🐥

AWSサービス一覧とプレフィックス(名前空間)一覧を取得しマークダウンにするワンライナー

2024/07/10に公開

AWS

AWS CLI

tech

はじめに

SCPを利用して利用可能なサービスを制限したいといった場合Actionにサービスを "ec2:*" といった形で指定するわけですが、このec2の部分、すなわち名前空間が何があるのかが知りたい。

以下のAWSドキュメントの各サービスのページにサービスプレフィックス(サービスプレフィクス)は記載されているのですがこれは見ていられない。

ということで彷徨っていたところクラスメソッドさんの素晴らしい記事が。

ただ、私の環境では、記事で紹介いただいているワンライナーで generate-service-last-accessed-details のジョブについて、常に処理が間に合わずに何度実行しても以下のエラーになってしまいます。

jq: error (at <stdin>:5): Cannot iterate over null (null)

これはjqの部分を削除して実行すればわかりますが、generate-service-last-accessed-detailsのジョブがIN_PROGRESS状態であるためです。

$ aws iam get-service-last-accessed-details --job-id `aws iam generate-service-last-accessed-details --arn arn:aws:iam::aws:policy/AdministratorAccess --output text` --max-items 1000
{
    "JobStatus": "IN_PROGRESS",
    "JobCreationDate": "2024-07-10T10:41:28.085000+00:00",
    "IsTruncated": false
}

そのため少しだけsleepを入れることでラグを回避するようにしました。
また、出力が見やすいようにマークダウンの表として出力されるように調整いたしました。

ワンライナー

sleep 5をハードコードしているので環境によってはもっと長くしないといけなかったり、なくてもOKかもしれません。

※実行環境は Mac です。

$ aws iam get-service-last-accessed-details --job-id $(aws iam generate-service-last-accessed-details --arn arn:aws:iam::aws:policy/AdministratorAccess --output text; sleep 5) --max-items 1000 | jq -r '.ServicesLastAccessed[] | "| \(.ServiceName) | \(.ServiceNamespace) |"' | { echo "| Service Name | Service Namespace |"; echo "|---|---|"; cat; }

これで、マークダウンの表として出力されます。

| Service Name | Service Namespace |
|---|---|
| AWS App2Container | a2c |
| Alexa for Business | a4b |
| AWS IAM Access Analyzer | access-analyzer |
| AWS Account Management | account |
| AWS Certificate Manager | acm |
...略

2024/12/21 時点のAWSサービスと名前空間の一覧

Service Name	Service Namespace
AWS App2Container	a2c
Alexa for Business	a4b
AWS IAM Access Analyzer	access-analyzer
AWS Account Management	account
AWS Certificate Manager	acm
AWS Private Certificate Authority	acm-pca
AWS Activate	activate
Amazon AI Operations	aiops
Amazon Managed Workflows for Apache Airflow	airflow
AWS Amplify	amplify
AWS Amplify Admin	amplifybackend
AWS Amplify UI Builder	amplifyuibuilder
Amazon OpenSearch Serverless	aoss
Manage - Amazon API Gateway	apigateway
Amazon AppIntegrations	app-integrations
AWS AppConfig	appconfig
AWS AppFabric	appfabric
Amazon AppFlow	appflow
AWS Application Auto Scaling	application-autoscaling
AWS Application Cost Profiler Service	application-cost-profiler
Amazon CloudWatch Application Signals	application-signals
AWS Application Transformation Service	application-transformation
Amazon CloudWatch Application Insights	applicationinsights
AWS App Mesh	appmesh
AWS App Mesh Preview	appmesh-preview
AWS App Runner	apprunner
Amazon AppStream 2.0	appstream
AWS App Studio	appstudio
AWS AppSync	appsync
AWS Mainframe Modernization Application Testing	apptest
Amazon Managed Service for Prometheus	aps
Amazon Application Recovery Controller - Zonal Shift	arc-zonal-shift
Application Discovery Arsenal	arsenal
AWS Artifact	artifact
Amazon Athena	athena
AWS Audit Manager	auditmanager
Amazon EC2 Auto Scaling	autoscaling
AWS Auto Scaling	autoscaling-plans
AWS Marketplace	aws-marketplace
AWS Marketplace Management Portal	aws-marketplace-management
AWS Billing Console	aws-portal
AWS Connector Service	awsconnector
AWS B2B Data Interchange	b2bi
AWS Backup	backup
AWS Backup Gateway	backup-gateway
AWS Backup Search	backup-search
AWS Backup storage	backup-storage
AWS Batch	batch
AWS Billing And Cost Management Data Exports	bcm-data-exports
AWS Billing And Cost Management Pricing Calculator	bcm-pricing-calculator
Amazon Bedrock	bedrock
AWS Billing	billing
AWS Billing Conductor	billingconductor
Amazon Braket	braket
AWS Budget Service	budgets
AWS BugBust	bugbust
Amazon Connect Cases	cases
Amazon Keyspaces (for Apache Cassandra)	cassandra
AWS Cost Explorer Service	ce
AWS Chatbot	chatbot
Amazon Chime	chime
AWS Clean Rooms	cleanrooms
AWS Clean Rooms ML	cleanrooms-ml
AWS Cloud9	cloud9
Amazon Cloud Directory	clouddirectory
AWS CloudFormation	cloudformation
Amazon CloudFront	cloudfront
Amazon CloudFront KeyValueStore	cloudfront-keyvaluestore
AWS CloudHSM	cloudhsm
Amazon CloudSearch	cloudsearch
AWS CloudShell	cloudshell
AWS CloudTrail	cloudtrail
AWS CloudTrail Data	cloudtrail-data
Amazon CloudWatch	cloudwatch
AWS CodeArtifact	codeartifact
AWS CodeBuild	codebuild
Amazon CodeCatalyst	codecatalyst
AWS CodeCommit	codecommit
AWS CodeConnections	codeconnections
AWS CodeDeploy	codedeploy
AWS CodeDeploy secure host commands service	codedeploy-commands-secure
Amazon CodeGuru	codeguru
Amazon CodeGuru Profiler	codeguru-profiler
Amazon CodeGuru Reviewer	codeguru-reviewer
Amazon CodeGuru Security	codeguru-security
AWS CodePipeline	codepipeline
AWS CodeStar	codestar
AWS CodeStar Connections	codestar-connections
AWS CodeStar Notifications	codestar-notifications
Amazon CodeWhisperer	codewhisperer
Amazon Cognito Identity	cognito-identity
Amazon Cognito User Pools	cognito-idp
Amazon Cognito Sync	cognito-sync
Amazon Comprehend	comprehend
Amazon Comprehend Medical	comprehendmedical
AWS Compute Optimizer	compute-optimizer
AWS Config	config
Amazon Connect	connect
Amazon Connect Outbound Campaigns	connect-campaigns
AWS Console Mobile App	consoleapp
AWS Consolidated Billing	consolidatedbilling
AWS Control Catalog	controlcatalog
AWS Control Tower	controltower
AWS Cost Optimization Hub	cost-optimization-hub
AWS Cost and Usage Report	cur
AWS Customer Verification Service	customer-verification
AWS Glue DataBrew	databrew
AWS Data Exchange	dataexchange
AWS Data Pipeline	datapipeline
AWS DataSync	datasync
Amazon DataZone	datazone
Amazon DynamoDB Accelerator (DAX)	dax
Database Query Metadata Service	dbqms
AWS Deadline Cloud	deadline
AWS DeepComposer	deepcomposer
AWS DeepLens	deeplens
AWS DeepRacer	deepracer
Amazon Detective	detective
AWS Device Farm	devicefarm
Amazon DevOps Guru	devops-guru
AWS Direct Connect	directconnect
AWS Application Discovery Service	discovery
Amazon Data Lifecycle Manager	dlm
AWS Database Migration Service	dms
Amazon DocumentDB Elastic Clusters	docdb-elastic
AWS Elastic Disaster Recovery	drs
AWS Directory Service	ds
AWS Directory Service Data	ds-data
Amazon Aurora DSQL	dsql
Amazon DynamoDB	dynamodb
Amazon Elastic Block Store	ebs
Amazon EC2	ec2
Amazon EC2 Instance Connect	ec2-instance-connect
Amazon Message Delivery Service	ec2messages
Amazon Elastic Container Registry	ecr
Amazon Elastic Container Registry Public	ecr-public
Amazon Elastic Container Service	ecs
Amazon Elastic Kubernetes Service	eks
Amazon EKS Auth	eks-auth
Amazon Elastic Inference	elastic-inference
Amazon ElastiCache	elasticache
AWS Elastic Beanstalk	elasticbeanstalk
Amazon Elastic File System	elasticfilesystem
Elastic Load Balancing	elasticloadbalancing
Amazon Elastic MapReduce	elasticmapreduce
Amazon Elastic Transcoder	elastictranscoder
AWS Elemental Appliances and Software Activation Service	elemental-activations
AWS Elemental Appliances and Software	elemental-appliances-software
AWS Elemental Support Cases	elemental-support-cases
AWS Elemental Support Content	elemental-support-content
Amazon EMR on EKS (EMR Containers)	emr-containers
Amazon EMR Serverless	emr-serverless
AWS Entity Resolution	entityresolution
Amazon OpenSearch Service	es
Amazon EventBridge	events
Amazon CloudWatch Evidently	evidently
Amazon API Gateway	execute-api
Amazon FinSpace	finspace
Amazon FinSpace API	finspace-api
Amazon Kinesis Firehose	firehose
AWS Fault Injection Service	fis
AWS Firewall Manager	fms
Amazon Forecast	forecast
Amazon Fraud Detector	frauddetector
Amazon FreeRTOS	freertos
AWS Free Tier	freetier
Amazon FSx	fsx
Amazon GameLift	gamelift
Amazon Location	geo
Amazon Location Service Maps	geo-maps
Amazon Location Service Places	geo-places
Amazon Location Service Routes	geo-routes
Amazon S3 Glacier	glacier
AWS Global Accelerator	globalaccelerator
AWS Glue	glue
Amazon Managed Grafana	grafana
AWS IoT Greengrass	greengrass
AWS Ground Station	groundstation
Amazon GroundTruth Labeling	groundtruthlabeling
Amazon GuardDuty	guardduty
AWS Health APIs and Notifications	health
AWS HealthLake	healthlake
Amazon Honeycode	honeycode
AWS Identity and Access Management	iam
AWS Identity Sync	identity-sync
AWS Identity Store	identitystore
AWS Identity Store Auth	identitystore-auth
Amazon EC2 Image Builder	imagebuilder
AWS Import Export	importexport
Amazon Inspector	inspector
Amazon InspectorScan	inspector-scan
Amazon Inspector2	inspector2
Amazon CloudWatch Internet Monitor	internetmonitor
AWS Invoicing Service	invoicing
AWS IoT	iot
AWS IoT Device Tester	iot-device-tester
AWS IoT 1-Click	iot1click
AWS IoT Analytics	iotanalytics
AWS IoT Core Device Advisor	iotdeviceadvisor
AWS IoT Events	iotevents
AWS IoT Fleet Hub for Device Management	iotfleethub
AWS IoT FleetWise	iotfleetwise
AWS IoT Jobs DataPlane	iotjobsdata
AWS IoT SiteWise	iotsitewise
AWS IoT TwinMaker	iottwinmaker
AWS IoT Wireless	iotwireless
AWS IQ	iq
AWS IQ Permissions	iq-permission
Amazon Interactive Video Service	ivs
Amazon Interactive Video Service Chat	ivschat
Amazon Managed Streaming for Apache Kafka	kafka
Apache Kafka APIs for Amazon MSK clusters	kafka-cluster
Amazon Managed Streaming for Kafka Connect	kafkaconnect
Amazon Kendra	kendra
Amazon Kendra Intelligent Ranking	kendra-ranking
Amazon Kinesis Data Streams	kinesis
Amazon Kinesis Analytics	kinesisanalytics
Amazon Kinesis Video Streams	kinesisvideo
AWS Key Management Service	kms
AWS Lake Formation	lakeformation
AWS Lambda	lambda
AWS Launch Wizard	launchwizard
Amazon Lex	lex
AWS License Manager	license-manager
AWS License Manager Linux Subscriptions Manager	license-manager-linux-subscriptions
AWS License Manager User Subscriptions	license-manager-user-subscriptions
Amazon Lightsail	lightsail
Amazon CloudWatch Logs	logs
Amazon Lookout for Equipment	lookoutequipment
Amazon Lookout for Metrics	lookoutmetrics
Amazon Lookout for Vision	lookoutvision
AWS Mainframe Modernization Service	m2
Amazon Machine Learning	machinelearning
Amazon Macie	macie2
Amazon Managed Blockchain	managedblockchain
Amazon Managed Blockchain Query	managedblockchain-query
AWS Migration Acceleration Program Credits	mapcredits
AWS Marketplace Commerce Analytics Service	marketplacecommerceanalytics
Amazon Mechanical Turk	mechanicalturk
AWS Elemental MediaConnect	mediaconnect
AWS Elemental MediaConvert	mediaconvert
AmazonMediaImport	mediaimport
AWS Elemental MediaLive	medialive
AWS Elemental MediaPackage	mediapackage
AWS Elemental MediaPackage VOD	mediapackage-vod
AWS Elemental MediaPackage V2	mediapackagev2
AWS Elemental MediaStore	mediastore
AWS Elemental MediaTailor	mediatailor
AWS HealthImaging	medical-imaging
Amazon MemoryDB	memorydb
AWS Migration Hub	mgh
AWS Application Migration Service	mgn
AWS Migration Hub Orchestrator	migrationhub-orchestrator
AWS Migration Hub Strategy Recommendations	migrationhub-strategy
Amazon Mobile Analytics	mobileanalytics
Amazon Pinpoint	mobiletargeting
Amazon Monitron	monitron
Amazon MQ	mq
Amazon Neptune	neptune-db
Amazon Neptune Analytics	neptune-graph
AWS Network Firewall	network-firewall
Network Flow Monitor	networkflowmonitor
AWS Network Manager	networkmanager
AWS Network Manager Chat	networkmanager-chat
Amazon CloudWatch Network Monitor	networkmonitor
Amazon Nimble Studio	nimble
AWS User Notifications	notifications
AWS User Notifications Contacts	notifications-contacts
Amazon CloudWatch Observability Access Manager	oam
Amazon CloudWatch Observability Admin Service	observabilityadmin
AWS HealthOmics	omics
Amazon One Enterprise	one
Amazon OpenSearch	opensearch
AWS OpsWorks	opsworks
AWS OpsWorks Configuration Management	opsworks-cm
AWS Organizations	organizations
Amazon OpenSearch Ingestion	osis
AWS Outposts	outposts
AWS Panorama	panorama
AWS Partner Central Selling	partnercentral
AWS Partner central account management	partnercentral-account-management
AWS Payment Cryptography	payment-cryptography
AWS Payments	payments
AWS Private CA Connector for Active Directory	pca-connector-ad
AWS Private CA Connector for SCEP	pca-connector-scep
AWS Parallel Computing Service	pcs
Amazon Personalize	personalize
AWS Performance Insights	pi
Amazon EventBridge Pipes	pipes
Amazon Polly	polly
AWS Price List	pricing
AWS service providing managed private networks	private-networks
Amazon Connect Customer Profiles	profile
AWS Proton	proton
AWS Purchase Orders Console	purchase-orders
Amazon Q	q
Amazon Q Business Q Apps	qapps
Amazon Q Business	qbusiness
Amazon QLDB	qldb
Amazon QuickSight	quicksight
AWS Resource Access Manager (RAM)	ram
AWS Recycle Bin	rbin
Amazon RDS	rds
Amazon RDS Data API	rds-data
Amazon RDS IAM Authentication	rds-db
Amazon Redshift	redshift
Amazon Redshift Data API	redshift-data
Amazon Redshift Serverless	redshift-serverless
AWS Migration Hub Refactor Spaces	refactor-spaces
Amazon Rekognition	rekognition
AWS rePost Private	repostspace
AWS Resilience Hub	resiliencehub
Tag Editor	resource-explorer
AWS Resource Explorer	resource-explorer-2
AWS Resource Groups	resource-groups
Amazon RHEL Knowledgebase Portal	rhelkb
AWS RoboMaker	robomaker
AWS Identity and Access Management Roles Anywhere	rolesanywhere
Amazon Route 53	route53
Amazon Route 53 Recovery Cluster	route53-recovery-cluster
Amazon Route 53 Recovery Controls	route53-recovery-control-config
Amazon Route 53 Recovery Readiness	route53-recovery-readiness
Amazon Route 53 Domains	route53domains
Amazon Route 53 Profiles	route53profiles
Amazon Route 53 Resolver	route53resolver
AWS CloudWatch RUM	rum
Amazon S3	s3
Amazon S3 Object Lambda	s3-object-lambda
Amazon S3 on Outposts	s3-outposts
Amazon S3 Express	s3express
Amazon S3 Tables	s3tables
Amazon SageMaker	sagemaker
Amazon SageMaker data science assistant	sagemaker-data-science-assistant
Amazon SageMaker geospatial capabilities	sagemaker-geospatial
Amazon SageMaker Ground Truth Synthetic	sagemaker-groundtruth-synthetic
Amazon SageMaker with MLflow	sagemaker-mlflow
AWS Savings Plans	savingsplans
Amazon EventBridge Scheduler	scheduler
Amazon EventBridge Schemas	schemas
AWS Supply Chain	scn
Amazon SimpleDB	sdb
AWS Secrets Manager	secretsmanager
AWS Security Incident Response	security-ir
AWS Security Hub	securityhub
Amazon Security Lake	securitylake
AWS Serverless Application Repository	serverlessrepo
AWS Service Catalog	servicecatalog
AWS Cloud Map	servicediscovery
AWS Microservice Extractor for .NET	serviceextract
Service Quotas	servicequotas
Amazon SES	ses
AWS Shield	shield
AWS Signer	signer
AWS Signin	signin
AWS SimSpace Weaver	simspaceweaver
AWS Server Migration Service	sms
Amazon Pinpoint SMS and Voice Service	sms-voice
AWS Snow Device Management	snow-device-management
AWS Snowball	snowball
Amazon SNS	sns
AWS End User Messaging Social	social-messaging
AWS SQL Workbench	sqlworkbench
Amazon SQS	sqs
AWS Systems Manager	ssm
AWS Systems Manager Incident Manager Contacts	ssm-contacts
AWS Systems Manager GUI Connect	ssm-guiconnect
AWS Systems Manager Incident Manager	ssm-incidents
AWS Systems Manager Quick Setup	ssm-quicksetup
AWS Systems Manager for SAP	ssm-sap
Amazon Message Gateway Service	ssmmessages
AWS IAM Identity Center (successor to AWS Single Sign-On)	sso
AWS IAM Identity Center (successor to AWS Single Sign-On) directory	sso-directory
AWS IAM Identity Center OIDC service	sso-oauth
AWS Step Functions	states
AWS Storage Gateway	storagegateway
AWS Security Token Service	sts
AWS Support	support
AWS Support App in Slack	supportapp
AWS Support Plans	supportplans
AWS Support Recommendations	supportrecommendations
AWS Sustainability	sustainability
Amazon Simple Workflow Service	swf
Amazon CloudWatch Synthetics	synthetics
Amazon Resource Group Tagging API	tag
AWS Tax Settings	tax
Amazon Textract	textract
Amazon WorkSpaces Thin Client	thinclient
Amazon Timestream	timestream
Amazon Timestream InfluxDB	timestream-influxdb
AWS Tiros	tiros
AWS Telco Network Builder	tnb
Amazon Transcribe	transcribe
AWS Transfer Family	transfer
Amazon Translate	translate
AWS Trusted Advisor	trustedadvisor
AWS Diagnostic tools	ts
AWS User Subscriptions	user-subscriptions
AWS Marketplace Vendor Insights	vendor-insights
AWS Verified Access	verified-access
Amazon Verified Permissions	verifiedpermissions
Amazon Connect Voice ID	voiceid
Amazon VPC Lattice	vpc-lattice
Amazon VPC Lattice Services	vpc-lattice-svcs
AWS PrivateLink	vpce
AWS WAF	waf
AWS WAF Regional	waf-regional
AWS WAF V2	wafv2
Amazon WorkSpaces Application Manager	wam
AWS Well-Architected Tool	wellarchitected
AWS Wickr	wickr
Amazon Q in Connect	wisdom
Amazon WorkDocs	workdocs
Amazon WorkLink	worklink
Amazon WorkMail	workmail
Amazon WorkMail Message Flow	workmailmessageflow
Amazon WorkSpaces	workspaces
Amazon WorkSpaces Secure Browser	workspaces-web
AWS X-Ray	xray

2024/7/10時点→2024/12/21時点の変更内容

2024/7/10時点→2024/12/21時点の間の変更点です。

追加されたサービス

サービス名	名前空間
Amazon AI Operations	aiops
AWS Backup Search	backup-search
AWS Billing And Cost Management Pricing Calculator	bcm-pricing-calculator
AWS Directory Service Data	ds-data
Amazon Aurora DSQL	dsql
Amazon Location Service Maps	geo-maps
Amazon Location Service Places	geo-places
Amazon Location Service Routes	geo-routes
Network Flow Monitor	networkflowmonitor
Amazon CloudWatch Observability Admin Service	observabilityadmin
Amazon OpenSearch	opensearch
AWS Partner Central Selling	partnercentral
AWS Parallel Computing Service	pcs
Amazon S3 Express	s3express
Amazon S3 Tables	s3tables
Amazon SageMaker data science assistant	sagemaker-data-science-assistant
AWS Security Incident Response	security-ir
AWS End User Messaging Social	social-messaging
AWS PrivateLink	vpce

削除されたサービス

サービス名	名前空間
AWS IoT RoboRunner	iotroborunner

名称変更されたサービス

変更前	変更後
AWS Mainframe Modernization Application Testing provides tools and resources for automated functional equivalence testing for your migration projects.	AWS Mainframe Modernization Application Testing
Amazon Route 53 Application Recovery Controller - Zonal Shift	Amazon Application Recovery Controller - Zonal Shift
High-volume outbound communications	Amazon Connect Outbound Campaigns
Amazon Route 53 Profiles enables sharing DNS settings with VPCs	Amazon Route 53 Profiles
Amazon Pinpoint SMS Voice V2	Amazon Pinpoint SMS and Voice Service
AWS re:Post Private	AWS rePost Private