AWS services that work with IAM
The AWS services listed below are grouped by their AWS product categories
-
Service – You can choose the name of a service to view the AWS documentation about IAM authorization and access for that service.
-
Actions – You can specify individual actions in a policy. If the service does not support this feature, then All actions is selected in the visual editor. In a JSON policy document, you must use
*
in theAction
element. For a list of actions in each service, see Actions, Resources, and Condition Keys for AWS Services. -
Resource-level permissions – You can use ARNs to specify individual resources in the policy. If the service does not support this feature, then All resources is chosen in the policy visual editor. In a JSON policy document, you must use
*
in theResource
element. Some actions, such asList*
actions, do not support specifying an ARN because they are designed to return multiple resources. If a service supports this feature for some resources but not others, it is indicated by yellow cells in the table. See the documentation for that service for more information. -
Resource-based policies – You can attach resource-based policies to a resource within the service. Resource-based policies include a
Principal
element to specify which IAM identities can access that resource. For more information, see Identity-based policies and resource-based policies. -
Authorization based on tags – You can use resource tags in the condition of a policy to control access to a resource in the service. You do this using the aws:ResourceTag global condition key or service-specific tags, such as
ec2:ResourceTag
. For more information about defining permissions based on attributes such as tags, see What is ABAC for AWS?. -
Temporary credentials – You can use short-term credentials that you obtain when you sign in using SSO, switch roles in the console, or that you generate using AWS STS in the AWS CLI or AWS API. You can access services with a No value only while using your long-term IAM user credentials. This includes a user name and password or your user access keys. For more information, see Temporary security credentials in IAM.
-
Service-linked roles – A service-linked role is a special type of service role that gives the service permission to access resources in other services on your behalf. Choose the
Yes
link to see the documentation for services that support these roles. This column does not indicate if the service uses standard service roles. For more information, see Using service-linked roles. -
More information – If a service doesn't fully support a feature, you can review the footnotes for an entry to view the limitations and links to related information.
Compute services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Batch |
|
|
|
|
|
|
Amazon Elastic Compute Cloud (Amazon EC2) |
|
|
|
|
|
|
Amazon EC2 Auto Scaling |
|
|
|
|
|
|
EC2 Image Builder |
|
|
|
|
|
|
AWS Elastic Beanstalk |
|
|
|
|
|
|
Amazon Elastic Inference |
|
|
|
|
|
|
Elastic Load Balancing |
|
|
|
|
|
|
AWS Lambda |
|
|
|
|
|
|
Amazon Lightsail |
|
|
|
|
|
|
AWS Outposts |
|
|
|
|
|
|
AWS Serverless Application Repository |
|
|
|
|
|
|
¹ Amazon EC2 service-linked roles cannot be created using the AWS Management Console, and can be used only for the following features: Scheduled Instances, Spot Instance Requests, Spot Fleet Requests.
² AWS Lambda doesn't have service-linked roles, but Lambda@Edge does. For more information, see Service-Linked Roles for Lambda@Edge in the Amazon CloudFront Developer Guide.
³ Amazon Lightsail partially supports resource-level permissions and authorization
based on tags. For more information, see Support for resource-level permissions and authorization based on tags in
Amazon Lightsail
Containers services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Elastic Container Registry (Amazon ECR) |
|
|
|
|
|
|
Amazon Elastic Container Registry Public (Amazon ECR Public) |
|
|
|
|
|
|
Amazon Elastic Container Service (Amazon ECS) |
|
|
|
|
|
|
Amazon Elastic Kubernetes Service (Amazon EKS) |
|
|
|
|
|
|
¹ Only some Amazon ECS actions support resource-level permissions.
Storage services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Backup |
|
|
|
|
|
|
AWS Backup Storage |
|
|
|
|
|
|
Amazon Elastic Block Store (Amazon EBS) |
|
|
|
|
|
|
Amazon Elastic File System (Amazon EFS) |
|
|
|
|
|
|
Amazon FSx |
|
|
|
|
|
|
Amazon S3 Glacier |
|
|
|
|
|
|
AWS Import/Export |
|
|
|
|
|
|
Amazon Simple Storage Service (Amazon S3) |
|
|
|
|
|
|
Amazon Simple Storage Service (Amazon S3) on AWS Outposts |
|
|
|
|
|
|
AWS Snowball |
|
|
|
|
|
|
AWS Snowball Edge |
|
|
|
|
|
|
AWS Storage Gateway |
|
|
|
|
|
|
¹ Amazon S3 supports tag-based authorization for only object resources.
² Amazon S3 supports service-linked roles for Amazon S3 Storage Lens.
Database services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon DynamoDB |
|
|
|
|
|
|
Amazon ElastiCache |
|
|
|
|
|
|
Amazon Keyspaces (for Apache Cassandra) |
|
|
|
|
|
|
Amazon Neptune |
|
|
|
|
|
|
Amazon Quantum Ledger Database (Amazon QLDB) |
|
|
|
|
|
|
Amazon Redshift |
|
|
|
|
|
|
Amazon Redshift Data API |
|
|
|
|
|
|
Amazon Relational Database Service (Amazon RDS) |
|
|
|
|
|
|
Amazon RDS Data API |
|
|
|
|
|
|
Amazon SimpleDB |
|
|
|
|
|
|
Amazon Timestream |
|
|
|
|
|
|
Developer tools services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Cloud9 |
|
|
|
|
|
|
AWS CloudShell |
|
|
|
|
|
|
AWS CodeArtifact |
|
|
|
|
|
|
CodeBuild |
|
|
|
|
|
|
CodeCommit |
|
|
|
|
|
|
AWS CodeDeploy |
|
|
|
|
|
|
CodePipeline |
|
|
|
|
|
|
AWS CodeStar |
|
|
|
|
|
|
AWS CodeStar Connections |
|
|
|
|
|
|
AWS CodeStar Notifications |
|
|
|
|
|
|
AWS X-Ray |
|
|
|
|
|
|
¹ CodeBuild supports cross-account resource sharing using AWS RAM.
² CodeBuild supports authorization based on tags for project-based actions.
³ X-Ray supports tag-based access control for groups and sampling rules.
Security, identity, and compliance services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Artifact |
|
|
|
|
|
|
AWS Audit Manager |
|
|
|
|
|
|
Amazon Cognito |
|
|
|
|
|
|
Amazon Detective |
|
|
|
|
|
|
AWS Directory Service |
|
|
|
|
|
|
AWS Firewall Manager |
|
|
|
|
|
|
Amazon GuardDuty |
|
|
|
|
|
|
AWS Identity and Access Management (IAM) |
|
|
|
|
|
|
IAM Access Analyzer |
|
|
|
|
|
|
Amazon Inspector |
|
|
|
|
|
|
Amazon Macie |
|
|
|
|
|
|
Amazon Macie Classic |
|
|
|
|
|
|
AWS Network Firewall |
|
|
|
|
|
|
AWS Resource Access Manager (AWS RAM) |
|
|
|
|
|
|
AWS Secrets Manager |
|
|
|
|
|
|
AWS Security Hub |
|
|
|
|
|
|
AWS Single Sign-On (AWS SSO) |
|
|
|
|
|
|
AWS SSO Directory |
|
|
|
|
|
|
AWS SSO Identity Store |
|
|
|
|
|
|
AWS Security Token Service (AWS STS) |
|
|
|
|
|
|
AWS Shield Advanced |
|
|
|
|
|
|
AWS WAF |
|
|
|
|
|
|
AWS WAF Classic |
|
|
|
|
|
|
¹ IAM supports only one type of resource-based policy called a role trust policy, which is attached to an IAM role. For more information, see Granting a user permissions to switch roles.
² IAM supports tag-based access control for most IAM resources. For more information, see Tagging IAM resources.
³ Only some of the API actions for IAM can be called with temporary credentials. For more information, see Comparing your API options.
⁴ AWS STS does not have "resources," but does allow restricting access in a similar way to users. For more information, see Denying Access to Temporary Security Credentials by Name.
⁵ Only some of the API operations for AWS STS support calling with temporary credentials. For more information, see Comparing your API options.
Cryptography and PKI services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Certificate Manager Private Certificate Authority (ACM) |
|
|
|
|
|
|
AWS Certificate Manager (ACM) |
|
|
|
|
|
|
AWS CloudHSM |
|
|
|
|
|
|
AWS Key Management Service (AWS KMS) |
|
|
|
|
|
|
AWS Signer |
|
|
|
|
|
|
Machine learning services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon CodeGuru |
|
|
|
|
|
|
Amazon CodeGuru Profiler |
|
|
|
|
|
|
Amazon CodeGuru Reviewer |
|
|
|
|
|
|
Amazon Comprehend |
|
|
|
|
|
|
Amazon Comprehend Medical |
|
|
|
|
|
|
AWS DeepComposer |
|
|
|
|
|
|
AWS DeepRacer |
|
|
|
|
|
|
AWS Panorama |
|
|
|
|
|
|
Amazon DevOps Guru |
|
|
|
|
|
|
Amazon Forecast |
|
|
|
|
|
|
Amazon Fraud Detector |
|
|
|
|
|
|
Ground Truth Labeling |
|
|
|
|
|
|
Amazon Kendra |
|
|
|
|
|
|
Amazon Lex |
|
|
|
|
|
|
Amazon Lex V2 |
|
|
|
|
|
|
Amazon Lookout for Equipment |
|
|
|
|
|
|
Amazon Lookout for Metrics |
|
|
|
|
|
|
Amazon Lookout for Vision |
|
|
|
|
|
|
Amazon Monitron |
|
|
|
|
|
|
Amazon Machine Learning |
|
|
|
|
|
|
Amazon Personalize |
|
|
|
|
|
|
Amazon Polly |
|
|
|
|
|
|
Amazon Rekognition |
|
|
|
|
|
|
Amazon SageMaker |
|
|
|
|
|
|
Amazon Textract |
|
|
|
|
|
|
Amazon Transcribe |
|
|
|
|
|
|
Amazon Translate |
|
|
|
|
|
|
Management and governance services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Application Auto Scaling |
|
|
|
|
|
|
AWS AppConfig |
|
|
|
|
|
|
AWS Auto Scaling |
|
|
|
|
|
|
AWS Chatbot |
|
|
|
|
|
|
AWS CloudFormation |
|
|
|
|
|
|
AWS CloudTrail |
|
|
|
|
|
|
Amazon CloudWatch |
|
|
|
|
|
|
Amazon CloudWatch Application Insights |
|
|
|
|
|
|
Amazon CloudWatch Events |
|
|
|
|
|
|
Amazon CloudWatch Logs |
|
|
|
|
|
|
Amazon CloudWatch Synthetics |
|
|
|
|
|
|
AWS Compute Optimizer |
|
|
|
|
|
|
AWS Config |
|
|
|
|
|
|
Amazon Data Lifecycle Manager |
|
|
|
|
|
|
AWS Health |
|
|
|
|
|
|
AWS License Manager |
|
|
|
|
|
|
Amazon Managed Service for Grafana |
|
|
|
|
|
|
Amazon Managed Service for Prometheus |
|
|
|
|
|
|
AWS OpsWorks |
|
|
|
|
|
|
AWS OpsWorks for Chef Automate |
|
|
|
|
|
|
AWS OpsWorks Configuration Management |
|
|
|
|
|
|
AWS Organizations |
|
|
|
|
|
|
AWS Proton |
|
|
|
|
|
|
AWS Resource Groups |
|
|
|
|
|
|
Resource Groups Tagging API |
|
|
|
|
|
|
AWS Service Catalog |
|
|
|
|
|
|
AWS Systems Manager |
|
|
|
|
|
|
AWS Tag Editor |
|
|
|
|
|
|
AWS Trusted Advisor |
|
|
|
|
|
|
AWS Well-Architected Tool |
|
|
|
|
|
|
Service Quotas |
|
|
|
|
|
|
¹ Amazon CloudWatch service-linked roles cannot be created using the AWS Management Console, and support only the Alarm Actions feature.
² AWS Config supports resource-level permissions for multi-account multi-Region data aggregation and AWS Config Rules. For a list of supported resources, see the Multi-Account Multi-Region Data Aggregation section and AWS Config Rules section of AWS Config API Guide.
³ Users can assume a role with a policy that allows AWS Resource Groups operations.
⁴ AWS Service Catalog supports tag-based access control for only actions that match API operations with one resource in the input.
⁵ API access to Trusted Advisor is through the AWS Support API and is controlled by AWS Support IAM policies.
Migration and transfer services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Application Discovery Service |
|
|
|
|
|
|
AWS Application Discovery Arsenal |
|
|
|
|
|
|
AWS Connector Service |
|
|
|
|
|
|
AWS Transfer for SFTP |
|
|
|
|
|
|
AWS Database Migration Service |
|
|
|
|
|
|
AWS DataSync |
|
|
|
|
|
|
AWS Migration Hub |
|
|
|
|
|
|
AWS Server Migration Service |
|
|
|
|
|
|
¹ You can create and modify policies that are attached to AWS KMS encryption keys you create to encrypt data migrated to supported target endpoints. The supported target endpoints include Amazon Redshift and Amazon S3. For more information, see Creating and Using AWS KMS Keys to Encrypt Amazon Redshift Target Data and Creating AWS KMS Keys to Encrypt Amazon S3 Target Objects in the AWS Database Migration Service User Guide.
Mobile services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Amplify |
|
|
|
|
|
|
AWS Amplify Admin |
|
|
|
|
|
|
AWS AppSync |
|
|
|
|
|
|
AWS Device Farm |
|
|
|
|
|
|
Amazon Location |
|
|
|
|
|
|
Networking and content delivery services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon API Gateway |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AWS Direct Connect |
|
|
|
|
|
|
AWS Global Accelerator |
|
|
|
|
|
|
Network Manager |
|
|
|
|
|
|
Amazon Route 53 |
|
|
|
|
|
|
Amazon Route 53 Resolver |
|
|
|
|
|
|
AWS Tiros |
|
|
|
|
|
|
Amazon Virtual Private Cloud (Amazon VPC) |
|
|
|
|
|
|
¹ In an IAM user policy, you cannot restrict permissions to a specific Amazon VPC
endpoint. Any Action
element that includes the ec2:*VpcEndpoint*
or
ec2:DescribePrefixLists
API actions must specify ""Resource":
"*"
". For more information, see Controlling the Use of
Endpoints in the Amazon VPC User Guide.
² Amazon VPC supports attaching a single resource policy to a VPC endpoint to restrict what can be accessed through that endpoint. For more information about using resource-based policies to control access to resources from specific Amazon VPC endpoints, see Using Endpoint Policies in the Amazon VPC User Guide.
³ Amazon CloudFront doesn't have service-linked roles, but Lambda@Edge does. For more information, see Service-Linked Roles for Lambda@Edge in the Amazon CloudFront Developer Guide.
Media services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Elastic Transcoder |
|
|
|
|
|
|
AWS Elemental Appliances and Software |
|
|
|
|
|
|
AWS Elemental Appliances and Software Activation Service |
|
|
|
|
|
|
AWS Elemental MediaConnect |
|
|
|
|
|
|
AWS Elemental MediaConvert |
|
|
|
|
|
|
AWS Elemental MediaLive |
|
|
|
|
|
|
AWS Elemental MediaPackage |
|
|
|
|
|
|
AWS Elemental MediaPackage VOD |
|
|
|
|
|
|
AWS Elemental MediaStore |
|
|
|
|
|
|
AWS Elemental MediaTailor |
|
|
|
|
|
|
AWS Elemental Support Cases |
|
|
|
|
|
|
AWS Elemental Support Content |
|
|
|
|
|
|
Amazon Interactive Video Service |
|
|
|
|
|
|
Kinesis Video Streams |
|
|
|
|
|
|
Analytics services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Athena |
|
|
|
|
|
|
Amazon CloudSearch |
|
|
|
|
|
|
AWS Data Exchange |
|
|
|
|
|
|
AWS Data Pipeline |
|
|
|
|
|
|
Amazon Elasticsearch Service |
|
|
|
|
|
|
Amazon EMR |
|
|
|
|
|
|
Amazon EMR on EKS (EMR Containers) |
|
|
|
|
|
|
AWS Glue |
|
|
|
|
|
|
AWS Glue DataBrew |
|
|
|
|
|
|
Amazon Kinesis Data Analytics |
|
|
|
|
|
|
Amazon Kinesis Data Analytics V2 |
|
|
|
|
|
|
Amazon Kinesis Data Firehose |
|
|
|
|
|
|
Amazon Kinesis Data Streams |
|
|
|
|
|
|
AWS Lake Formation |
|
|
|
|
|
|
Amazon Managed Streaming for Apache Kafka (MSK) |
|
|
|
|
|
|
Amazon Managed Workflows for Apache Airflow |
|
|
|
|
|
|
Amazon QuickSight |
|
|
|
|
|
|
Application integration services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon AppFlow |
|
|
|
|
|
|
Amazon EventBridge |
|
|
|
|
|
|
Amazon EventBridge Schemas |
|
|
|
|
|
|
Amazon MQ |
|
|
|
|
|
|
Amazon Simple Notification Service (Amazon SNS) |
|
|
|
|
|
|
Amazon Simple Queue Service (Amazon SQS) |
|
|
|
|
|
|
AWS Step Functions |
|
|
|
|
|
|
Amazon Simple Workflow Service (Amazon SWF) |
|
|
|
|
|
|
Business applications services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Alexa for Business |
|
|
|
|
|
|
Amazon Chime |
|
|
|
|
|
|
Amazon Honeycode |
|
|
|
|
|
|
Amazon WorkMail |
|
|
|
|
|
|
Satellite services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS Ground Station |
|
|
|
|
|
|
Internet of Things services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS IoT 1-Click |
|
|
|
|
|
|
AWS IoT Greengrass |
|
|
|
|
|
|
AWS IoT Greengrass V2 |
|
|
|
|
|
|
AWS IoT |
|
|
|
|
|
|
AWS IoT Analytics |
|
|
|
|
|
|
AWS IoT Core Device Advisor |
|
|
|
|
|
|
AWS IoT Core for LoRaWAN |
|
|
|
|
|
|
AWS IoT Device Tester |
|
|
|
|
|
|
AWS IoT Events |
|
|
|
|
|
|
AWS IoT SiteWise |
|
|
|
|
|
|
AWS IoT Things Graph |
|
|
|
|
|
|
Fleet Hub for AWS IoT Device Management |
|
|
|
|
|
|
FreeRTOS |
|
|
|
|
|
|
¹ Devices connected to AWS IoT are authenticated by using X.509 certificates or using Amazon Cognito Identities. You can attach AWS IoT policies to an X.509 certificate or Amazon Cognito Identity to control what the device is authorized to do. For more information, see Security and Identity for AWS IoT in the AWS IoT Developer Guide.
Robotics services
Quantum Computing Services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Braket |
|
|
|
|
|
|
Blockchain services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Managed Blockchain |
|
|
|
|
|
|
Game development services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon GameLift |
|
|
|
|
|
|
AR & VR services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon Sumerian |
|
|
|
|
|
|
Customer enablement services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS IQ |
|
|
|
|
|
|
AWS IQ Permissions |
|
|
|
|
|
|
AWS Support |
|
|
|
|
|
|
Customer engagement services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon AppIntegrations |
|
|
|
|
|
|
Amazon Connect |
|
|
|
|
|
|
Amazon Connect Customer Profiles |
|
|
|
|
|
|
Amazon Pinpoint |
|
|
|
|
|
|
Amazon Pinpoint Email Service |
|
|
|
|
|
|
Amazon Pinpoint SMS and Voice Service |
|
|
|
|
|
|
Amazon Simple Email Service (Amazon SES) |
|
|
|
|
|
|
¹ You can only use resource-level permissions in policy statements that refer to
actions related to sending email, such as ses:SendEmail
or
ses:SendRawEmail
. For policy statements that refer to any other actions, the
Resource element can only contain *
.
² Only the Amazon SES API supports temporary security credentials. The Amazon SES SMTP interface does not support SMTP credentials that are derived from temporary security credentials.
End user computing services
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
Amazon AppStream |
|
|
|
|
|
|
Amazon AppStream 2.0 |
|
|
|
|
|
|
Amazon WAM |
|
|
|
|
|
|
Amazon WorkDocs |
|
|
|
|
|
|
Amazon WorkLink |
|
|
|
|
|
|
Amazon WorkSpaces |
|
|
|
|
|
|
Additional resources
Service | Actions | Resource-level permissions | Resource-based policies | Authorization based on tags | Temporary credentials | Service-linked roles |
---|---|---|---|---|---|---|
AWS
Activate |
|
|
|
|
|
|
AWS Billing and Cost Management |
|
|
|
|
|
|
AWS Budget Service |
|
|
|
|
|
|
AWS Cost and Usage Report |
|
|
|
|
|
|
AWS Cost Explorer |
|
|
|
|
|
|
AWS Marketplace |
|
|
|
|
|
|
AWS Marketplace Catalog |
|
|
|
|
|
|
AWS Marketplace Commerce Analytics Service |
|
|
|
|
|
|
AWS Private Marketplace |
|
|
|
|
|
|
AWS Savings Plans |
|
|
|
|
|
|