CloudAWS

AWS Service Principals List

AWS Service Principals List

  • a4b.amazonaws.com
  • access-analyzer.amazonaws.com
  • account.amazonaws.com
  • acm-pca.amazonaws.com
  • acm.amazonaws.com
  • airflow-env.amazonaws.com
  • airflow.amazonaws.com
  • alexa-appkit.amazon.com
  • alexa-connectedhome.amazon.com
  • amazonmq.amazonaws.com
  • amplify.amazonaws.com
  • apigateway.amazonaws.com
  • appflow.amazonaws.com
  • application-autoscaling.amazonaws.com
  • application-insights.amazonaws.com
  • appstream.amazonaws.com
  • appstream.application-autoscaling.amazonaws.com
  • appsync.amazonaws.com
  • athena.amazonaws.com
  • automation.amazonaws.com
  • autoscaling.amazonaws.com
  • aws-artifact-account-sync.amazonaws.com
  • backup.amazonaws.com
  • batch.amazonaws.com
  • billingconsole.amazonaws.com
  • braket.amazonaws.com
  • budgets.amazonaws.com
  • ce.amazonaws.com
  • channels.lex.amazonaws.com
  • chatbot.amazonaws.com
  • chime.amazonaws.com
  • cloud9.amazonaws.com
  • clouddirectory.amazonaws.com
  • cloudformation.amazonaws.com
  • cloudfront.amazonaws.com
  • cloudhsm.amazonaws.com
  • cloudsearch.amazonaws.com
  • cloudtrail.amazonaws.com
  • cloudwatch.amazonaws.com
  • cloudwatch-crossaccount.amazonaws.com
  • codebuild.amazonaws.com
  • codecommit.amazonaws.com
  • codedeploy.${aws::region}.amazonaws.com
  • codedeploy.amazonaws.com
  • codeguru-reviewer.amazonaws.com
  • codepipeline.amazonaws.com
  • codestar-notifications.amazonaws.com
  • codestar.amazonaws.com
  • cognito-identity.amazonaws.com
  • cognito-idp.amazonaws.com
  • cognito-sync.amazonaws.com
  • comprehend.amazonaws.com
  • config-conforms.amazonaws.com
  • config-multiaccountsetup.amazonaws.com
  • config.amazonaws.com
  • connect.amazonaws.com
  • continuousexport.discovery.amazonaws.com
  • costalerts.amazonaws.com
  • custom-resource.application-autoscaling.amazonaws.com
  • databrew.amazonaws.com
  • datapipeline.amazonaws.com
  • datasync.amazonaws.com
  • dax.amazonaws.com
  • deeplens.amazonaws.com
  • delivery.logs.amazonaws.com
  • diode.amazonaws.com
  • directconnect.amazonaws.com
  • discovery.amazonaws.com
  • dlm.amazonaws.com
  • dms.amazonaws.com
  • ds.amazonaws.com
  • dynamodb.amazonaws.com
  • dynamodb.application-autoscaling.amazonaws.com
  • ec.amazonaws.com
  • ec2.amazonaws.com
  • ec2.application-autoscaling.amazonaws.com
  • ec2fleet.amazonaws.com
  • ec2scheduled.amazonaws.com
  • ecr.amazonaws.com
  • ecs-tasks.amazonaws.com
  • ecs.amazonaws.com
  • ecs.application-autoscaling.amazonaws.com
  • edgelambda.amazonaws.com
  • eks-fargate-pods.amazonaws.com
  • eks-fargate.amazonaws.com
  • eks-nodegroup.amazonaws.com
  • eks.amazonaws.com
  • elasticache.amazonaws.com
  • elasticbeanstalk.amazonaws.com
  • elasticfilesystem.amazonaws.com
  • elasticloadbalancing.amazonaws.com
  • elasticmapreduce.amazonaws.com
  • elastictranscoder.amazonaws.com
  • email.cognito-idp.amazonaws.com
  • emr-containers.amazonaws.com
  • es.amazonaws.com
  • events.amazonaws.com
  • firehose.amazonaws.com
  • fms.amazonaws.com
  • forecast.amazonaws.com
  • freertos.amazonaws.com
  • fsx.amazonaws.com
  • galaxy.amazonaws.com
  • gamelift.amazonaws.com
  • glacier.amazonaws.com
  • globalaccelerator.amazonaws.com
  • glue.amazonaws.com
  • greengrass.amazonaws.com
  • guardduty.amazonaws.com
  • health.amazonaws.com
  • honeycode.amazonaws.com
  • iam.amazonaws.com
  • imagebuilder.amazonaws.com
  • importexport.amazonaws.com
  • inspector.amazonaws.com
  • iot.amazonaws.com
  • iotanalytics.amazonaws.com
  • iotevents.amazonaws.com
  • iotsitewise.amazonaws.com
  • iotthingsgraph.amazonaws.com
  • ivs.amazonaws.com
  • jellyfish.amazonaws.com
  • kafka.amazonaws.com
  • kinesis.amazonaws.com
  • kinesis.{us-gov-region}.amazonaws.com
  • kinesisanalytics.amazonaws.com
  • kms.amazonaws.com
  • lakeformation.amazonaws.com
  • lambda.amazonaws.com
  • lex.amazonaws.com
  • license-manager.amazonaws.com
  • lightsail.amazonaws.com
  • logger.cloudfront.amazonaws.com
  • logs.amazonaws.com
  • machinelearning.amazonaws.com
  • macie.amazonaws.com
  • managedblockchain.amazonaws.com
  • managedservices.amazonaws.com
  • mediaconnect.amazonaws.com
  • mediaconvert.amazonaws.com
  • mediapackage.amazonaws.com
  • mediastore.amazonaws.com
  • mediatailor.amazonaws.com
  • member.org.stacksets.cloudformation.amazonaws.com
  • metering-marketplace.amazonaws.com
  • mgn.amazonaws.com
  • migrationhub.amazonaws.com
  • mobileanalytics.amazonaws.com
  • mobilehub.amazonaws.com
  • monitoring.amazonaws.com
  • monitoring.rds.amazonaws.com
  • mq.amazonaws.com
  • network-firewall.amazonaws.com
  • ops.apigateway.amazonaws.com
  • opsworks-cm.amazonaws.com
  • opsworks.amazonaws.com
  • organizations.amazonaws.com
  • personalize.amazonaws.com
  • pinpoint.amazonaws.com
  • polly.amazonaws.com
  • purchaseorders.amazonaws.com
  • qldb.amazonaws.com
  • quicksight.amazonaws.com
  • ram.amazonaws.com
  • rds-preview.amazonaws.com
  • rds.amazonaws.com
  • redshift.amazonaws.com
  • rekognition.amazonaws.com
  • replication.dynamodb.amazonaws.com
  • replicator.lambda.amazonaws.com
  • resource-groups.amazonaws.com
  • robomaker.amazonaws.com
  • route53.amazonaws.com
  • route53domains.amazonaws.com
  • route53resolver.amazonaws.com
  • s3.amazonaws.com
  • sagemaker.amazonaws.com
  • secretsmanager.amazonaws.com
  • securityhub.amazonaws.com
  • serverlessrepo.amazonaws.com
  • servicecatalog-appregistry.amazonaws.com
  • servicecatalog.amazonaws.com
  • servicediscovery.amazonaws.com
  • ses.amazonaws.com
  • shield.amazonaws.com
  • signer.amazonaws.com
  • signin.amazonaws.com
  • sms.amazonaws.com
  • sns.amazonaws.com
  • spotfleet.amazonaws.com
  • sqs.amazonaws.com
  • ssm-incidents.amazonaws.com
  • ssm.amazonaws.com
  • sso.amazonaws.com
  • states.amazonaws.com
  • storagegateway.amazonaws.com
  • streams.metrics.cloudwatch.amazonaws.com
  • sts.amazonaws.com
  • support.amazonaws.com
  • swf.amazonaws.com
  • tagging.amazonaws.com
  • tagpolicies.tag.amazonaws.com
  • textract.amazonaws.com
  • timestream.amazonaws.com
  • transcribe.amazonaws.com
  • transfer.amazonaws.com
  • transitgateway.amazonaws.com
  • translate.amazonaws.com
  • trustedadvisor.amazonaws.com
  • tts.amazonaws.com
  • vmie.amazonaws.com
  • vpc-flow-logs.amazonaws.com
  • waf-regional.amazonaws.com
  • waf.amazonaws.com
  • wam.amazonaws.com
  • workdocs.amazonaws.com
  • worklink.amazonaws.com
  • workmail.amazonaws.com
  • workspaces.amazonaws.com
  • xray.amazonaws.com
  • {region}.elasticache-snapshot.amazonaws.com
CloudAWS

AWS - CloudFront Functions / Lambda@Edge

CloudFront Functions / Lambda@Edge 比較

- CloudFront Functions Lambda@Edge
ランタイムサポート JavaScript
(ECMAScript 5.1 準拠)		 Node.js, Python
実⾏場所 310+CloudFront
エッジロケーション		 13 CloudFront
リージョン別エッジキャッシュ
サポートされるCloudFront
トリガー		 ビューアリクエスト
ビューアレスポンス		 ビューアリクエスト、ビューアレスポンス
オリジンリクエスト、オリジンレスポンス
最⼤実⾏時間 1 ミリ秒未満 5 秒(ビューアリクエスト)
30 秒(オリジンリクエスト)
最⼤メモリ 2MB 128 MB (ビューアリクエスト)
10 GB (オリジンリクエスト)
合計サイズ 10 KB 1 MB (ビューアリクエスト)
50 MB (オリジンリクエスト)
ネットワークアクセス 不可
ファイルシステムアクセス 不可
リクエストBody へのアクセス 不可
CloudAWS

AWS - CloudFront / Global Accelerator

CloudFront / Global Accelerator 比較

- CloudFront Global Accelerator
エッジロケーションの利⽤ Yes Yes
⾼速化 Yes Yes
Web コンテンツのキャッシュ Yes No
対応するプロトコル HTTP/S TCP/UDP
対応するポート 80/443 ANY
利⽤するIPの数 多数 2つ
クライアントIP の保存 NO
(X-Forwarded-For, CloudFront-Viewer-Address ヘッダから取得可能)		 Yes (ALB)
AWS サービス以外のオリジン利⽤ Yes No
オリジンの隠匿
(Origin Cloaking)		 No
(CloudFront マネージドプレフィックスリストで制限)		 Yes
DDoS 対策(Shield Advanced) Yes Yes
AWS WAF の利⽤ Yes No (ALB利用で可)
CloudAWS

SNS - 配信ステータスのログ全リージョン・全トピック有効化

Security Hub - SNS.2

AWS CLI SHELL

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/env bash

AccountID=************
SuccessSampleRate=100
IAMRoleForSuccessful=SNSSuccessFeedback
IAMRoleForFailed=SNSFailureFeedback


if [ "$AWS_PROFILE" = "" ]; then
  echo "No AWS_PROFILE set"
  exit 1
fi

for region in $(aws ec2 describe-regions --region ap-northeast-1 | jq -r .Regions[].RegionName); do

  for arn in $(aws sns --region ${region} list-topics | jq -r .Topics[].TopicArn); do

    echo "* ${region} - ${arn}"

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"

  done

done


CloudAWS

AWS - S3 ストレージクラス

S3 ストレージクラス

ストレージクラス S3 Standard(S3 標準) S3 Intelligent-Tiering S3 Standard-IA(S3 標準-IA) S3 One Zone-IA (S3 1ゾーン-IA) S3 Glacier Instant Retrieval S3 Glacier Flexible Retrieval S3 Glacier Deep Archive
AZ 3つ以上のAZ 3つ以上のAZ 3つ以上のAZ 1つのAZ 3つ以上のAZ 3つ以上のAZ
想定されるデータタイプ 頻繁にアクセスされるアクティブデータ アクセスパターンが変化するデータ アクセス頻度が低いデータ 再⽣可能でアクセス頻度が低いデータ めったにアクセスされないデータ アーカイブデータ ⻑期保存のアーカイブデータ
設計上の耐久性 99.999999999% 99.999999999% 99.999999999% 99.999999999% 99.999999999% 99.999999999% 99.999999999%
設計上の可用性 99.99% 99.9% 99.9% 99.5% 99.9% 99.99% 99.99%
可用性(SLA) 99.9% 99% 99% 99% 99% 99.9% 99.9%
レイテンシー ミリ秒単位のアクセス ミリ秒単位のアクセス ミリ秒単位のアクセス ミリ秒単位のアクセス ミリ秒単位のアクセス 分から時間単位の復元(数分〜12時間) 時間単位の復元(12〜48時間)
取り出し料金 - - GBあたり GBあたり GBあたり GBあたり GBあたり
最低保存期間 - - 30日 30日 90日 90日 180日
最小オブジェクトサイズ - - 128KB 128KB 128KB 40KB 40KB
ストレージ価格 0.025 〜0.023 USD/GB ⽉ 0.025 〜0.002 USD/GB ⽉ 0.0138 USD/GB ⽉ 0.011 USD/GB ⽉ 0.005 USD/GB ⽉ 0.0045 USD/GB ⽉ 0.002 USD/GB ⽉

※ストレージ価格は2021/12 東京リージョン価格