Supported Resource Types - AWS Config

Supported Resource Types

Important

This page is updated on a monthly cadence at the beginning of each month.

AWS Config supports the following AWS resources types and resource relationships.

Note

Before specifying a resource type for AWS Config to track, check Resource Coverage by Region Availability to see if the resource type is supported in the AWS Region where you set up AWS Config. If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config, even if the specified resource type is not supported in the AWS Region where you set up AWS Config.

Amazon AppStream

AWS Service Resource Type Value Relationship Related Resource
Amazon AppStream AWS::AppStream::DirectoryConfig NA NA
AWS::AppStream::Application NA NA
AWS::AppStream::Stack NA NA
AWS::AppStream::Fleet NA NA

Amazon AppFlow

AWS Service Resource Type Value Relationship Related Resource
Amazon AppFlow AWS::AppFlow::Flow NA NA

AWS Service Resource Type Value Relationship Related Resource
Amazon AppIntegrations AWS::AppIntegrations::EventIntegration NA NA

Amazon API Gateway

AWS Service Resource Type Value Relationship Related Resource
API Gateway AWS::ApiGateway::Stage is contained in ApiGateway Rest Api
is associated with WAFRegional WebACL
AWS::ApiGateway::RestApi contains ApiGateway Stage
API Gateway V2 AWS::ApiGatewayV2::Stage is contained in ApiGatewayV2 Api
AWS::ApiGatewayV2::Api contains ApiGatewayV2 Stage

To learn more about how AWS Config integrates with Amazon API Gateway, see Monitoring API Gateway API Configuration with AWS Config.

Amazon Athena

AWS Service Resource Type Value Relationship Related Resource
Amazon Athena AWS::Athena::WorkGroup NA NA
AWS::Athena::DataCatalog NA NA
AWS::Athena::PreparedStatement NA NA

Amazon CloudFront

AWS Service Resource Type Value Relationship Related Resource
Amazon CloudFront AWS::CloudFront::Distribution is associated with AWS WAF WebACL
ACM Certificate
S3 Bucket
IAM Server Certificate
AWS::CloudFront::StreamingDistribution is associated with AWS WAF WebACL
ACM Certificate
S3 Bucket
IAM Server Certificate

Amazon CloudWatch

AWS Service Resource Type Value Relationship Related Resource
Amazon CloudWatch AWS::CloudWatch::Alarm NA NA
AWS::CloudWatch::MetricStream NA NA
Amazon CloudWatch Logs AWS::Logs::Destination NA NA
Amazon CloudWatch RUM AWS::RUM::AppMonitor NA NA
Amazon CloudWatch Evidently AWS::Evidently::Project NA NA
AWS::Evidently::Launch NA NA
AWS::Evidently::Segment NA NA

Amazon CodeGuru

AWS Service Resource Type Value Relationship Related Resource
Amazon CodeGuru Reviewer AWS::CodeGuruReviewer::RepositoryAssociation NA NA
Amazon CodeGuru Profiler AWS::CodeGuruProfiler::ProfilingGroup NA NA

Amazon Cognito

AWS Service Resource Type Value Relationship Related Resource
Amazon Cognito AWS::Cognito::UserPool NA NA
AWS::Cognito::UserPoolClient NA NA
AWS::Cognito::UserPoolGroup NA NA

Amazon Connect

AWS Service Resource Type Value Relationship Related Resource
Amazon Connect AWS::Connect::PhoneNumber NA NA
AWS::Connect::QuickConnect NA NA
AWS::Connect::Instance NA NA
Amazon Connect Customer Profiles AWS::CustomerProfiles::Domain NA NA
AWS::CustomerProfiles::ObjectType NA NA

Amazon Detective

AWS Service Resource Type Value Relationship Related Resource
Amazon Detective AWS::Detective::Graph NA NA

Amazon DynamoDB

AWS Service Resource Type Value Relationship Related Resource
Amazon DynamoDB AWS::DynamoDB::Table NA NA

Amazon Elastic Compute Cloud

AWS Service Resource Type Value Relationship Related Resource
Amazon Elastic Compute Cloud AWS::EC2::Host* contains EC2 instance
AWS::EC2::EIP is attached to EC2 instance
Network interface
AWS::EC2::Instance contains EC2 network interface
is associated with EC2 security group
is attached to Amazon EBS volume
EC2 Elastic IP (EIP)
is contained in EC2 Dedicated host
Route table
Subnet
Virtual private cloud (VPC)
AWS::EC2::NetworkInterface is associated with EC2 security group
is attached to EC2 Elastic IP (EIP)
EC2 instance
is contained in Route table
Subnet
Virtual private cloud (VPC)
AWS::EC2::SecurityGroup* is associated with EC2 instance
EC2 network interface
Virtual private cloud (VPC)
AWS::EC2::NatGateway is contained in Virtual private cloud (VPC)
is contained in Subnet
AWS::EC2::EgressOnlyInternetGateway is attached to Virtual private cloud (VPC)
AWS::EC2::EC2Fleet NA NA
AWS::EC2::SpotFleet NA NA
AWS::EC2::PrefixList NA NA
AWS::EC2::FlowLog NA NA
AWS::EC2::TransitGateway NA NA
AWS::EC2::TransitGatewayAttachment NA NA
AWS::EC2::TransitGatewayRouteTable NA NA
AWS::EC2::VPCEndpoint is contained in Virtual private cloud (VPC)
is attached to Network interface
is contained in Subnet
is contained in Route table
AWS::EC2::VPCEndpointService is associated with ElasticLoadBalancingV2 LoadBalancer
AWS::EC2::VPCPeeringConnection is associated with Virtual private cloud (VPC)
AWS::EC2::RegisteredHAInstance is associated with EC2 instance
AWS::EC2::SubnetRouteTableAssociation NA NA
AWS::EC2::LaunchTemplate NA NA
AWS::EC2::NetworkInsightsAccessScopeAnalysis NA NA
AWS::EC2::TrafficMirrorTarget NA NA
AWS::EC2::TrafficMirrorSession NA NA
AWS::EC2::DHCPOptions NA NA
AWS::EC2::IPAM NA NA
AWS::EC2::NetworkInsightsPath NA NA
AWS::EC2::TrafficMirrorFilter NA NA
AWS::EC2::CapacityReservation NA NA
AWS::EC2::ClientVpnEndpoint NA NA
AWS::EC2::CustomerGateway is attached to VPN connection
AWS::EC2::InternetGateway is attached to Virtual private cloud (VPC)
AWS::EC2::NetworkAcl NA NA
AWS::EC2::RouteTable contains EC2 instance
EC2 network interface
Subnet
VPN gateway
is contained in Virtual private cloud (VPC)
AWS::EC2::Subnet contains EC2 instance
EC2 network interface
is attached to Network ACL
is contained in Route table
Virtual private cloud (VPC)
AWS::EC2::VPC contains EC2 instance
EC2 network interface
Network ACL
Route table
Subnet
is associated with Security group
is attached to Internet gateway
VPN gateway
AWS::EC2::VPNConnection is attached to Customer gateway
VPN gateway
AWS::EC2::VPNGateway is attached to Virtual private cloud (VPC)
VPN connection
is contained in Route table
AWS::EC2::IPAMScope NA NA
AWS::EC2::CarrierGateway NA NA
AWS::EC2::TransitGatewayConnect NA NA
AWS::EC2::IPAMPool NA NA
AWS::EC2::TransitGatewayMulticastDomain NA NA
AWS::EC2::NetworkInsightsAccessScope NA NA
AWS::EC2::NetworkInsightsAnalysis NA NA
Amazon Elastic Block Store AWS::EC2::Volume is attached to EC2 instance
EC2 Image Builder AWS::ImageBuilder::ImagePipeline NA NA
AWS::ImageBuilder::DistributionConfiguration NA NA
AWS::ImageBuilder::ContainerRecipe NA NA
AWS::ImageBuilder::InfrastructureConfiguration NA NA
AWS::ImageBuilder::ImageRecipe NA NA

*AWS Config records the configuration details of Dedicated hosts and the instances that you launch on them. As a result, you can use AWS Config as a data source when you report compliance with your server-bound software licenses. For example, you can view the configuration history of an instance and determine which Amazon Machine Image (AMI) it is based on. Then, you can look up the configuration history of the host, which includes details such as the numbers of sockets and cores, to check that the host complies with the license requirements of the AMI. For more information, see Tracking Configuration Changes with AWS Config in the Amazon EC2 User Guide for Linux Instances.

*The EC2 SecurityGroup Properties definition contains IP CIDR blocks, which are converted to IP ranges internally, and may return unexpected results when trying to find a specific IP range. For workarounds to search for specific IP ranges, see Limitations for Advanced Queries.

Amazon Elastic Container Registry

AWS Service Resource Type Value Relationship Related Resource
Amazon Elastic Container Registry AWS::ECR::Repository NA NA
AWS::ECR::RegistryPolicy NA NA
AWS::ECR::PullThroughCacheRule NA NA
Amazon Elastic Container Registry Public AWS::ECR::PublicRepository NA NA

Amazon Elastic Container Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Elastic Container Service AWS::ECS::Cluster NA NA
AWS::ECS::TaskDefinition NA NA
AWS::ECS::Service* NA NA
AWS::ECS::TaskSet NA NA
AWS::ECS::CapacityProvider NA NA

*This service currently only support the new Amazon Resource Name (ARN) format. For more information, see Amazon Resource Names (ARNs) and IDs in the ECS developer guide.

Old (not supported): arn:aws:ecs:region:aws_account_id:service/service-name

New (supported): arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name

Amazon Elastic File System

AWS Service Resource Type Value Relationship Related Resource
Amazon Elastic File System AWS::EFS::FileSystem NA NA
AWS::EFS::AccessPoint NA NA

Amazon Elastic Kubernetes Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Elastic Kubernetes Service AWS::EKS::Cluster NA NA
AWS::EKS::FargateProfile NA NA
AWS::EKS::IdentityProviderConfig NA NA
AWS::EKS::Addon NA NA

Amazon EMR

AWS Service Resource Type Value Relationship Related Resource
Amazon EMR AWS::EMR::SecurityConfiguration NA NA

Amazon EventBridge

AWS Service Resource Type Value Relationship Related Resource
Amazon EventBridge AWS::Events::EventBus NA NA
AWS::Events::ApiDestination NA NA
AWS::Events::Archive NA NA
AWS::Events::Endpoint NA NA
AWS::Events::Connection NA NA
AWS::Events::Rule NA NA
Amazon EventBridge schemas AWS::EventSchemas::RegistryPolicy NA NA
AWS::EventSchemas::Discoverer NA NA
AWS::EventSchemas::Schema NA NA

Amazon Forecast

AWS Service Resource Type Value Relationship Related Resource
Amazon Forecast AWS::Forecast::Dataset NA NA
AWS::Forecast::DatasetGroup NA NA

Amazon Fraud Detector

AWS Service Resource Type Value Relationship Related Resource
Amazon Fraud Detector AWS::FraudDetector::Label NA NA
AWS::FraudDetector::EntityType NA NA
AWS::FraudDetector::Variable NA NA
AWS::FraudDetector::Outcome NA NA

Amazon GuardDuty

AWS Service Resource Type Value Relationship Related Resource
Amazon GuardDuty AWS::GuardDuty::Detector NA NA
AWS::GuardDuty::ThreatIntelSet NA NA
AWS::GuardDuty::IPSet NA NA
AWS::GuardDuty::Filter NA NA

Amazon Inspector

AWS Service Resource Type Value Relationship Related Resource
Amazon Inspector AWS::InspectorV2::Filter NA NA

Amazon Interactive Video Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Interactive Video Service AWS::IVS::Channel NA NA
AWS::IVS::RecordingConfiguration NA NA
AWS::IVS::PlaybackKeyPair NA NA

Amazon Keyspaces (for Apache Cassandra)

AWS Service Resource Type Value Relationship Related Resource
Amazon Keyspaces (for Apache Cassandra) AWS::Cassandra::Keyspace NA NA

Amazon OpenSearch Service

AWS Service Resource Type Value Relationship Related Resource
Amazon OpenSearch Service AWS::Elasticsearch::Domain is associated with KMS Key
EC2 security group
EC2 subnet
Virtual private cloud (VPC)
AWS::OpenSearch::Domain NA NA
Note

On September 8, 2021, Amazon Elasticsearch Service was renamed to Amazon OpenSearch Service. OpenSearch Service supports OpenSearch as well as legacy Elasticsearch OSS. For more information, see Amazon OpenSearch Service - Summary of changes.

You may continue to see your data for AWS::OpenSearch::Domain under the existing AWS::Elasticsearch::Domain resource type for several weeks, even if you upgrade one or more domains to OpenSearch.

Amazon Personalize

AWS Service Resource Type Value Relationship Related Resource
Amazon Personalize AWS::Personalize::Dataset NA NA
AWS::Personalize::Schema NA NA
AWS::Personalize::Solution NA NA
AWS::Personalize::DatasetGroup NA NA

Amazon Pinpoint

AWS Service Resource Type Value Relationship Related Resource
Amazon Pinpoint AWS::Pinpoint::ApplicationSettings NA NA
AWS::Pinpoint::Segment NA NA
AWS::Pinpoint::App NA NA
AWS::Pinpoint::Campaign NA NA
AWS::Pinpoint::InAppTemplate NA NA
AWS::Pinpoint::EmailChannel NA NA
AWS::Pinpoint::EmailTemplate NA NA
AWS::Pinpoint::EventStream NA NA

Amazon Quantum Ledger Database (Amazon QLDB)

AWS Service Resource Type Value Relationship Related Resource
Amazon QLDB AWS::QLDB::Ledger NA NA

Amazon Kendra

AWS Service Resource Type Value Relationship Related Resource
Amazon Kendra AWS::Kendra::Index NA NA

Amazon Kinesis

AWS Service Resource Type Value Relationship Related Resource
Amazon Kinesis AWS::Kinesis::Stream NA NA
AWS::Kinesis::StreamConsumer NA NA
Amazon Kinesis Analytics V2 AWS::KinesisAnalyticsV2::Application NA NA
Amazon Data Firehose AWS::KinesisFirehose::DeliveryStream NA NA
Kinesis video stream AWS::KinesisVideo::SignalingChannel NA NA
AWS::KinesisVideo::Stream NA NA

Amazon Lex

AWS Service Resource Type Value Relationship Related Resource
Amazon Lex AWS::Lex::BotAlias NA NA
AWS::Lex::Bot NA NA

Amazon Lightsail

AWS Service Resource Type Value Relationship Related Resource
Amazon Lightsail AWS::Lightsail::Disk NA NA
AWS::Lightsail::Certificate NA NA
AWS::Lightsail::Bucket NA NA
AWS::Lightsail::StaticIp NA NA

Amazon Lookout for Metrics

AWS Service Resource Type Value Relationship Related Resource
Amazon Lookout for Metrics AWS::LookoutMetrics::Alert NA NA

Amazon Lookout for Vision

AWS Service Resource Type Value Relationship Related Resource
Amazon Lookout for Vision AWS::LookoutVision::Project NA NA

Amazon Managed Grafana

AWS Service Resource Type Value Relationship Related Resource
Amazon Managed Grafana AWS::Grafana::Workspace NA NA

Amazon Managed Service for Prometheus

AWS Service Resource Type Value Relationship Related Resource
Amazon Managed Service for Prometheus AWS::APS::RuleGroupsNamespace NA NA

Amazon MemoryDB for Redis

AWS Service Resource Type Value Relationship Related Resource
Amazon MemoryDB for Redis AWS::MemoryDB::SubnetGroup NA NA

Amazon MQ

AWS Service Resource Type Value Relationship Related Resource
Amazon MQ AWS::AmazonMQ::Broker NA NA

Amazon Managed Streaming for Apache Kafka

AWS Service Resource Type Value Relationship Related Resource
Amazon Managed Streaming for Apache Kafka AWS::MSK::Cluster NA NA
AWS::MSK::Configuration NA NA
AWS::MSK::BatchScramSecret NA NA
AWS::MSK::ClusterPolicy NA NA
AWS::MSK::VpcConnection NA NA
Amazon Managed Streaming for Apache Kafka Connect AWS::KafkaConnect::Connector NA NA

Amazon Redshift

AWS Service Resource Type Value Relationship Related Resource
Amazon Redshift AWS::Redshift::Cluster is associated with Cluster parameter group
Cluster security group
Cluster subnet group
Security group
Virtual private cloud (VPC)
AWS::Redshift::ClusterParameterGroup NA NA
AWS::Redshift::ClusterSecurityGroup NA NA
AWS::Redshift::ScheduledAction NA NA
AWS::Redshift::ClusterSnapshot is associated with Cluster
Virtual private cloud (VPC)
AWS::Redshift::ClusterSubnetGroup is associated with Subnet
Virtual private cloud (VPC)
AWS::Redshift::EventSubscription NA NA
AWS::Redshift::EndpointAccess NA NA
AWS::Redshift::EndpointAuthorization NA NA

Amazon Relational Database Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Relational Database Service AWS::RDS::DBInstance is associated with EC2 security group
RDS DB security group
RDS DB subnet group
AWS::RDS::DBSecurityGroup is associated with EC2 security group
Virtual private cloud (VPC)
AWS::RDS::DBSnapshot is associated with Virtual private cloud (VPC)
AWS::RDS::DBSubnetGroup is associated with EC2 security group
Virtual private cloud (VPC)
AWS::RDS::EventSubscription NA NA
AWS::RDS::DBCluster contains RDS DB instance
is associated with RDS DB subnet group
EC2 security group
AWS::RDS::DBClusterSnapshot is associated with RDS DB cluster
Virtual private cloud (VPC)
AWS::RDS::GlobalCluster NA NA
AWS::RDS::OptionGroup NA NA

Amazon Route 53

AWS Service Resource Type Value Relationship Related Resource
Amazon Route 53 AWS::Route53::HostedZone NA NA
AWS::Route53::HealthCheck NA NA
Amazon Route 53 Resolver AWS::Route53Resolver::ResolverEndpoint NA NA
AWS::Route53Resolver::ResolverRule NA NA
AWS::Route53Resolver::ResolverRuleAssociation NA NA
AWS::Route53Resolver::FirewallDomainList NA NA
AWS::Route53Resolver::FirewallRuleGroupAssociation NA NA
AWS::Route53Resolver::ResolverQueryLoggingConfig NA NA
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation NA NA
AWS::Route53Resolver::FirewallRuleGroup NA NA
Amazon Route 53 Application Recovery Controller AWS::Route53RecoveryReadiness::Cell NA NA
AWS::Route53RecoveryReadiness::ReadinessCheck NA NA
AWS::Route53RecoveryReadiness::RecoveryGroup NA NA
AWS::Route53RecoveryControl::Cluster NA NA
AWS::Route53RecoveryControl::ControlPanel NA NA
AWS::Route53RecoveryControl::RoutingControl NA NA
AWS::Route53RecoveryControl::SafetyRule NA NA
AWS::Route53RecoveryReadiness::ResourceSet NA NA

Amazon SageMaker

AWS Service Resource Type Value Relationship Related Resource
Amazon SageMaker AWS::SageMaker::CodeRepository NA NA
AWS::SageMaker::Domain NA NA
AWS::SageMaker::AppImageConfig NA NA
AWS::SageMaker::Image NA NA
AWS::SageMaker::Model NA NA
AWS::SageMaker::NotebookInstance NA NA
AWS::SageMaker::NotebookInstanceLifecycleConfig NA NA
AWS::SageMaker::EndpointConfig NA NA
AWS::SageMaker::Workteam NA NA
AWS::SageMaker::FeatureGroup NA NA

Amazon Simple Email Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Simple Email Service AWS::SES::ConfigurationSet NA NA
AWS::SES::ContactList NA NA
AWS::SES::Template NA NA
AWS::SES::ReceiptFilter NA NA
AWS::SES::ReceiptRuleSet NA NA

Amazon Simple Notification Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Simple Notification Service AWS::SNS::Topic NA NA

Amazon Simple Queue Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Simple Queue Service AWS::SQS::Queue NA NA

Amazon Simple Storage Service

AWS Service Resource Type Value Relationship Related Resource
Amazon Simple Storage Service AWS::S3::Bucket* NA NA
AWS::S3::AccountPublicAccessBlock NA NA
AWS::S3::MultiRegionAccessPoint NA NA
AWS::S3::StorageLens NA NA
AWS::S3::AccessPoint NA NA

*If you configured AWS Config to record your S3 buckets, and are not receiving configuration change notifications, check that your S3 bucket policies have the required permissions. For more information, see Managing Permissions for S3 Bucket Recording.

Amazon S3 Bucket Attributes

AWS Config also records the following attributes for the Amazon S3 bucket resource type.

Attributes Description
AccelerateConfiguration Transfer acceleration for data over long distances between your client and a bucket.
BucketAcl Access control list used to manage access to buckets and objects.
BucketPolicy Policy that defines the permissions to the bucket.
CrossOriginConfiguration Allow cross-origin requests to the bucket.
LifecycleConfiguration Rules that define the lifecycle for objects in your bucket.
LoggingConfiguration Logging used to track requests for access to the bucket.
NotificationConfiguration Event notifications used to send alerts or trigger workflows for specified bucket events.
ReplicationConfiguration Automatic, asynchronous copying of objects across buckets in different AWS Regions.
RequestPaymentConfiguration Requester pays is enabled.
TaggingConfiguration Tags added to the bucket to categorize. You can also use tagging to track billing.
WebsiteConfiguration Static website hosting is enabled for the bucket.
VersioningConfiguration Versioning is enabled for objects in the bucket.

For more information about the attributes, see Bucket Configuration Options in the Amazon Simple Storage Service User Guide.

Amazon WorkSpaces

AWS Service Resource Type Value Relationship Related Resource
Amazon WorkSpaces AWS::WorkSpaces::ConnectionAlias NA NA
AWS::WorkSpaces::Workspace NA NA

AWS Amplify

AWS Service Resource Type Value Relationship Related Resource
AWS Amplify AWS::Amplify::App NA NA
AWS::Amplify::Branch NA NA

AWS AppConfig

AWS Service Resource Type Value Relationship Related Resource
AWS AppConfig AWS::AppConfig::Application NA NA
AWS::AppConfig::Environment NA NA
AWS::AppConfig::ConfigurationProfile NA NA
AWS::AppConfig::DeploymentStrategy NA NA
AWS::AppConfig::HostedConfigurationVersion NA NA
AWS::AppConfig::ExtensionAssociation NA NA

AWS App Runner

AWS Service Resource Type Value Relationship Related Resource
AWS App Runner AWS::AppRunner::VpcConnector NA NA
AWS::AppRunner::Service NA NA

AWS App Mesh

AWS Service Resource Type Value Relationship Related Resource
AWS App Mesh AWS::AppMesh::VirtualNode NA NA
AWS::AppMesh::VirtualService NA NA
AWS::AppMesh::VirtualGateway NA NA
AWS::AppMesh::VirtualRouter NA NA
AWS::AppMesh::Route NA NA
AWS::AppMesh::GatewayRoute NA NA
AWS::AppMesh::Mesh NA NA

AWS AppSync

AWS Service Resource Type Value Relationship Related Resource
AWS AppSync AWS::AppSync::GraphQLApi NA NA

AWS Audit Manager

AWS Service Resource Type Value Relationship Related Resource
AWS Audit Manager AWS::AuditManager::Assessment NA NA

AWS Auto Scaling

AWS Service Resource Type Value Relationship Related Resource
AWS Auto Scaling AWS::AutoScaling::AutoScalingGroup contains Amazon EC2 instance
is associated with Classic Load Balancer
Auto Scaling launch configuration
Subnet
AWS::AutoScaling::LaunchConfiguration is associated with Amazon EC2 security group
AWS::AutoScaling::ScalingPolicy is associated with Auto Scaling group
Alarm
AWS::AutoScaling::ScheduledAction is associated with Auto Scaling group
AWS::AutoScaling::WarmPool NA NA

AWS Backup

AWS Service Resource Type Value Relationship Related Resource
AWS Backup AWS::Backup::BackupPlan NA NA*
AWS::Backup::BackupSelection NA NA
AWS::Backup::BackupVault NA NA*
AWS::Backup::RecoveryPoint NA NA
AWS::Backup::ReportPlan NA NA

Due to how AWS Backup works, some of these resource types relate to the other AWS Backup resource types in this table.

AWS::Backup::BackupPlan is related to AWS::Backup::BackupSelection where a Backup Plan has many selections, and AWS::Backup::BackupVault is related to AWS::Backup::RecoveryPoint where an AWS Backup Vault has multiple recovery points.

For more information, see Managing backups using backup plans and Working with backup vaults.

AWS Batch

AWS Service Resource Type Value Relationship Related Resource
AWS Batch AWS::Batch::JobQueue NA NA
AWS::Batch::ComputeEnvironment NA NA
AWS::Batch::SchedulingPolicy NA NA

AWS Budgets

AWS Service Resource Type Value Relationship Related Resource
AWS Budgets AWS::Budgets::BudgetsAction NA NA

AWS Certificate Manager

AWS Service Resource Type Value Relationship Related Resource
AWS Certificate Manager AWS::ACM::Certificate NA NA

AWS CloudFormation

AWS Service Resource Type Value Relationship Related Resource
AWS CloudFormation AWS::CloudFormation::Stack* contains Supported AWS resource types

*AWS Config records configuration changes to AWS CloudFormation stacks and supported resource types in the stacks. AWS Config does not record configuration changes for resource types in the stack that are not yet supported. Unsupported resource types appear in the supplementary configuration section of the configuration item for the stack.

AWS CloudTrail

AWS Service Resource Type Value Relationship Related Resource
AWS CloudTrail AWS::CloudTrail::Trail NA NA

AWS Cloud9

AWS Service Resource Type Value Relationship Related Resource
AWS Cloud9 AWS::Cloud9::EnvironmentEC2 NA NA

AWS Cloud Map

AWS Service Resource Type Value Relationship Related Resource
Service Discovery AWS::ServiceDiscovery::Service NA NA
AWS::ServiceDiscovery::PublicDnsNamespace NA NA
AWS::ServiceDiscovery::HttpNamespace NA NA
AWS::ServiceDiscovery::Instance NA NA

AWS CodeArtifact

AWS Service Resource Type Value Relationship Related Resource
AWS CodeArtifact AWS::CodeArtifact::Repository NA NA

AWS CodeBuild

AWS Service Resource Type Value Relationship Related Resource
AWS CodeBuild AWS::CodeBuild::Project* is associated with S3 bucket
IAM role
AWS::CodeBuild::ReportGroup NA NA

*To learn more about how AWS Config integrates with AWS CodeBuild, see Use AWS Config with AWS CodeBuild Sample.

AWS CodeDeploy

AWS Service Resource Type Value Relationship Related Resource
AWS CodeDeploy AWS::CodeDeploy::Application contains DeploymentGroup
AWS::CodeDeploy::DeploymentConfig NA NA
AWS::CodeDeploy::DeploymentGroup is contained in Application

AWS CodePipeline

AWS Service Resource Type Value Relationship Related Resource
AWS CodePipeline AWS::CodePipeline::Pipeline* is attached to S3 bucket
is associated with IAM role
Code project
Lambda function
Cloudformation stack
ElasticBeanstalk application

*AWS Config records configuration changes to CodePipeline pipelines and supported resource types in the pipelines. AWS Config does not record configuration changes for resource types in the pipelines that are not yet supported. Unsupported resource types such as CodeCommit repository, CodeDeploy application, ECS cluster, and ECS service appear in the supplementary configuration section of the configuration item for the stack.

AWS Config

AWS Service Resource Type Value Relationship Related Resource
AWS Config AWS::Config::ResourceCompliance* is associated with All resources*
AWS::Config::ConformancePackCompliance NA NA
AWS::Config::ConfigurationRecorder* NA NA

*The relationship between AWS::Config::ResourceCompliance and a related resource depends on how AWS::Config::ResourceCompliance reports compliance for that specific resource type.

*AWS::Config::ConfigurationRecorder is a system resource type of AWS Config and recording of this resource type is enabled by default.

Note

Recording for the AWS::Config::ConformancePackCompliance and AWS::Config::ConfigurationRecorder resource types come with no additional charge.

AWS Database Migration Service

AWS Service Resource Type Value Relationship Related Resource
AWS Database Migration Service AWS::DMS::EventSubscription NA NA
AWS::DMS::ReplicationSubnetGroup NA NA
AWS::DMS::ReplicationInstance NA NA
AWS::DMS::ReplicationTask NA NA
AWS::DMS::Certificate NA NA
AWS::DMS::Endpoint NA NA

AWS DataSync

AWS Service Resource Type Value Relationship Related Resource
AWS DataSync AWS::DataSync::LocationSMB NA NA
AWS::DataSync::LocationFSxLustre NA NA
AWS::DataSync::LocationFSxWindows NA NA
AWS::DataSync::LocationS3 NA NA
AWS::DataSync::LocationEFS NA NA
AWS::DataSync::LocationNFS NA NA
AWS::DataSync::LocationHDFS NA NA
AWS::DataSync::LocationObjectStorage NA NA
AWS::DataSync::Task NA NA

AWS Device Farm

AWS Service Resource Type Value Relationship Related Resource
AWS Device Farm AWS::DeviceFarm::TestGridProject NA NA
AWS::DeviceFarm::InstanceProfile NA NA
AWS::DeviceFarm::Project NA NA

AWS Elastic Beanstalk

AWS Service Resource Type Value Relationship Related Resource
AWS Elastic Beanstalk AWS::ElasticBeanstalk::Application contains Elastic Beanstalk Application Version
Elastic Beanstalk Environment
is associated with IAM role
AWS::ElasticBeanstalk::ApplicationVersion is contained in Elastic Beanstalk Application
is associated with Elastic Beanstalk Environment
S3 bucket
AWS::ElasticBeanstalk::Environment is contained in Elastic Beanstalk Application
is associated with Elastic Beanstalk Application Version
IAM role
contains CloudFormation Stack

AWS Fault Injection Service

AWS Service Resource Type Value Relationship Related Resource
AWS Fault Injection Service AWS::FIS::ExperimentTemplate NA NA

AWS Global Accelerator

AWS Service Resource Type Value Relationship Related Resource
AWS Global Accelerator AWS::GlobalAccelerator::Listener NA NA
AWS::GlobalAccelerator::EndpointGroup NA NA
AWS::GlobalAccelerator::Accelerator NA NA

AWS Glue

AWS Service Resource Type Value Relationship Related Resource
AWS Glue AWS::Glue::Job NA NA
AWS::Glue::Classifier NA NA
AWS::Glue::MLTransform NA NA

AWS Ground Station

AWS Service Resource Type Value Relationship Related Resource
AWS Ground Station AWS::GroundStation::Config NA NA
AWS::GroundStation::MissionProfile NA NA
AWS::GroundStation::DataflowEndpointGroup NA NA

AWS HealthLake

AWS Service Resource Type Value Relationship Related Resource
AWS HealthLake AWS::HealthLake::FHIRDatastore NA NA

AWS Identity and Access Management (IAM)

AWS Service Resource Type Value Relationship Related Resource
AWS Identity and Access Management AWS::IAM::User is attached to IAM group
IAM customer managed policy
AWS::IAM::Group contains IAM user
is attached to IAM customer managed policy
AWS::IAM::Role is attached to IAM customer managed policy
AWS::IAM::Policy is attached to IAM user
IAM group
IAM role
AWS::IAM::SAMLProvider NA NA
AWS::IAM::ServerCertificate NA NA
AWS::IAM::InstanceProfile NA NA
AWS::IAM::OIDCProvider NA NA
AWS Identity and Access Management Access Analyzer AWS::AccessAnalyzer::Analyzer NA NA

AWS Config includes inline policies with the configuration details that it records. For more information on inline policies, see Managed policies and inline policies in the IAM User Guide.

AWS IoT

AWS Service Resource Type Value Relationship Related Resource
AWS IoT AWS::IoT::Authorizer NA NA
AWS::IoT::SecurityProfile NA NA
AWS::IoT::RoleAlias NA NA
AWS::IoT::Dimension NA NA
AWS::IoT::Policy NA NA
AWS::IoT::MitigationAction NA NA
AWS::IoT::ScheduledAudit NA NA
AWS::IoT::AccountAuditConfiguration NA NA
AWS::IoTSiteWise::Gateway NA NA
AWS::IoT::CustomMetric NA NA
AWS::IoT::JobTemplate NA NA
AWS::IoT::ProvisioningTemplate NA NA
AWS::IoT::CACertificate NA NA
AWS IoT Wireless AWS::IoTWireless::ServiceProfile NA NA
AWS::IoTWireless::MulticastGroup NA NA
AWS::IoTWireless::FuotaTask NA NA
AWS IoT Core AWS::IoT::FleetMetric NA NA
AWS IoT Analytics AWS::IoTAnalytics::Datastore NA NA
AWS::IoTAnalytics::Dataset NA NA
AWS::IoTAnalytics::Pipeline NA NA
AWS::IoTAnalytics::Channel NA NA
AWS IoT Events AWS::IoTEvents::Input NA NA
AWS::IoTEvents::DetectorModel NA NA
AWS::IoTEvents::AlarmModel NA NA
AWS IoT TwinMaker AWS::IoTTwinMaker::Workspace NA NA
AWS::IoTTwinMaker::Entity NA NA
AWS::IoTTwinMaker::Scene NA NA
AWS::IoTTwinMaker::SyncJob NA NA
AWS IoT SiteWise AWS::IoTSiteWise::Dashboard NA NA
AWS::IoTSiteWise::Project NA NA
AWS::IoTSiteWise::Portal NA NA
AWS::IoTSiteWise::AssetModel NA NA
AWS IoT Greengrass Version 2 AWS::GreengrassV2::ComponentVersion NA NA

AWS Key Management Service

AWS Service Resource Type Value Relationship Related Resource
AWS Key Management Service AWS::KMS::Key NA NA
AWS::KMS::Alias NA NA

AWS Lambda

AWS Service Resource Type Value Relationship Related Resource
AWS Lambda AWS::Lambda::Function is associated with IAM role
EC2 security group
is contained in EC2 subnet
AWS::Lambda::Alias NA NA
AWS::Lambda::CodeSigningConfig NA NA

AWS Mainframe Modernization

AWS Service Resource Type Value Relationship Related Resource
AWS Mainframe Modernization AWS::M2::Environment NA NA

AWS Network Firewall

AWS Service Resource Type Value Relationship Related Resource
AWS Network Firewall AWS::NetworkFirewall::Firewall is attached to EC2 Subnet
is associated with NetworkFirewall FirewallPolicy
AWS::NetworkFirewall::FirewallPolicy is associated with NetworkFirewall RuleGroup
AWS::NetworkFirewall::RuleGroup NA NA
AWS::NetworkFirewall::TLSInspectionConfiguration NA NA

AWS Network Manager

AWS Service Resource Type Value Relationship Related Resource
AWS Network Manager AWS::NetworkManager::TransitGatewayRegistration NA NA
AWS::NetworkManager::Site NA NA
AWS::NetworkManager::Device NA NA
AWS::NetworkManager::Link NA NA
AWS::NetworkManager::GlobalNetwork NA NA
AWS::NetworkManager::CustomerGatewayAssociation NA NA
AWS::NetworkManager::LinkAssociation NA NA
AWS::NetworkManager::ConnectPeer NA NA

AWS Panorama

AWS Service Resource Type Value Relationship Related Resource
AWS Panorama AWS::Panorama::Package NA NA

AWS Private Certificate Authority

AWS Service Resource Type Value Relationship Related Resource
AWS Private Certificate Authority AWS::ACMPCA::CertificateAuthority NA NA
AWS::ACMPCA::CertificateAuthorityActivation NA NA

AWS Resilience Hub

AWS Service Resource Type Value Relationship Related Resource
AWS Resilience Hub AWS::ResilienceHub::ResiliencyPolicy NA NA
AWS::ResilienceHub::App NA NA

AWS Resource Explorer

AWS Service Resource Type Value Relationship Related Resource
AWS Resource Explorer AWS::ResourceExplorer2::Index NA NA

AWS RoboMaker

AWS Service Resource Type Value Relationship Related Resource
AWS RoboMaker AWS::RoboMaker::RobotApplicationVersion NA NA
AWS::RoboMaker::RobotApplication NA NA
AWS::RoboMaker::SimulationApplication NA NA

AWS Signer

AWS Service Resource Type Value Relationship Related Resource
AWS Signer AWS::Signer::SigningProfile NA NA

AWS Secrets Manager

AWS Service Resource Type Value Relationship Related Resource
AWS Secrets Manager AWS::SecretsManager::Secret is associated with Lambda function
is associated with KMS Key

AWS Service Catalog

AWS Service Resource Type Value Relationship Related Resource
AWS Service Catalog AWS::ServiceCatalog::CloudFormationProduct is contained in Portfolio
is associated with CloudFormationProvisionedProduct
AWS::ServiceCatalog::CloudFormationProvisionedProduct is associated with Portfolio
CloudFormationProduct
CloudFormationStack
AWS::ServiceCatalog::Portfolio contains CloudFormationProduct

AWS Shield

AWS Service Resource Type Value Relationship Related Resource
AWS Shield AWS::Shield::Protection is associated with Amazon CloudFront distribution
AWS::ShieldRegional::Protection is associated with EC2 EIP
is associated with ElasticLoadBalancing Balancer
is associated with ElasticLoadBalancingV2 LoadBalancer

AWS Step Functions

AWS Service Resource Type Value Relationship Related Resource
AWS Step Functions AWS::StepFunctions::Activity NA NA
AWS::StepFunctions::StateMachine NA NA

AWS Systems Manager

AWS Service Resource Type Value Relationship Related Resource
AWS Systems Manager AWS::SSM::ManagedInstanceInventory* is associated with EC2 instance
AWS::SSM::PatchCompliance is associated with Managed Instance Inventory
AWS::SSM::AssociationCompliance is associated with Managed Instance Inventory
AWS::SSM::FileData is associated with Managed Instance Inventory
AWS::SSM::Document NA NA

*To learn more about managed instance inventory, see Recording Software Configuration for Managed Instances.

AWS Transfer Family

AWS Service Resource Type Value Relationship Related Resource
AWS Transfer Family AWS::Transfer::Agreement NA NA
AWS::Transfer::Connector NA NA
AWS::Transfer::Workflow NA NA
AWS::Transfer::Certificate NA NA
AWS::Transfer::Profile NA NA

AWS WAF

AWS Service Resource Type Value Relationship Related Resource
AWS WAF AWS::WAF::RateBasedRule NA NA
AWS::WAF::Rule NA NA
AWS::WAF::WebACL is associated with WAF Rule
WAF rate based rule
WAF Rulegroup
AWS::WAF::RuleGroup is associated with WAF Rule
AWS::WAFRegional::RateBasedRule NA NA
AWS::WAFRegional::Rule NA NA
AWS::WAFRegional::WebACL is associated with ElasticLoadBalancingV2 LoadBalancer
WAFRegional Rule
WAFRegional rate based rule
WAFRegional Rulegroup
AWS::WAFRegional::RuleGroup is associated with WAFRegional Rule
AWS WAF V2 AWS::WAFv2::WebACL is associated with ElasticLoadBalancingV2 LoadBalancer
ApiGateway Stage
WAFv2 IPSet
WAFv2 RegexPatternSet
WAFv2 RuleGroup
WAFv2 ManagedRuleSet
AWS::WAFv2::RuleGroup is associated with WAFv2 IPSet
WAFv2 RegexPatternSet
AWS::WAFv2::ManagedRuleSet is associated with WAFv2 RuleGroup
AWS::WAFv2::IPSet NA NA
AWS::WAFv2::RegexPatternSet NA NA

AWS X-Ray

AWS Service Resource Type Value Relationship Related Resource
AWS X-Ray AWS::XRay::EncryptionConfig NA NA

Elastic Load Balancing

AWS Service Resource Type Value Relationship Related Resource
Elastic Load Balancing

Application Load Balancer

AWS::ElasticLoadBalancingV2::LoadBalancer

is associated with EC2 security group
is attached to Subnet
is contained in Virtual private cloud (VPC)

Application Load Balancer Listener

AWS::ElasticLoadBalancingV2::Listener

NA NA

Classic Load Balancer

AWS::ElasticLoadBalancing::LoadBalancer

is associated with EC2 security group
is attached to Subnet
is contained in Virtual private cloud (VPC)

Network Load Balancer

AWS::ElasticLoadBalancingV2::LoadBalancer

NA NA

AWS Elemental MediaConnect

AWS Service Resource Type Value Relationship Related Resource
AWS Elemental MediaConnect AWS::MediaConnect::FlowEntitlement NA NA
AWS::MediaConnect::FlowVpcInterface NA NA
AWS::MediaConnect::FlowSource NA NA

AWS Elemental MediaPackage

AWS Service Resource Type Value Relationship Related Resource
AWS Elemental MediaPackage AWS::MediaPackage::PackagingGroup NA NA
AWS::MediaPackage::PackagingConfiguration NA NA

AWS Elemental MediaTailor

AWS Service Resource Type Value Relationship Related Resource
AWS Elemental MediaTailor AWS::MediaTailor::PlaybackConfiguration NA NA