aws general reference - referenzhandbuch · aws general reference referenzhandbuch...
TRANSCRIPT
-
Allgemeine AWS-ReferenzReferenzhandbuch
Version 1.0
-
Allgemeine AWS-Referenz Referenzhandbuch
Allgemeine AWS-Referenz: ReferenzhandbuchCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's,in any manner that is likely to cause confusion among customers, or in any manner that disparages or discreditsAmazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may notbe affiliated with, connected to, or sponsored by Amazon.
-
Allgemeine AWS-Referenz Referenzhandbuch
Table of ContentsAWS General Reference ..................................................................................................................... 1AWS-Sicherheitsanmeldeinformationen .................................................................................................. 2
AWS-Benutzer ............................................................................................................................ 2Aufgaben, die Root-Benutzer-Anmeldeinformationen erfordern ................................................... 3
AWS-Anmeldeinformationen ......................................................................................................... 4Konsolenzugriff ................................................................................................................... 4Programmgesteuerter Zugriff ................................................................................................ 5Temporäre Zugriffsschlüssel ................................................................................................. 6
AWS-Konto-Kennungen ............................................................................................................... 6Wie Sie Ihre AWS-Konto-ID finden ........................................................................................ 7Wie Sie die kanonische Benutzer-ID für Ihr AWS-Konto finden ................................................... 8
Bewährte Methoden für die Verwaltung von AWS-Zugriffsschlüsseln ................................................... 9Entfernen Sie einen Zugriffsschlüssel für das Konto (bzw. erstellen Sie erst gar keinen). ................. 9Verwenden Sie temporäre Sicherheitsanmeldeinformationen (IAM-Rollen) anstelle langfristigerZugriffsschlüssel. ................................................................................................................ 9Ordnungsgemäße Verwaltung der IAM-Benutzerzugriffsschlüssel ............................................. 10Zugriff auf die mobile App mit AWS-Zugriffsschlüsseln ............................................................ 11Weitere Informationen. ....................................................................................................... 12
AWS security audit guidelines ..................................................................................................... 12When you should perform a security audit ............................................................................ 13Guidelines for auditing ....................................................................................................... 13Review your AWS account credentials ................................................................................. 13Review your IAM users ...................................................................................................... 14Review your IAM groups .................................................................................................... 14Review your IAM roles ...................................................................................................... 14Review your IAM providers for SAML and OpenID Connect (OIDC) .......................................... 15Review Your mobile apps .................................................................................................. 15Review your Amazon EC2 security configuration ................................................................... 15Review AWS policies in other services ................................................................................. 16Monitor activity in your AWS account ................................................................................... 16Tips for reviewing IAM policies ............................................................................................ 16Learn more ...................................................................................................................... 17
Service Endpunkte und Kontingente .................................................................................................... 18Alexa for Business .................................................................................................................... 22
Service-Endpunkte ............................................................................................................ 22Servicekontingente ............................................................................................................ 22
AWS Amplify ............................................................................................................................ 23Amplify-Endpunkte ............................................................................................................ 23Servicekontingente ............................................................................................................ 24
Amazon API Gateway ............................................................................................................... 25Service-Endpunkte ............................................................................................................ 25Servicekontingente ............................................................................................................ 29
Application Auto Scaling ............................................................................................................ 29Regionen und Endpunkte ................................................................................................... 30Servicekontingente ............................................................................................................ 31
AWS Application Discovery Service ............................................................................................. 32Service-Endpunkte ............................................................................................................ 32Servicekontingente ............................................................................................................ 33
Amazon AppStream 2.0 ............................................................................................................. 33Service-Endpunkte ............................................................................................................ 33Servicekontingente ............................................................................................................ 34
AWS App Mesh ........................................................................................................................ 35Service-Endpunkte ............................................................................................................ 35Servicekontingente ............................................................................................................ 37
Version 1.0iii
-
Allgemeine AWS-Referenz Referenzhandbuch
AWS AppSync .......................................................................................................................... 37Service Endpoints ............................................................................................................. 37Service Quotas ................................................................................................................. 39
Amazon Athena ........................................................................................................................ 40Service-Endpunkte ............................................................................................................ 41Servicekontingente ............................................................................................................ 42
Amazon Augmented AI .............................................................................................................. 43Servicekontingente ............................................................................................................ 43
Amazon Aurora ........................................................................................................................ 44Service-Endpunkte ............................................................................................................ 44Servicekontingente ............................................................................................................ 48
AWS Auto Scaling .................................................................................................................... 48Regionen und Endpunkte ................................................................................................... 48Servicekontingente ............................................................................................................ 50
Amazon EC2 Auto Scaling ......................................................................................................... 51Regionen und Endpunkte ................................................................................................... 51Servicekontingente ............................................................................................................ 53
AWS Backup ............................................................................................................................ 53Service-Endpunkte ............................................................................................................ 54Servicekontingente ............................................................................................................ 55
AWS Batch .............................................................................................................................. 57Service-Endpunkte ............................................................................................................ 57Servicekontingente ............................................................................................................ 59
Billing and Cost Management ..................................................................................................... 59Service-Endpunkte ............................................................................................................ 60Servicekontingente ............................................................................................................ 63
AWS Certificate Manager ........................................................................................................... 63Service-Endpunkte ............................................................................................................ 63Servicekontingente ............................................................................................................ 65
AWS Certificate Manager Private Certificate Authority ..................................................................... 66Service-Endpunkte ............................................................................................................ 66Servicekontingente ............................................................................................................ 67
AWS Chatbot ........................................................................................................................... 68Servicekontingente ............................................................................................................ 68
Amazon Chime ......................................................................................................................... 68Service-Endpunkte ............................................................................................................ 68Servicekontingente ............................................................................................................ 68
AWS Cloud9 ............................................................................................................................ 69Service-Endpunkte ............................................................................................................ 69Servicekontingente ............................................................................................................ 70
Amazon Cloud Directory ............................................................................................................ 71Service-Endpunkte ............................................................................................................ 71
AWS CloudFormation ................................................................................................................ 72Service-Endpunkte ............................................................................................................ 72Servicekontingente ............................................................................................................ 74
Amazon CloudFront .................................................................................................................. 74Service-Endpunkte ............................................................................................................ 74Servicekontingente ............................................................................................................ 74
AWS CloudHSM ....................................................................................................................... 75Service-Endpunkte ............................................................................................................ 75Servicekontingente ............................................................................................................ 78
AWS Cloud Map ....................................................................................................................... 78Service-Endpunkte ............................................................................................................ 78Servicekontingente ............................................................................................................ 80
Amazon CloudSearch ................................................................................................................ 80Service-Endpunkte ............................................................................................................ 81Servicekontingente ............................................................................................................ 81
Version 1.0iv
-
Allgemeine AWS-Referenz Referenzhandbuch
AWS CloudTrail ........................................................................................................................ 82Service-Endpunkte ............................................................................................................ 82Servicekontingente ............................................................................................................ 84
Amazon CloudWatch ................................................................................................................. 84Service-Endpunkte ............................................................................................................ 84Servicekontingente ............................................................................................................ 86
Amazon CloudWatch Events ...................................................................................................... 88Service-Endpunkte ............................................................................................................ 88Servicekontingente ............................................................................................................ 90
Amazon CloudWatch Logs ......................................................................................................... 91Service-Endpunkte ............................................................................................................ 91Servicekontingente ............................................................................................................ 93
AWS CodeArtifact ..................................................................................................................... 93Service-Endpunkte ............................................................................................................ 93Servicekontingente ............................................................................................................ 94
AWS CodeBuild ........................................................................................................................ 94Service-Endpunkte ............................................................................................................ 95Servicekontingente ............................................................................................................ 96
AWS CodeCommit .................................................................................................................... 97Service-Endpunkte ............................................................................................................ 97Servicekontingente ............................................................................................................ 98
AWS CodeDeploy ..................................................................................................................... 99Service-Endpunkte ............................................................................................................ 99Servicekontingente .......................................................................................................... 101
Amazon CodeGuru Profiler ....................................................................................................... 101Service-Endpunkte .......................................................................................................... 101Servicekontingente .......................................................................................................... 102
Amazon CodeGuru Reviewer .................................................................................................... 102Service-Endpunkte .......................................................................................................... 102Servicekontingente .......................................................................................................... 103
AWS CodePipeline .................................................................................................................. 103Service-Endpunkte .......................................................................................................... 103Servicekontingente .......................................................................................................... 105
AWS CodeStar ....................................................................................................................... 106Service-Endpunkte .......................................................................................................... 107
AWS CodeStar Notifications ..................................................................................................... 108Amazon Cognito-Identität ......................................................................................................... 109
Service-Endpunkte .......................................................................................................... 109Servicekontingente .......................................................................................................... 112
Amazon Cognito Sync ............................................................................................................. 112Service-Endpunkte .......................................................................................................... 112Servicekontingente .......................................................................................................... 113
Amazon Comprehend .............................................................................................................. 114Service-Endpunkte .......................................................................................................... 114Servicekontingente .......................................................................................................... 115
Amazon Comprehend Medical ................................................................................................... 115Service-Endpunkte .......................................................................................................... 115Servicekontingente .......................................................................................................... 116
Compute Optimizer .................................................................................................................. 117Service-Endpunkte .......................................................................................................... 118Servicekontingente .......................................................................................................... 119
AWS Config ........................................................................................................................... 119Service-Endpunkte .......................................................................................................... 119Servicekontingente .......................................................................................................... 121
Amazon Connect ..................................................................................................................... 121Service-Endpunkte .......................................................................................................... 121Servicekontingente .......................................................................................................... 122
Version 1.0v
-
Allgemeine AWS-Referenz Referenzhandbuch
AWS Data Exchange ............................................................................................................... 122Service-Endpunkte .......................................................................................................... 122
Amazon Data Lifecycle Manager ............................................................................................... 123Service-Endpunkte .......................................................................................................... 123Servicekontingente .......................................................................................................... 125
AWS Data Pipeline .................................................................................................................. 125Service-Endpunkte .......................................................................................................... 125Servicekontingente .......................................................................................................... 126
DataSync ............................................................................................................................... 126Service-Endpunkte .......................................................................................................... 126Servicekontingente .......................................................................................................... 128
AWS Database Migration Service .............................................................................................. 128Service Endpoints ........................................................................................................... 129Service Quotas ............................................................................................................... 130
AWS DeepLens ...................................................................................................................... 130Service-Endpunkte .......................................................................................................... 131Servicekontingente .......................................................................................................... 131
Detective ................................................................................................................................ 131Service-Endpunkte .......................................................................................................... 131
AWS Device Farm .................................................................................................................. 133Service-Endpunkte .......................................................................................................... 133Servicekontingente .......................................................................................................... 133
AWS Direct Connect ................................................................................................................ 133Service-Endpunkte .......................................................................................................... 134Servicekontingente .......................................................................................................... 135
AWS Directory Service ............................................................................................................. 136Service-Endpunkte .......................................................................................................... 136Servicekontingente .......................................................................................................... 137
Amazon DocumentDB .............................................................................................................. 138Service-Endpunkte .......................................................................................................... 138Servicekontingente .......................................................................................................... 139
Amazon DynamoDB ................................................................................................................ 139Service-Endpunkte .......................................................................................................... 140Servicekontingente .......................................................................................................... 145
AWS Elastic Beanstalk ............................................................................................................. 145Service-Endpunkte .......................................................................................................... 146Servicekontingente .......................................................................................................... 149
Amazon EBS .......................................................................................................................... 149Service-Endpunkte .......................................................................................................... 150Servicekontingente .......................................................................................................... 153
Amazon EC2 .......................................................................................................................... 155Service-Endpunkte .......................................................................................................... 156Servicekontingente .......................................................................................................... 157
EC2 Image Builder .................................................................................................................. 158Service-Endpunkte .......................................................................................................... 158Servicekontingente .......................................................................................................... 160
Amazon ECR ......................................................................................................................... 161Service Endpoints ........................................................................................................... 161Service Quotas ............................................................................................................... 165
Amazon ECS .......................................................................................................................... 169Service-Endpunkte .......................................................................................................... 169Amazon ECS-Servicekontingente ....................................................................................... 171AWS Fargate-Servicekontingente ....................................................................................... 173
Amazon EKS .......................................................................................................................... 173Service-Endpunkte .......................................................................................................... 173Servicekontingente .......................................................................................................... 175AWS Fargate-Servicekontingente ....................................................................................... 175
Version 1.0vi
-
Allgemeine AWS-Referenz Referenzhandbuch
Amazon EFS .......................................................................................................................... 176Service-Endpunkte .......................................................................................................... 176Servicekontingente .......................................................................................................... 178
Amazon Elastic Inference ......................................................................................................... 179Service-Endpunkte .......................................................................................................... 179Servicekontingente .......................................................................................................... 180
Elastic Load Balancing ............................................................................................................. 180Service-Endpunkte .......................................................................................................... 180Servicekontingente .......................................................................................................... 182
Elastic Transcoder ................................................................................................................... 183Service-Endpunkte .......................................................................................................... 184Servicekontingente .......................................................................................................... 184
Amazon ElastiCache ................................................................................................................ 185Service-Endpunkte .......................................................................................................... 185Servicekontingente .......................................................................................................... 187
Amazon ES ............................................................................................................................ 188Service-Endpunkte .......................................................................................................... 188
Amazon EMR ......................................................................................................................... 190Service-Endpunkte .......................................................................................................... 190Servicekontingente .......................................................................................................... 192
EventBridge ............................................................................................................................ 193Service-Endpunkte .......................................................................................................... 193Servicekontingente .......................................................................................................... 195
Firewall Manager ..................................................................................................................... 195Service-Endpunkte .......................................................................................................... 195Servicekontingente .......................................................................................................... 197
Forecast ................................................................................................................................ 198Service-Endpunkte .......................................................................................................... 198
Amazon Fraud Detector ........................................................................................................... 200Service Endpoints ........................................................................................................... 200Service Quotas ............................................................................................................... 200
FreeRTOS .............................................................................................................................. 201Service-Endpunkte .......................................................................................................... 201Servicekontingente .......................................................................................................... 204
Amazon FSx .......................................................................................................................... 204Service-Endpunkte .......................................................................................................... 205Servicekontingente .......................................................................................................... 206
GameLift ................................................................................................................................ 207Service-Endpunkte .......................................................................................................... 207Servicekontingente .......................................................................................................... 208
S3 Glacier .............................................................................................................................. 209Service-Endpunkte .......................................................................................................... 209Servicekontingente .......................................................................................................... 211
Global Accelerator ................................................................................................................... 211Service-Endpunkte .......................................................................................................... 211Servicekontingente .......................................................................................................... 211
AWS Glue .............................................................................................................................. 212Service-Endpunkte .......................................................................................................... 212Servicekontingente .......................................................................................................... 214
AWS Ground Station ............................................................................................................... 215Service-Endpunkte .......................................................................................................... 215Servicekontingente .......................................................................................................... 215
GuardDuty .............................................................................................................................. 216Service-Endpunkte .......................................................................................................... 216Servicekontingente .......................................................................................................... 217
AWS Health ........................................................................................................................... 218Service-Endpunkte .......................................................................................................... 218
Version 1.0vii
-
Allgemeine AWS-Referenz Referenzhandbuch
IAM ....................................................................................................................................... 218Service Endpoints ........................................................................................................... 218Service Quotas ............................................................................................................... 220
IAM Access Analyzer ............................................................................................................... 221Service-Endpunkte .......................................................................................................... 221Servicekontingente .......................................................................................................... 223
AWS Import/Export .................................................................................................................. 223Service-Endpunkte .......................................................................................................... 223
Amazon Inspector ................................................................................................................... 223Service-Endpunkte .......................................................................................................... 224Servicekontingente .......................................................................................................... 225
AWS IoT 1-Click ..................................................................................................................... 225Service-Endpunkte .......................................................................................................... 225Servicekontingente .......................................................................................................... 226
AWS IoT Analytics .................................................................................................................. 227Service Endpoints ........................................................................................................... 227Service Quotas ............................................................................................................... 228
AWS IoT Core ........................................................................................................................ 229Service-Endpunkte .......................................................................................................... 229Servicekontingente .......................................................................................................... 236
AWS IoT Device Defender ....................................................................................................... 253Service Endpoints ........................................................................................................... 253Service Quotas ............................................................................................................... 255
AWS IoT Device Management .................................................................................................. 256Service-Endpunkte .......................................................................................................... 256Servicekontingente .......................................................................................................... 262
AWS IoT Events ..................................................................................................................... 266Service-Endpunkte .......................................................................................................... 267Servicekontingente .......................................................................................................... 268
AWS IoT Greengrass ............................................................................................................... 270Service-Endpunkte .......................................................................................................... 270Servicekontingente .......................................................................................................... 274
AWS IoT SiteWise .................................................................................................................. 276Service-Endpunkte .......................................................................................................... 276Servicekontingente .......................................................................................................... 276
AWS IoT Things Graph ............................................................................................................ 280Service-Endpunkte .......................................................................................................... 280Servicekontingente .......................................................................................................... 280
Amazon IVS ........................................................................................................................... 282Service Endpoints ........................................................................................................... 283Service Quotas ............................................................................................................... 283
Amazon Kendra ...................................................................................................................... 283Service-Endpunkte .......................................................................................................... 283
Amazon Keyspaces (für Apache Cassandra) ............................................................................... 283Service-Endpunkte .......................................................................................................... 284Servicekontingente .......................................................................................................... 285
AWS KMS .............................................................................................................................. 285Service-Endpunkte .......................................................................................................... 285Servicekontingente .......................................................................................................... 287
Kinesis Data Analytics ............................................................................................................. 288Service-Endpunkte .......................................................................................................... 288Servicekontingente .......................................................................................................... 289
Kinesis Data Firehose .............................................................................................................. 290Service-Endpunkte .......................................................................................................... 290Servicekontingente .......................................................................................................... 292
Kinesis Data Streams .............................................................................................................. 292Service-Endpunkte .......................................................................................................... 293
Version 1.0viii
-
Allgemeine AWS-Referenz Referenzhandbuch
Servicekontingente .......................................................................................................... 294Kinesis-Videostreams ............................................................................................................... 295
Service-Endpunkte .......................................................................................................... 295Servicekontingente .......................................................................................................... 296
Lake Formation ....................................................................................................................... 302Service-Endpunkte .......................................................................................................... 302Servicekontingente .......................................................................................................... 304
Lambda ................................................................................................................................. 304Service-Endpunkte .......................................................................................................... 304Servicekontingente .......................................................................................................... 306
AWS Launch Wizard ............................................................................................................... 306Service-Endpunkte .......................................................................................................... 158Servicekontingente .......................................................................................................... 307
Amazon Lex ........................................................................................................................... 308Service-Endpunkte .......................................................................................................... 308
License Manager ..................................................................................................................... 309Service-Endpunkte .......................................................................................................... 309Servicekontingente .......................................................................................................... 311
Amazon Lightsail ..................................................................................................................... 311Service-Endpunkte .......................................................................................................... 311Servicekontingente .......................................................................................................... 312
Macie .................................................................................................................................... 314Service-Endpunkte .......................................................................................................... 314Servicekontingente .......................................................................................................... 316
Amazon ML ............................................................................................................................ 316Service-Endpunkte .......................................................................................................... 316Servicekontingente .......................................................................................................... 317
Managed Blockchain ................................................................................................................ 317Service-Endpunkte .......................................................................................................... 318Servicekontingente .......................................................................................................... 318
AWS Marketplace .................................................................................................................... 319Service-Endpunkte .......................................................................................................... 319
Amazon Mechanical Turk ......................................................................................................... 321Service-Endpunkte .......................................................................................................... 321
Amazon MSK ......................................................................................................................... 321Service-Endpunkte .......................................................................................................... 322
MediaConnect ......................................................................................................................... 323Service-Endpunkte .......................................................................................................... 323Servicekontingente .......................................................................................................... 324
MediaConvert ......................................................................................................................... 325Service Endpoints ........................................................................................................... 325Service Quotas ............................................................................................................... 326
MediaLive .............................................................................................................................. 328Service-Endpunkte .......................................................................................................... 328Servicekontingente .......................................................................................................... 329
MediaPackage ........................................................................................................................ 329Service-Endpunkte .......................................................................................................... 329Servicekontingente .......................................................................................................... 331
MediaStore ............................................................................................................................. 332Service-Endpunkte .......................................................................................................... 332Servicekontingente .......................................................................................................... 333
MediaTailor ............................................................................................................................ 335Service-Endpunkte .......................................................................................................... 335Servicekontingente .......................................................................................................... 335
Migration Hub ......................................................................................................................... 336Service-Endpunkte .......................................................................................................... 336
Amazon MQ ........................................................................................................................... 337
Version 1.0ix
-
Allgemeine AWS-Referenz Referenzhandbuch
Service-Endpunkte .......................................................................................................... 337Servicekontingente .......................................................................................................... 338
Neptune ................................................................................................................................. 338Service-Endpunkte .......................................................................................................... 338Servicekontingente .......................................................................................................... 340
Network Manager .................................................................................................................... 340Service-Endpunkte .......................................................................................................... 340Servicekontingente .......................................................................................................... 340
AWS OpsWorks ...................................................................................................................... 340Service-Endpunkte .......................................................................................................... 341Servicekontingente .......................................................................................................... 343
Organisationen ........................................................................................................................ 343Service-Endpunkte .......................................................................................................... 343Servicekontingente .......................................................................................................... 346
AWS Outposts ........................................................................................................................ 346Service-Endpunkte .......................................................................................................... 346
Amazon Personalize ................................................................................................................ 348Service-Endpunkte .......................................................................................................... 348
Amazon Pinpoint ..................................................................................................................... 350Service-Endpunkte .......................................................................................................... 351Servicekontingente .......................................................................................................... 352
Amazon Polly ......................................................................................................................... 354Service-Endpunkte .......................................................................................................... 354Servicekontingente .......................................................................................................... 355
QLDB .................................................................................................................................... 356Service Endpoints ........................................................................................................... 356Service Quotas ............................................................................................................... 357
Amazon QuickSight ................................................................................................................. 358Service-Endpunkte .......................................................................................................... 358
AWS RAM ............................................................................................................................. 359Service-Endpunkte .......................................................................................................... 360Servicekontingente .......................................................................................................... 361
Amazon Redshift ..................................................................................................................... 361Service-Endpunkte .......................................................................................................... 362Servicekontingente .......................................................................................................... 363
Amazon Rekognition ................................................................................................................ 364Service-Endpunkte .......................................................................................................... 364Servicekontingente .......................................................................................................... 365
Amazon RDS ......................................................................................................................... 368Service-Endpunkte .......................................................................................................... 368Servicekontingente .......................................................................................................... 372
Ressourcengruppen ................................................................................................................. 372Service-Endpunkte .......................................................................................................... 373Servicekontingente .......................................................................................................... 376
AWS RoboMaker .................................................................................................................... 376Service-Endpunkte .......................................................................................................... 376Servicekontingente .......................................................................................................... 377
Route 53 ................................................................................................................................ 380Service Endpoints ........................................................................................................... 380Service Quotas ............................................................................................................... 384
SageMaker ............................................................................................................................. 385Service-Endpunkte .......................................................................................................... 385Servicekontingente .......................................................................................................... 388
Secrets Manager ..................................................................................................................... 396Service-Endpunkte .......................................................................................................... 396Servicekontingente .......................................................................................................... 398
Security Hub .......................................................................................................................... 398
Version 1.0x
-
Allgemeine AWS-Referenz Referenzhandbuch
Service-Endpunkte .......................................................................................................... 398AWS STS .............................................................................................................................. 400
Service-Endpunkte .......................................................................................................... 400AWS SMS .............................................................................................................................. 402
Service-Endpunkte .......................................................................................................... 403Servicekontingente .......................................................................................................... 404
Servicekontingente .................................................................................................................. 404Service-Endpunkte .......................................................................................................... 405Servicekontingente .......................................................................................................... 406
AWS Serverless Application Repository ...................................................................................... 406Service-Endpunkte .......................................................................................................... 406Servicekontingente .......................................................................................................... 408
AWS Service Catalog .............................................................................................................. 408Service-Endpunkte .......................................................................................................... 408Servicekontingente .......................................................................................................... 410
Shield Advanced ..................................................................................................................... 411Service-Endpunkte .......................................................................................................... 411Servicekontingente .......................................................................................................... 413
Amazon SES .......................................................................................................................... 413Service-Endpunkte .......................................................................................................... 414Servicekontingente .......................................................................................................... 416
Amazon SNS .......................................................................................................................... 417Service-Endpunkte .......................................................................................................... 417Servicekontingente .......................................................................................................... 419
Amazon SQS ......................................................................................................................... 422Service-Endpunkte .......................................................................................................... 422Servicekontingente .......................................................................................................... 425
Amazon S3 ............................................................................................................................ 425Service-Endpunkte .......................................................................................................... 425Servicekontingente .......................................................................................................... 443
Amazon SWF ......................................................................................................................... 444Service-Endpunkte .......................................................................................................... 444Servicekontingente .......................................................................................................... 446
Amazon SimpleDB .................................................................................................................. 446Service-Endpunkte .......................................................................................................... 446Servicekontingente .......................................................................................................... 447
AWS SSO .............................................................................................................................. 447Service-Endpunkte .......................................................................................................... 447Servicekontingente .......................................................................................................... 448
Snow-Familie .......................................................................................................................... 449Service-Endpunkte .......................................................................................................... 449Servicekontingente .......................................................................................................... 451
Step Functions ........................................................................................................................ 451Service-Endpunkte .......................................................................................................... 451Servicekontingente .......................................................................................................... 453
AWS Storage Gateway ............................................................................................................ 453Service-Endpunkte .......................................................................................................... 453Servicekontingente .......................................................................................................... 455
AWS Support ......................................................................................................................... 456Service Endpoints ........................................................................................................... 456Service Quotas ............................................................................................................... 456
AWS Systems Manager ........................................................................................................... 456Service-Endpunkte .......................................................................................................... 457Servicekontingente .......................................................................................................... 459
Amazon Textract ..................................................................................................................... 467Service-Endpunkte .......................................................................................................... 467Servicekontingente .......................................................................................................... 468
Version 1.0xi
-
Allgemeine AWS-Referenz Referenzhandbuch
Amazon Transcribe ................................................................................................................. 468Service-Endpunkte .......................................................................................................... 469Servicekontingente .......................................................................................................... 471
Amazon Transcribe Medical ...................................................................................................... 472Service-Endpunkte .......................................................................................................... 473Servicekontingente .......................................................................................................... 473
AWS Transfer Family ............................................................................................................... 474Service-Endpunkte .......................................................................................................... 474Servicekontingente .......................................................................................................... 476
Amazon Translate ................................................................................................................... 476Service Endpoints ........................................................................................................... 476Service Quotas ............................................................................................................... 478
Amazon VPC .......................................................................................................................... 478Service-Endpunkte .......................................................................................................... 478Servicekontingente .......................................................................................................... 480
AWS WAF ............................................................................................................................. 480Service-Endpunkte .......................................................................................................... 481Servicekontingente .......................................................................................................... 482
AWS WAF Classic .................................................................................................................. 483Service-Endpunkte .......................................................................................................... 484Servicekontingente .......................................................................................................... 487
Amazon WorkDocs .................................................................................................................. 488Service-Endpunkte .......................................................................................................... 489
Amazon WorkLink ................................................................................................................... 489Service-Endpunkte .......................................................................................................... 489
Amazon WorkMail ................................................................................................................... 490Service-Endpunkte .......................................................................................................... 490Servicekontingente .......................................................................................................... 491
Amazon WorkSpaces ............................................................................................................... 491Service-Endpunkte .......................................................................................................... 491Servicekontingente .......................................................................................................... 492
X-Ray .................................................................................................................................... 493Service-Endpunkte .......................................................................................................... 493Servicekontingente .......................................................................................................... 494
AWS-Ressourcen ............................................................................................................................ 496AWS-Service-Endpunkte .......................................................................................................... 496
Regionale Endpunkte ....................................................................................................... 496Anzeigen von Service-Endpunkten ..................................................................................... 497FIPS-Endpunkte .............................................................................................................. 498Weitere Informationen ...................................................................................................... 498
Verwalten von AWS-Regionen .................................................................................................. 498Aktivieren einer Region .................................................................................................... 499Deaktivieren einer Region ................................................................................................ 499Beschreiben Ihrer Regionen mithilfe der AWS CLI ................................................................ 500
AWS-Servicekontingente .......................................................................................................... 500Taggen von AWS-Ressourcen .................................................................................................. 501
Bewährte Methoden ......................................................................................................... 502Tagging-Kategorien ......................................................................................................... 502Beschränkungen und Anforderungen für die Benennung von Tags .......................................... 503Häufig verwendete Tagging-Strategien ............................................................................... 504Tagging-Governance ........................................................................................................ 505Weitere Informationen ...................................................................................................... 505
Amazon-Ressourcennamen (ARNs) ........................................................................................... 505Format ........................................................................................................................... 506Ressourcen-ARNs ........................................................................................................... 507
IP-Adressbereiche für AWS .............................................................................................................. 508Download ............................................................................................................................... 508
Version 1.0xii
-
Allgemeine AWS-Referenz Referenzhandbuch
Syntax ................................................................................................................................... 508Filtern der JSON-Datei ............................................................................................................. 510
Windows ........................................................................................................................ 510Linux ............................................................................................................................. 511
Implementieren der Kontrolle ausgehenden Datenverkehrs ............................................................ 513Windows PowerShell ....................................................................................................... 513jq .................................................................................................................................. 513Python ........................................................................................................................... 514
Benachrichtigungen zu den IP-Adressbereichen von AWS ............................................................. 514Versionshinweise ..................................................................................................................... 516
AWS APIs ...................................................................................................................................... 517API-Wiederholversuche ............................................................................................................ 517Signieren von AWS-API-Anforderungen ...................................................................................... 519
Wann müssen Anforderungen signiert werden? ................................................................... 519Warum werden Anforderungen signiert? ............................................................................. 519Signieren von Anforderungen ............................................................................................ 520Signaturversionen ............................................................................................................ 520Signaturprozess mit Signaturversion 4 ................................................................................ 520Signaturprozess mit Signature Version 2 ............................................................................. 551
AWS-SDK-Support für die clientseitige Amazon S3-Verschlüsselung ............................................... 558AWS-SDK-Funktionen für die clientseitige Amazon S3-Verschlüsselung ................................... 558Amazon S3Verschlüsselungsalgorithmen für -Verschlüsselungs-Clients ................................... 559
Dokumentkonventionen .................................................................................................................... 561AWS-Glossar .................................................................................................................................. 563................................................................................................................................................. dcxxiv
Version 1.0xiii
-
Allgemeine AWS-Referenz Referenzhandbuch
AWS General ReferenceAWS General Reference enthält Informationen, die für alle Amazon Web Services nützlich sind.
Inhalt
• AWS-Sicherheitsanmeldeinformationen (p. 2)• Service Endpunkte und Kontingente (p. 18)• AWS-Ressourcen (p. 496)• IP-Adressbereiche für AWS (p. 508)• AWS APIs (p. 517)• Dokumentkonventionen (p. 561)• AWS-Glossar (p. 563)
Version 1.01
-
Allgemeine AWS-Referenz ReferenzhandbuchAWS-Benutzer
AWS-Sicherheitsanmeldeinformationen
Wenn Sie mit AWS interagieren, geben Sie Ihre AWS-Sicherheitsanmeldeinformationen an, um zuüberprüfen, wer Sie sind und ob Sie die Zugriffsberechtigung für die Ressourcen haben, die Sie anfordern.AWS verwendet die Sicherheitsanmeldeinformationen zur Authentifizierung und Autorisierung IhrerAnforderungen.
Wenn Sie beispielsweise eine geschützte Datei aus einem Amazon Simple Storage Service (Amazon S3)-Bucket herunterladen möchten, müssen Ihre Anmeldeinformationen diesen Zugriff zulassen. Wenn IhreAnmeldeinformationen nicht autorisiert sind, die Datei herunterzuladen, verweigert AWS Ihre Anforderung.Ihre AWS-Sicherheitsanmeldeinformationen sind jedoch nicht erforderlich, um eine Datei in einem öffentlichfreigegebenen Amazon S3-Bucket herunterzuladen.
Inhalt• Stammbenutzer des AWS-Kontos-Anmeldeinformationen und IAM-
Benutzeranmeldeinformationen (p. 2)• Verstehen und Abrufen Ihrer AWS-Anmeldeinformationen (p. 4)• Ihre AWS-Konto-IDs (p. 6)• Bewährte Methoden für die Verwaltung von AWS-Zugriffsschlüsseln (p. 9)• AWS security audit guidelines (p. 12)
Stammbenutzer des AWS-Kontos-Anmeldeinformationen und IAM-Benutzeranmeldeinformationen
Es gibt zwei verschiedene Arten von Benutzern in AWS. Sie sind entweder der Kontoinhaber (Root-Benutzer) oder Sie sind ein AWS Identity and Access Management (IAM)-Benutzer. Der Root-Benutzer wird erstellt, wenn das AWS-Konto erstellt wird und IAM-Benutzer vom Root-Benutzeroder von einem IAM-Administrator für das Konto erstellt werden. Alle AWS-Benutzer verfügen überSicherheitsanmeldeinformationen.
Root-Benutzer-Anmeldeinformationen
Die Anmeldeinformationen des Kontoinhabers erlauben vollen Zugriff auf alle Ressourcen im Konto. Siekönnen -RichtlinienIAM nicht verwenden, um den -Zugriff auf Ressourcen explizit zu verweigern.Root-Benutzer Sie können nur eine AWS OrganizationsService-Kontrollrichtlinie (Service Control Policy, SCP)verwenden, um die Berechtigungen der einzuschränken.Root-Benutzer Aus diesem Grund empfehlenwir, dass Sie einen IAM-Benutzer mit Administratorberechtigungen für die Verwendung für tägliche AWS-Aufgaben erstellen und die Zugriffsschlüssel für die Root-Benutzer sperren.
Es gibt bestimmte Aufgaben, die auf Stammbenutzer des AWS-Kontos beschränkt sind. Beispielsweisekann nur die Root-Benutzer Ihr Konto schließen. Wenn Sie eine Aufgabe ausführen müssen, die Root-
Version 1.02
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.html
-
Allgemeine AWS-Referenz ReferenzhandbuchAufgaben, die Root-Benutzer-
Anmeldeinformationen erfordern
Benutzer erfordert, melden Sie sich bei der AWS Management Console mit der E-Mail-Adresse unddem Passwort der Root-Benutzer an. Weitere Informationen finden Sie im Aufgaben, die Root-Benutzer-Anmeldeinformationen erfordern (p. 3).
IAM-Anmeldeinformationen
Mit IAM können Sie den Zugriff auf AWS-Services und -Ressourcen für die Benutzer Ihres AWS-Kontossicher kontrollieren. Wenn Sie beispielsweise Administratorberechtigungen benötigen, können Sie einenIAM-Benutzer erstellen, diesem Benutzer vollständigen Zugriff gewähren und diese Anmeldeinformationendann für die Interaktion mit AWS verwenden. Müssen Sie Ihre Berechtigungen ändern oder aufheben,können Sie sie löschen oder die Richtlinien ändern, die mit dem betreffenden IAM-Benutzer verknüpft sind.
Wenn mehrere Ihrer Benutzer Zugriff auf Ihr AWS-Konto haben, können Sie eindeutigeAnmeldeinformationen für jeden Benutzer erstellen und festlegen, wer Zugriff auf welche Ressourcen hat.Sie müssen keine Anmeldeinformationen teilen. Sie können beispielsweise IAM-Benutzer mit Lesezugriffauf Ressourcen in Ihrem AWS-Konto erstellen und diese Anmeldeinformationen an Benutzer verteilen.
Aufgaben, die Root-Benutzer-AnmeldeinformationenerfordernWir empfehlen die Verwendung eines IAM-Benutzers mit entsprechenden Berechtigungen zum Ausführenvon Aufgaben und zum Zugriff auf AWS-Ressourcen. Sie können die unten aufgeführten Aufgaben abernur ausführen, wenn Sie als Root-Benutzer eines Kontos angemeldet sind.
Tasks
• Ändern Ihrer Kontoeinstellungen. Dazu gehören der Kontoname, das Root-Benutzer-Passwort und dieE-Mail-Adresse. Andere Kontoeinstellungen wie Kontaktinformationen, Zahlungswährung und Regionenerfordern keine Root-Benutzer-Anmeldeinformationen.
• Anzeigen bestimmter Steuerrechnungen. Ein IAM-Benutzer mit der Berechtigung aws-portal:ViewBillingkann Rechnungen mit Mehrwertsteuer aus AWS Europa anzeigen und herunterladen, jedoch nicht vonAWS Inc oder Amazon Internet Services Pvt. Ltd (AISPL).
• Schließen Sie Ihr AWS-Konto.• Stellen Sie IAM-Benutzerberechtigungen wieder her. Wenn der einzige IAM-Administrator versehentlich
seine eigenen Berechtigungen widerruft, können Sie sich als Root-Benutzer anmelden, um die Richtlinienzu bearbeiten und diese Berechtigungen wiederherzustellen.
• Ändern Sie Ihren AWS Support-Plan oder kündigen Sie Ihren AWS Support-Plan auf. WeitereInformationen finden Sie unter IAM für AWS Support.
• Sie haben sich im Reserved Instance Marketplace als Verkäufer registriert.• Konfigurieren eines Amazon S3-Buckets zur Aktivierung des Löschens mit MFA (Multifaktor-
Authentifizierung).• Bearbeiten oder Löschen einer Amazon S3-Bucket-Richtlinie mit einer ungültigen VPC-ID oder VPC-
Endpunkt-ID.• Registrieren für GovCloud.
Troubleshooting
Wenn Sie keine dieser Aufgaben mit Ihren Root-Benutzer-Anmeldeinformationen ausführenkönnen, ist Ihr Konto möglicherweise Mitglied einer Organisation in AWS Organizations. Wenn IhrOrganisationsadministrator eine Service-Kontrollrichtlinie (Service Control Policy, SCP) verwendet hat, umdie Berechtigungen Ihres Kontos einzuschränken, sind Ihre Root-Benutzer-Berechtigungen möglicherweisebetroffen. Weitere Informationen finden Sie unter Service-Kontrollrichtlinien im AWS Organizations-Benutzerhandbuch.
Version 1.03
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentialshttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentialshttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#manage-account-payment-edit-user-namehttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissionshttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.htmlhttp://aws.amazon.com/premiumsupport/knowledge-center/change-support-plan/http://aws.amazon.com/premiumsupport/knowledge-center/cancel-support-plan/http://aws.amazon.com/premiumsupport/iam-access/https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.htmlhttps://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDeletehttps://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDeletehttps://docs.aws.amazon.com/govcloud-us/latest/UserGuide/getting-started-sign-up.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.html
-
Allgemeine AWS-Referenz ReferenzhandbuchAWS-Anmeldeinformationen
Verstehen und Abrufen Ihrer AWS-Anmeldeinformationen
AWS erfordert verschiedene Arten von Sicherheitsanmeldeinformationen, je nachdem, wie Sie auf AWSzugreifen. Sie benötigen beispielsweise einen Benutzernamen und ein Passwort, um sich bei der AWSManagement Console anzumelden, und Sie benötigen Zugriffsschlüssel, um programmgesteuerte Aufrufean AWS auszuführen oder AWS Command Line Interface oder AWS-Tools für PowerShell zu verwenden.
Considerations
• Speichern Sie Folgendes an einem sicheren Ort: die mit Ihrem AWS-Konto verknüpfte E-Mail-Adresse, die AWS-Konto-ID, Ihr Passwort und Ihre geheimen Zugriffsschlüssel. Wenn Siediese Anmeldeinformationen vergessen oder verlieren, können Sie sie nicht wiederherstellen.Aus Sicherheitsgründen stellt AWS Ihnen oder jemand anderem die Möglichkeit bereit, IhreAnmeldeinformationen abzurufen.
• Wir empfehlen dringend, dass Sie einen IAM-Benutzer mit Administratorberechtigungen für dieVerwendung für tägliche AWS-Aufgaben erstellen und das Passwort und die Zugriffsschlüssel für dieRoot-Benutzer absichern. Verwenden Sie die Root-Benutzer nur für die Aufgaben, die auf die Root-Benutzer beschränkt sind.
• Sicherheitsanmeldeinformationen gelten jeweils für ein Konto. Wenn Sie Zugriff auf mehrere AWS-Konten haben, verfügen Sie über separate Anmeldeinformationen für jedes