Note: This list may change in the future, pending changes on AWS or as we add support for more resource types.
| Service | Resource Types |
|---|---|
| Access Analyzer | aws.access-analyzer-finding |
| Account | aws.account |
| ACM | aws.acm-certificate |
| API Gateway | aws.apigw-domain-name aws.rest-account aws.rest-api aws.rest-client-certificate aws.rest-resource aws.rest-stage aws.rest-vpclink |
| API Gateway v2 | aws.apigwv2 aws.apigwv2-stage |
| AppFlow | aws.app-flow |
| App Mesh | aws.appmesh-mesh aws.appmesh-virtualgateway aws.appmesh-virtualnode |
| AppStream | aws.appstream-fleet aws.appstream-stack |
| AppSync | aws.graphql-api |
| Athena | aws.athena-capacity-reservation aws.athena-data-catalog aws.athena-named-query aws.athena-work-group |
| Auto Scaling | aws.asg aws.launch-config aws.scaling-policy |
| AWS Backup | aws.backup-plan aws.backup-vault |
| AWS Batch | aws.batch-compute aws.batch-definition aws.batch-queue |
| Bedrock | aws.bedrock-custom-model aws.bedrock-customization-job |
| Bedrock Agent | aws.bedrock-agent aws.bedrock-knowledge-base |
| AWS Budgets | aws.budget |
| Cloud Directory | aws.cloud-directory |
| CloudFormation | aws.cfn |
| CloudFront | aws.distribution aws.origin-access-control aws.streaming-distribution |
| CloudHSM | aws.hsm aws.hsm-client aws.hsm-hapg |
| CloudHSM v2 | aws.cloudhsm-backup aws.cloudhsm-cluster |
| CloudSearch | aws.cloudsearch |
| CloudTrail | aws.cloudtrail |
| CloudWatch | aws.alarm aws.cloudwatch-dashboard aws.composite-alarm aws.insight-rule |
| CodeArtifact | aws.artifact-domain aws.artifact-repo |
| CodeBuild | aws.codebuild aws.codebuild-credential |
| CodeCommit | aws.codecommit |
| CodeDeploy | aws.codedeploy-app aws.codedeploy-deployment aws.codedeploy-group |
| CodePipeline | aws.codepipeline |
| Cognito Identity | aws.identity-pool |
| Cognito Identity Provider | aws.user-pool |
| AWS Config | aws.config-recorder aws.config-rule |
| Amazon Connect | aws.connect-instance |
| Connect Campaigns | aws.connect-campaign |
| Data Pipeline | aws.datapipeline |
| DataSync | aws.datasync-agent aws.datasync-task |
| DAX | aws.dax |
| Device Farm | aws.devicefarm-project |
| Direct Connect | aws.directconnect |
| Application Discovery Service | aws.appdiscovery-agent |
| DLM | aws.dlm-policy |
| DMS | aws.dms-endpoint aws.dms-instance aws.dms-replication-task |
| Directory Service | aws.directory |
| DynamoDB | aws.dynamodb-backup aws.dynamodb-table |
| DynamoDB Streams | aws.dynamodb-stream |
| EC2 | aws.ami aws.customer-gateway aws.ebs aws.ebs-snapshot aws.ec2 aws.ec2-capacity-reservation aws.ec2-host |
| ECR | aws.ecr aws.ecr-image |
| ECS | aws.ecs aws.ecs-container-instance aws.ecs-service aws.ecs-task aws.ecs-task-definition |
| EFS | aws.efs aws.efs-mount-target |
| EKS | aws.eks aws.eks-nodegroup |
| ElastiCache | aws.cache-cluster aws.cache-snapshot aws.cache-subnet-group aws.elasticache-group aws.elasticache-user |
| Elastic Beanstalk | aws.elasticbeanstalk aws.elasticbeanstalk-environment |
| ELB | aws.elb |
| ELBv2 | aws.app-elb aws.app-elb-target-group |
| EMR | aws.emr aws.emr-security-configuration |
| EMR Serverless | aws.emr-serverless-app |
| Elasticsearch Service | aws.elasticsearch aws.elasticsearch-reserved |
| EventBridge | aws.event-bus aws.event-rule aws.event-rule-target |
| Kinesis Firehose | aws.firehose |
| FIS | aws.fis-experiment aws.fis-template |
| FSx | aws.fsx aws.fsx-backup |
| GameLift | aws.gamelift-build aws.gamelift-fleet |
| S3 Glacier | aws.glacier |
| Global Accelerator | aws.globalaccelerator |
| AWS Glue | aws.glue-catalog aws.glue-classifier aws.glue-connection aws.glue-crawler aws.glue-database aws.glue-dev-endpoint aws.glue-job |
| GuardDuty | aws.guardduty-finding |
| AWS Health | aws.health-event |
| IAM | aws.iam-certificate aws.iam-group aws.iam-oidc-provider aws.iam-policy aws.iam-profile aws.iam-role aws.iam-saml-provider |
| Inspector2 | aws.inspector2-finding |
| IoT | aws.iot |
| MSK | aws.kafka aws.kafka-config |
| Kendra | aws.kendra |
| Kinesis | aws.kinesis |
| Kinesis Analytics | aws.kinesis-analytics |
| Kinesis Analytics v2 | aws.kinesis-analyticsv2 |
| Kinesis Video | aws.kinesis-video |
| KMS | aws.kms aws.kms-key |
| Lake Formation | aws.datalake-location |
| Lambda | aws.lambda aws.lambda-layer |
| Amazon Lex | aws.lex-bot |
| Amazon Lex v2 | aws.lexv2-bot |
| Lightsail | aws.lightsail-db aws.lightsail-elb aws.lightsail-instance |
| CloudWatch Logs | aws.log-destination aws.log-group aws.log-metric |
| Machine Learning | aws.ml-model |
| Mail Manager | aws.ses-ingress-endpoint |
| MemoryDB | aws.memorydb aws.memorydb-acl aws.memorydb-snapshot aws.memorydb-subnet-group aws.memorydb-user |
| Amazon MQ | aws.message-broker aws.message-config |
| MWAA | aws.airflow |
| Network Firewall | aws.firewall |
| Network Manager | aws.networkmanager-core aws.networkmanager-device aws.networkmanager-global aws.networkmanager-link aws.networkmanager-site |
| OpenSearch Serverless | aws.opensearch-serverless |
| OpsWorks | aws.opswork-stack |
| OpsWorks CM | aws.opswork-cm |
| Organizations | aws.org-account aws.org-policy aws.org-unit |
| OpenSearch Ingestion | aws.opensearch-ingestion |
| Payment Cryptography | aws.payment-cryptography-key |
| Pinpoint | aws.pinpoint-app |
| QLDB | aws.qldb |
| QuickSight | aws.quicksight-account aws.quicksight-group aws.quicksight-user |
| RDS | aws.rds aws.rds-cluster aws.rds-cluster-param-group aws.rds-cluster-snapshot aws.rds-param-group aws.rds-proxy aws.rds-reserved |
| Redshift | aws.redshift aws.redshift-reserved aws.redshift-snapshot aws.redshift-subnet-group |
| Route 53 | aws.healthcheck aws.hostedzone aws.rrset |
| Route 53 Recovery Control Config | aws.recovery-cluster aws.recovery-control-panel |
| Route 53 Recovery Readiness | aws.readiness-check |
| Route 53 Domains | aws.r53domain |
| Route 53 Resolver | aws.resolver-logs |
| S3 | aws.s3 aws.s3-directory |
| S3 Control | aws.s3-access-point aws.s3-access-point-multi aws.s3-storage-lens |
| SageMaker | aws.sagemaker-auto-ml-job aws.sagemaker-cluster aws.sagemaker-compilation-job aws.sagemaker-data-quality-job-definition aws.sagemaker-domain aws.sagemaker-endpoint aws.sagemaker-endpoint-config |
| SimpleDB | aws.simpledb |
| Secrets Manager | aws.secrets-manager |
| Security Hub | aws.securityhub-finding |
| Serverless Application Repository | aws.serverless-app |
| Service Quotas | aws.service-quota aws.service-quota-request |
| Service Catalog | aws.catalog-portfolio aws.catalog-product |
| AWS Cloud Map | aws.servicediscovery-namespace |
| SES | aws.ses-configuration-set aws.ses-receipt-rule-set |
| SES v2 | aws.ses-configuration-set-v2 aws.ses-dedicated-ip-pool aws.ses-email-identity |
| AWS Shield | aws.shield-attack aws.shield-protection |
| Snowball | aws.snowball aws.snowball-cluster |
| SNS | aws.sns aws.sns-subscription |
| SQS | aws.sqs |
| SSM | aws.ops-item aws.ssm-activation aws.ssm-data-sync aws.ssm-document aws.ssm-managed-instance aws.ssm-parameter aws.ssm-patch-group |
| Step Functions | aws.sfn-activity aws.step-machine |
| Storage Gateway | aws.storage-gateway |
| AWS Support | aws.advisor-check aws.support-case |
| SWF | aws.swf-domain |
| Timestream InfluxDB | aws.timestream-influxdb |
| Timestream Write | aws.timestream-database aws.timestream-table |
| AWS Transfer | aws.transfer-server aws.transfer-user |
| WAF | aws.waf |
| WAF Regional | aws.waf-regional |
| WAFv2 | aws.wafv2 |
| WorkSpaces | aws.workspaces aws.workspaces-bundle aws.workspaces-directory aws.workspaces-image |
| WorkSpaces Web | aws.workspaces-web |
| X-Ray | aws.xray-group aws.xray-rule |
| VPC | aws.vpc |