documentation":"This guide describes the API operations for the resource groups tagging.
A tag is a label that you assign to an AWS resource. A tag consists of a key and a value, both of which you define. For example, if you have two Amazon EC2 instances, you might assign both a tag key of \"Stack.\" But the value of \"Stack\" might be \"Testing\" for one and \"Production\" for the other.
Tagging can help you organize your resources and enables you to simplify resource management, access management and cost allocation.
You can use the resource groups tagging API operations to complete the following tasks:
Tag and untag supported resources located in the specified Region for the AWS account.
Use tag-based filters to search for resources located in the specified Region for the AWS account.
List all existing tag keys in the specified Region for the AWS account.
List all existing values for the specified key in the specified Region for the AWS account.
To use resource groups tagging API operations, you must add the following permissions to your IAM policy:
tag:GetResources
tag:TagResources
tag:UntagResources
tag:GetTagKeys
tag:GetTagValues
You'll also need permissions to access the resources of individual services so that you can tag and untag those resources.
For more information on IAM policies, see Managing IAM Policies in the IAM User Guide.
You can use the Resource Groups Tagging API to tag resources for the following AWS services.
Alexa for Business (a4b)
API Gateway
Amazon AppStream
AWS AppSync
AWS App Mesh
Amazon Athena
Amazon Aurora
AWS Backup
AWS Certificate Manager
AWS Certificate Manager Private CA
Amazon Cloud Directory
AWS CloudFormation
Amazon CloudFront
AWS CloudHSM
AWS CloudTrail
Amazon CloudWatch (alarms only)
Amazon CloudWatch Events
Amazon CloudWatch Logs
AWS CodeBuild
AWS CodeCommit
AWS CodePipeline
AWS CodeStar
Amazon Cognito Identity
Amazon Cognito User Pools
Amazon Comprehend
AWS Config
AWS Data Exchange
AWS Data Pipeline
AWS Database Migration Service
AWS DataSync
AWS Device Farm
AWS Direct Connect
AWS Directory Service
Amazon DynamoDB
Amazon EBS
Amazon EC2
Amazon ECR
Amazon ECS
Amazon EKS
AWS Elastic Beanstalk
Amazon Elastic File System
Elastic Load Balancing
Amazon ElastiCache
Amazon Elasticsearch Service
AWS Elemental MediaLive
AWS Elemental MediaPackage
AWS Elemental MediaTailor
Amazon EMR
Amazon FSx
Amazon S3 Glacier
AWS Glue
Amazon GuardDuty
Amazon Inspector
AWS IoT Analytics
AWS IoT Core
AWS IoT Device Defender
AWS IoT Device Management
AWS IoT Events
AWS IoT Greengrass
AWS IoT 1-Click
AWS Key Management Service
Amazon Kinesis
Amazon Kinesis Data Analytics
Amazon Kinesis Data Firehose
AWS Lambda
AWS License Manager
Amazon Machine Learning
Amazon MQ
Amazon MSK
Amazon Neptune
AWS OpsWorks
AWS Organizations
Amazon Quantum Ledger Database (QLDB)
Amazon RDS
Amazon Redshift
AWS Resource Access Manager
AWS Resource Groups
AWS RoboMaker
Amazon Route 53
Amazon Route 53 Resolver
Amazon S3 (buckets only)
Amazon SageMaker
AWS Secrets Manager
AWS Security Hub
AWS Service Catalog
Amazon Simple Notification Service (SNS)
Amazon Simple Queue Service (SQS)
Amazon Simple Workflow Service
AWS Step Functions
AWS Storage Gateway
AWS Systems Manager
AWS Transfer for SFTP
Amazon VPC
Amazon WorkSpaces