-
-
Save shortjared/4c1e3fe52bdfa47522cfe5b41e5d6f22 to your computer and use it in GitHub Desktop.
a4b.amazonaws.com | |
access-analyzer.amazonaws.com | |
account.amazonaws.com | |
acm-pca.amazonaws.com | |
acm.amazonaws.com | |
airflow-env.amazonaws.com | |
airflow.amazonaws.com | |
alexa-appkit.amazon.com | |
alexa-connectedhome.amazon.com | |
amazonmq.amazonaws.com | |
amplify.amazonaws.com | |
apigateway.amazonaws.com | |
appflow.amazonaws.com | |
application-autoscaling.amazonaws.com | |
application-insights.amazonaws.com | |
appstream.amazonaws.com | |
appstream.application-autoscaling.amazonaws.com | |
appsync.amazonaws.com | |
athena.amazonaws.com | |
automation.amazonaws.com | |
autoscaling.amazonaws.com | |
aws-artifact-account-sync.amazonaws.com | |
backup.amazonaws.com | |
batch.amazonaws.com | |
billingconsole.amazonaws.com | |
braket.amazonaws.com | |
budgets.amazonaws.com | |
ce.amazonaws.com | |
channels.lex.amazonaws.com | |
chatbot.amazonaws.com | |
chime.amazonaws.com | |
cloud9.amazonaws.com | |
clouddirectory.amazonaws.com | |
cloudformation.amazonaws.com | |
cloudfront.amazonaws.com | |
cloudhsm.amazonaws.com | |
cloudsearch.amazonaws.com | |
cloudtrail.amazonaws.com | |
cloudwatch-crossaccount.amazonaws.com | |
codebuild.amazonaws.com | |
codecommit.amazonaws.com | |
codedeploy.${aws::region}.amazonaws.com | |
codedeploy.amazonaws.com | |
codeguru-reviewer.amazonaws.com | |
codepipeline.amazonaws.com | |
codestar-notifications.amazonaws.com | |
codestar.amazonaws.com | |
cognito-identity.amazonaws.com | |
cognito-idp.amazonaws.com | |
cognito-sync.amazonaws.com | |
comprehend.amazonaws.com | |
config-conforms.amazonaws.com | |
config-multiaccountsetup.amazonaws.com | |
config.amazonaws.com | |
connect.amazonaws.com | |
continuousexport.discovery.amazonaws.com | |
costalerts.amazonaws.com | |
custom-resource.application-autoscaling.amazonaws.com | |
databrew.amazonaws.com | |
datapipeline.amazonaws.com | |
datasync.amazonaws.com | |
dax.amazonaws.com | |
deeplens.amazonaws.com | |
delivery.logs.amazonaws.com | |
diode.amazonaws.com | |
directconnect.amazonaws.com | |
discovery.amazonaws.com | |
dlm.amazonaws.com | |
dms.amazonaws.com | |
ds.amazonaws.com | |
dynamodb.amazonaws.com | |
dynamodb.application-autoscaling.amazonaws.com | |
ec.amazonaws.com | |
ec2.amazonaws.com | |
ec2.application-autoscaling.amazonaws.com | |
ec2fleet.amazonaws.com | |
ec2scheduled.amazonaws.com | |
ecr.amazonaws.com | |
ecs-tasks.amazonaws.com | |
ecs.amazonaws.com | |
ecs.application-autoscaling.amazonaws.com | |
edgelambda.amazonaws.com | |
eks-fargate-pods.amazonaws.com | |
eks-fargate.amazonaws.com | |
eks-nodegroup.amazonaws.com | |
eks.amazonaws.com | |
elasticache.amazonaws.com | |
elasticbeanstalk.amazonaws.com | |
elasticfilesystem.amazonaws.com | |
elasticloadbalancing.amazonaws.com | |
elasticmapreduce.amazonaws.com | |
elastictranscoder.amazonaws.com | |
email.cognito-idp.amazonaws.com | |
emr-containers.amazonaws.com | |
es.amazonaws.com | |
events.amazonaws.com | |
firehose.amazonaws.com | |
fms.amazonaws.com | |
forecast.amazonaws.com | |
freertos.amazonaws.com | |
fsx.amazonaws.com | |
galaxy.amazonaws.com | |
gamelift.amazonaws.com | |
glacier.amazonaws.com | |
globalaccelerator.amazonaws.com | |
glue.amazonaws.com | |
greengrass.amazonaws.com | |
guardduty.amazonaws.com | |
health.amazonaws.com | |
honeycode.amazonaws.com | |
iam.amazonaws.com | |
imagebuilder.amazonaws.com | |
importexport.amazonaws.com | |
inspector.amazonaws.com | |
iot.amazonaws.com | |
iotanalytics.amazonaws.com | |
iotevents.amazonaws.com | |
iotsitewise.amazonaws.com | |
iotthingsgraph.amazonaws.com | |
ivs.amazonaws.com | |
jellyfish.amazonaws.com | |
kafka.amazonaws.com | |
kinesis.amazonaws.com | |
kinesis.{us-gov-region}.amazonaws.com | |
kinesisanalytics.amazonaws.com | |
kms.amazonaws.com | |
lakeformation.amazonaws.com | |
lambda.amazonaws.com | |
lex.amazonaws.com | |
license-manager.amazonaws.com | |
lightsail.amazonaws.com | |
logger.cloudfront.amazonaws.com | |
logs.amazonaws.com | |
machinelearning.amazonaws.com | |
macie.amazonaws.com | |
managedblockchain.amazonaws.com | |
managedservices.amazonaws.com | |
mediaconnect.amazonaws.com | |
mediaconvert.amazonaws.com | |
mediapackage.amazonaws.com | |
mediastore.amazonaws.com | |
mediatailor.amazonaws.com | |
member.org.stacksets.cloudformation.amazonaws.com | |
metering-marketplace.amazonaws.com | |
mgn.amazonaws.com | |
migrationhub.amazonaws.com | |
mobileanalytics.amazonaws.com | |
mobilehub.amazonaws.com | |
monitoring.amazonaws.com | |
monitoring.rds.amazonaws.com | |
mq.amazonaws.com | |
network-firewall.amazonaws.com | |
ops.apigateway.amazonaws.com | |
opsworks-cm.amazonaws.com | |
opsworks.amazonaws.com | |
organizations.amazonaws.com | |
personalize.amazonaws.com | |
pinpoint.amazonaws.com | |
polly.amazonaws.com | |
purchaseorders.amazonaws.com | |
qldb.amazonaws.com | |
quicksight.amazonaws.com | |
ram.amazonaws.com | |
rds-preview.amazonaws.com | |
rds.amazonaws.com | |
redshift.amazonaws.com | |
rekognition.amazonaws.com | |
replication.dynamodb.amazonaws.com | |
replicator.lambda.amazonaws.com | |
resource-groups.amazonaws.com | |
robomaker.amazonaws.com | |
route53.amazonaws.com | |
route53domains.amazonaws.com | |
route53resolver.amazonaws.com | |
s3.amazonaws.com | |
sagemaker.amazonaws.com | |
secretsmanager.amazonaws.com | |
securityhub.amazonaws.com | |
serverlessrepo.amazonaws.com | |
servicecatalog-appregistry.amazonaws.com | |
servicecatalog.amazonaws.com | |
servicediscovery.amazonaws.com | |
ses.amazonaws.com | |
shield.amazonaws.com | |
signer.amazonaws.com | |
signin.amazonaws.com | |
sms.amazonaws.com | |
sns.amazonaws.com | |
spotfleet.amazonaws.com | |
sqs.amazonaws.com | |
ssm-incidents.amazonaws.com | |
ssm.amazonaws.com | |
sso.amazonaws.com | |
states.amazonaws.com | |
storagegateway.amazonaws.com | |
streams.metrics.cloudwatch.amazonaws.com | |
sts.amazonaws.com | |
support.amazonaws.com | |
swf.amazonaws.com | |
tagging.amazonaws.com | |
tagpolicies.tag.amazonaws.com | |
textract.amazonaws.com | |
timestream.amazonaws.com | |
transcribe.amazonaws.com | |
transfer.amazonaws.com | |
transitgateway.amazonaws.com | |
translate.amazonaws.com | |
trustedadvisor.amazonaws.com | |
tts.amazonaws.com | |
vmie.amazonaws.com | |
vpc-flow-logs.amazonaws.com | |
waf-regional.amazonaws.com | |
waf.amazonaws.com | |
wam.amazonaws.com | |
workdocs.amazonaws.com | |
worklink.amazonaws.com | |
workmail.amazonaws.com | |
workspaces.amazonaws.com | |
xray.amazonaws.com | |
{region}.elasticache-snapshot.amazonaws.com |
ec2fastlaunch.amazonaws.com = AWSServiceRoleForEC2FastLaunch
spot.amazonaws.com = AWSServiceRoleForEC2Spot
partnercentral-account-management.amazonaws.com
List above updated!
bedrock.amazonaws.com
Now a CloudWatch alarm can send an event directly to a Lambda Function. This is the principal: lambda.alarms.cloudwatch.amazonaws.com
I added malware-protection.guardduty.amazonaws.com
as mentioned here:
https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html
Updated everything up to here. Honestly y'all, I tried years ago to get AWS to support this .
I'll look at putting together a repo. We would need to automate that repo updating this gist to maintain the friendliness of this being the top result on google for "list of AWS service principal" and related searches.
Wondering, is this gist already updated automatically in some way? It seems like whenever I come here it says something like last active x hours ago. 😸
I would like to suggest a pontential way to partially automate this. Searching through all AWS Managed IAM policies I get a list of 203 unique domains:
$ git clone --depth=1 https://github.com/udondan/iam-floyd
$ grep -rhoE '[^[:space:],;"'\''/*]+\.amazonaws\.com' iam-floyd/docs/source/_static/managed-policies/ | sort | uniq -c | sort -nr
58 ec2.amazonaws.com
23 cloudformation.amazonaws.com
21 autoscaling.amazonaws.com
20 ssm.amazonaws.com
20 securitylake.amazonaws.com
16 launchwizard.amazonaws.com
16 events.amazonaws.com
15 lambda.amazonaws.com
15 elasticloadbalancing.amazonaws.com
15 backup.amazonaws.com
14 sagemaker.amazonaws.com
13 glue.amazonaws.com
12 spot.amazonaws.com
12 rds.amazonaws.com
11 ecs.amazonaws.com
11 drs.amazonaws.com
11 codeguru-reviewer.amazonaws.com
11 cleanrooms.amazonaws.com
10 elasticbeanstalk.amazonaws.com
9 sso.amazonaws.com
9 lexv2.amazonaws.com
9 devops-guru.amazonaws.com
9 application-autoscaling.amazonaws.com
8 robomaker.amazonaws.com
8 mgn.amazonaws.com
8 elasticmapreduce.amazonaws.com
8 application-insights.amazonaws.com
7 spotfleet.amazonaws.com
7 lex.amazonaws.com
7 lakeformation.amazonaws.com
7 dataexchange.amazonaws.com
6 servicecatalog-appregistry.amazonaws.com
6 imagebuilder.amazonaws.com
6 ecs-tasks.amazonaws.com
6 docdb-elastic.amazonaws.com
6 continuousexport.discovery.amazonaws.com
6 config-conforms.amazonaws.com
6 cloud9.amazonaws.com
6 channels.lexv2.amazonaws.com
5 servicequotas.amazonaws.com
5 securityhub.amazonaws.com
5 schemas.amazonaws.com
5 reporting.trustedadvisor.amazonaws.com
5 ram.amazonaws.com
5 iot.amazonaws.com
5 fsx.amazonaws.com
5 fms.amazonaws.com
5 codepipeline.amazonaws.com
4 vpc-lattice.amazonaws.com
4 sqlworkbench.amazonaws.com
4 sagemaker.application-autoscaling.amazonaws.com
4 resource-explorer-2.amazonaws.com
4 replication.lexv2.amazonaws.com
4 macie.amazonaws.com
4 iotsitewise.amazonaws.com
4 dynamodb.application-autoscaling.amazonaws.com
4 delivery.logs.amazonaws.com
4 cloudtrail.amazonaws.com
4 channels.lex.amazonaws.com
4 cassandra.application-autoscaling.amazonaws.com
4 braket.amazonaws.com
4 auditmanager.amazonaws.com
4 appflow.amazonaws.com
4 apidestinations.events.amazonaws.com
3 scraper.aps.amazonaws.com
3 scheduler.amazonaws.com
3 s3.data-source.lustre.fsx.amazonaws.com
3 remediation.config.amazonaws.com
3 redshift.amazonaws.com
3 proton.amazonaws.com
3 profile.amazonaws.com
3 pipes.amazonaws.com
3 nimble.amazonaws.com
3 neptune-graph.amazonaws.com
3 kafka.amazonaws.com
3 inspector.amazonaws.com
3 greengrass.amazonaws.com
3 events.workmail.amazonaws.com
3 detective.amazonaws.com
3 databrew.amazonaws.com
3 cost-optimization-hub.bcm.amazonaws.com
3 connect.amazonaws.com
3 cognito-identity.amazonaws.com
3 appsync.amazonaws.com
3 apprunner.amazonaws.com
3 acm.amazonaws.com
2 wafv2.amazonaws.com
2 transitgateway.amazonaws.com
2 transfer.amazonaws.com
2 sync.proton.amazonaws.com
2 ssm-sap.amazonaws.com
2 smsintegration.migrationhub.amazonaws.com
2 s3.amazonaws.com
2 restore-testing.backup.amazonaws.com
2 replication.cassandra.amazonaws.com
2 refactor-spaces.amazonaws.com
2 redshift-data.amazonaws.com
2 qldb.amazonaws.com
2 panorama.amazonaws.com
2 osis.amazonaws.com
2 orgsdatasync.servicecatalog.amazonaws.com
2 organizations.amazonaws.com
2 omics.amazonaws.com
2 mq.amazonaws.com
2 migrationhub.amazonaws.com
2 migrationhub-strategy.amazonaws.com
2 migrationhub-orchestrator.amazonaws.com
2 memorydb.amazonaws.com
2 managedupdates.elasticbeanstalk.amazonaws.com
2 malware-protection.guardduty.amazonaws.com
2 maintenance.elasticbeanstalk.amazonaws.com
2 license-manager.member-account.amazonaws.com
2 license-management.marketplace.amazonaws.com
2 iotroborunner.amazonaws.com
2 health.amazonaws.com
2 guardduty.amazonaws.com
2 globalaccelerator.amazonaws.com
2 forecast.amazonaws.com
2 firehose.amazonaws.com
2 email.cognito-idp.amazonaws.com
2 elasticache.amazonaws.com
2 eks-connector.amazonaws.com
2 ec2fleet.amazonaws.com
2 ec2.application-autoscaling.amazonaws.com
2 dmsintegration.migrationhub.amazonaws.com
2 dax.amazonaws.com
2 custom.rds.amazonaws.com
2 custom.rds-preview.amazonaws.com
2 controltower.amazonaws.com
2 config-multiaccountsetup.amazonaws.com
2 cognito-idp.amazonaws.com
2 cognito-identity-us-gov.amazonaws.com
2 codebuild.amazonaws.com
2 codeartifact.amazonaws.com
2 cleanrooms-ml.amazonaws.com
2 chime.amazonaws.com
2 bugbust.amazonaws.com
2 bedrock.amazonaws.com
2 assets.marketplace.amazonaws.com
2 appstream.application-autoscaling.amazonaws.com
2 appmesh.amazonaws.com
2 application-signals.cloudwatch.amazonaws.com
2 appfabric.amazonaws.com
2 a4b.amazonaws.com
1 vmie.amazonaws.com
1 synthetics.amazonaws.com
1 support.amazonaws.com
1 states.amazonaws.com
1 sms.amazonaws.com
1 shield.amazonaws.com
1 servicecatalog.amazonaws.com
1 sagemaker-geospatial.amazonaws.com
1 rum.amazonaws.com
1 resource-groups.amazonaws.com
1 replication.ecr.amazonaws.com
1 replication.dynamodb.amazonaws.com
1 rds.application-autoscaling.amazonaws.com
1 personalize.amazonaws.com
1 permission.iq.amazonaws.com
1 partnercentral-account-management.amazonaws.com
1 opsworks.amazonaws.com
1 networkmanager.amazonaws.com
1 network-firewall.amazonaws.com
1 monitron.amazonaws.com
1 medical-imaging.amazonaws.com
1 mediaconvert.amazonaws.com
1 lookoutmetrics.amazonaws.com
1 lookoutequipment.amazonaws.com
1 lightsail.amazonaws.com
1 kinesisreplication.dynamodb.amazonaws.com
1 kendra.amazonaws.com
1 inspector2.amazonaws.com
1 healthlake.amazonaws.com
1 grafana.amazonaws.com
1 frauddetector.amazonaws.com
1 fis.amazonaws.com
1 events.managedservices.amazonaws.com
1 event-processor.health.amazonaws.com
1 entityresolution.amazonaws.com
1 elastictranscoder.amazonaws.com
1 elasticfilesystem.amazonaws.com
1 eks.amazonaws.com
1 ecs.application-autoscaling.amazonaws.com
1 ec2scheduled.amazonaws.com
1 ec2fastlaunch.amazonaws.com
1 ds.amazonaws.com
1 datazonecontrol.amazonaws.com
1 datazone.amazonaws.com
1 datasync.amazonaws.com
1 credentials.iot.amazonaws.com
1 contributorinsights.dynamodb.amazonaws.com
1 contract.iq.amazonaws.com
1 config.amazonaws.com
1 codeguru-security.amazonaws.com
1 codeguru-profiler.amazonaws.com
1 codecatalyst.amazonaws.com
1 codecatalyst-runner.amazonaws.com
1 budgets.amazonaws.com
1 batch.amazonaws.com
1 athena.amazonaws.com
1 aps.amazonaws.com
1 apigateway.amazonaws.com
1 access-analyzer.amazonaws.com
I am not too deep into this topic, so not sure if all those matches are actually valid service principals...
This list is sorted by the number of occurences. Haven't checked the inersection with your list.
pipes.amazonaws.com