🐥
AWSサービス一覧とプレフィックス(名前空間)一覧を取得しマークダウンにするワンライナー
はじめに
SCPを利用して利用可能なサービスを制限したいといった場合Actionにサービスを "ec2:*" といった形で指定するわけですが、このec2の部分、すなわち名前空間が何があるのかが知りたい。
以下のAWSドキュメントの各サービスのページにサービスプレフィックス(サービスプレフィクス)は記載されているのですがこれは見ていられない。
ということで彷徨っていたところクラスメソッドさんの素晴らしい記事が。
ただ、私の環境では、記事で紹介いただいているワンライナーで generate-service-last-accessed-details のジョブについて、常に処理が間に合わずに何度実行しても以下のエラーになってしまいます。
jq: error (at <stdin>:5): Cannot iterate over null (null)
これはjqの部分を削除して実行すればわかりますが、generate-service-last-accessed-detailsのジョブがIN_PROGRESS状態であるためです。
$ aws iam get-service-last-accessed-details --job-id `aws iam generate-service-last-accessed-details --arn arn:aws:iam::aws:policy/AdministratorAccess --output text` --max-items 1000
{
"JobStatus": "IN_PROGRESS",
"JobCreationDate": "2024-07-10T10:41:28.085000+00:00",
"IsTruncated": false
}
そのため少しだけsleepを入れることでラグを回避するようにしました。
また、出力が見やすいようにマークダウンの表として出力されるように調整いたしました。
ワンライナー
sleep 5をハードコードしているので環境によってはもっと長くしないといけなかったり、なくてもOKかもしれません。
※実行環境は Mac です。
$ aws iam get-service-last-accessed-details --job-id $(aws iam generate-service-last-accessed-details --arn arn:aws:iam::aws:policy/AdministratorAccess --output text; sleep 5) --max-items 1000 | jq -r '.ServicesLastAccessed[] | "| \(.ServiceName) | \(.ServiceNamespace) |"' | { echo "| Service Name | Service Namespace |"; echo "|---|---|"; cat; }
これで、マークダウンの表として出力されます。
| Service Name | Service Namespace |
|---|---|
| AWS App2Container | a2c |
| Alexa for Business | a4b |
| AWS IAM Access Analyzer | access-analyzer |
| AWS Account Management | account |
| AWS Certificate Manager | acm |
...略
記事作成時点のAWSサービスと名前空間の一覧
[2024/7/10時点]
| Service Name | Service Namespace |
|---|---|
| AWS App2Container | a2c |
| Alexa for Business | a4b |
| AWS IAM Access Analyzer | access-analyzer |
| AWS Account Management | account |
| AWS Certificate Manager | acm |
| AWS Private Certificate Authority | acm-pca |
| AWS Activate | activate |
| Amazon Managed Workflows for Apache Airflow | airflow |
| AWS Amplify | amplify |
| AWS Amplify Admin | amplifybackend |
| AWS Amplify UI Builder | amplifyuibuilder |
| Amazon OpenSearch Serverless | aoss |
| Manage - Amazon API Gateway | apigateway |
| Amazon AppIntegrations | app-integrations |
| AWS AppConfig | appconfig |
| AWS AppFabric | appfabric |
| Amazon AppFlow | appflow |
| AWS Application Auto Scaling | application-autoscaling |
| AWS Application Cost Profiler Service | application-cost-profiler |
| Amazon CloudWatch Application Signals | application-signals |
| AWS Application Transformation Service | application-transformation |
| Amazon CloudWatch Application Insights | applicationinsights |
| AWS App Mesh | appmesh |
| AWS App Mesh Preview | appmesh-preview |
| AWS App Runner | apprunner |
| Amazon AppStream 2.0 | appstream |
| AWS App Studio | appstudio |
| AWS AppSync | appsync |
| AWS Mainframe Modernization Application Testing provides tools and resources for automated functional equivalence testing for your migration projects. | apptest |
| Amazon Managed Service for Prometheus | aps |
| Amazon Route 53 Application Recovery Controller - Zonal Shift | arc-zonal-shift |
| Application Discovery Arsenal | arsenal |
| AWS Artifact | artifact |
| Amazon Athena | athena |
| AWS Audit Manager | auditmanager |
| Amazon EC2 Auto Scaling | autoscaling |
| AWS Auto Scaling | autoscaling-plans |
| AWS Marketplace | aws-marketplace |
| AWS Marketplace Management Portal | aws-marketplace-management |
| AWS Billing Console | aws-portal |
| AWS Connector Service | awsconnector |
| AWS B2B Data Interchange | b2bi |
| AWS Backup | backup |
| AWS Backup Gateway | backup-gateway |
| AWS Backup storage | backup-storage |
| AWS Batch | batch |
| AWS Billing And Cost Management Data Exports | bcm-data-exports |
| Amazon Bedrock | bedrock |
| AWS Billing | billing |
| AWS Billing Conductor | billingconductor |
| Amazon Braket | braket |
| AWS Budget Service | budgets |
| AWS BugBust | bugbust |
| Amazon Connect Cases | cases |
| Amazon Keyspaces (for Apache Cassandra) | cassandra |
| AWS Cost Explorer Service | ce |
| AWS Chatbot | chatbot |
| Amazon Chime | chime |
| AWS Clean Rooms | cleanrooms |
| AWS Clean Rooms ML | cleanrooms-ml |
| AWS Cloud9 | cloud9 |
| Amazon Cloud Directory | clouddirectory |
| AWS CloudFormation | cloudformation |
| Amazon CloudFront | cloudfront |
| Amazon CloudFront KeyValueStore | cloudfront-keyvaluestore |
| AWS CloudHSM | cloudhsm |
| Amazon CloudSearch | cloudsearch |
| AWS CloudShell | cloudshell |
| AWS CloudTrail | cloudtrail |
| AWS CloudTrail Data | cloudtrail-data |
| Amazon CloudWatch | cloudwatch |
| AWS CodeArtifact | codeartifact |
| AWS CodeBuild | codebuild |
| Amazon CodeCatalyst | codecatalyst |
| AWS CodeCommit | codecommit |
| AWS CodeConnections | codeconnections |
| AWS CodeDeploy | codedeploy |
| AWS CodeDeploy secure host commands service | codedeploy-commands-secure |
| Amazon CodeGuru | codeguru |
| Amazon CodeGuru Profiler | codeguru-profiler |
| Amazon CodeGuru Reviewer | codeguru-reviewer |
| Amazon CodeGuru Security | codeguru-security |
| AWS CodePipeline | codepipeline |
| AWS CodeStar | codestar |
| AWS CodeStar Connections | codestar-connections |
| AWS CodeStar Notifications | codestar-notifications |
| Amazon CodeWhisperer | codewhisperer |
| Amazon Cognito Identity | cognito-identity |
| Amazon Cognito User Pools | cognito-idp |
| Amazon Cognito Sync | cognito-sync |
| Amazon Comprehend | comprehend |
| Amazon Comprehend Medical | comprehendmedical |
| AWS Compute Optimizer | compute-optimizer |
| AWS Config | config |
| Amazon Connect | connect |
| High-volume outbound communications | connect-campaigns |
| AWS Console Mobile App | consoleapp |
| AWS Consolidated Billing | consolidatedbilling |
| AWS Control Catalog | controlcatalog |
| AWS Control Tower | controltower |
| AWS Cost Optimization Hub | cost-optimization-hub |
| AWS Cost and Usage Report | cur |
| AWS Customer Verification Service | customer-verification |
| AWS Glue DataBrew | databrew |
| AWS Data Exchange | dataexchange |
| AWS Data Pipeline | datapipeline |
| AWS DataSync | datasync |
| Amazon DataZone | datazone |
| Amazon DynamoDB Accelerator (DAX) | dax |
| Database Query Metadata Service | dbqms |
| AWS Deadline Cloud | deadline |
| AWS DeepComposer | deepcomposer |
| AWS DeepLens | deeplens |
| AWS DeepRacer | deepracer |
| Amazon Detective | detective |
| AWS Device Farm | devicefarm |
| Amazon DevOps Guru | devops-guru |
| AWS Direct Connect | directconnect |
| AWS Application Discovery Service | discovery |
| Amazon Data Lifecycle Manager | dlm |
| AWS Database Migration Service | dms |
| Amazon DocumentDB Elastic Clusters | docdb-elastic |
| AWS Elastic Disaster Recovery | drs |
| AWS Directory Service | ds |
| Amazon DynamoDB | dynamodb |
| Amazon Elastic Block Store | ebs |
| Amazon EC2 | ec2 |
| Amazon EC2 Instance Connect | ec2-instance-connect |
| Amazon Message Delivery Service | ec2messages |
| Amazon Elastic Container Registry | ecr |
| Amazon Elastic Container Registry Public | ecr-public |
| Amazon Elastic Container Service | ecs |
| Amazon Elastic Kubernetes Service | eks |
| Amazon EKS Auth | eks-auth |
| Amazon Elastic Inference | elastic-inference |
| Amazon ElastiCache | elasticache |
| AWS Elastic Beanstalk | elasticbeanstalk |
| Amazon Elastic File System | elasticfilesystem |
| Elastic Load Balancing | elasticloadbalancing |
| Amazon Elastic MapReduce | elasticmapreduce |
| Amazon Elastic Transcoder | elastictranscoder |
| AWS Elemental Appliances and Software Activation Service | elemental-activations |
| AWS Elemental Appliances and Software | elemental-appliances-software |
| AWS Elemental Support Cases | elemental-support-cases |
| AWS Elemental Support Content | elemental-support-content |
| Amazon EMR on EKS (EMR Containers) | emr-containers |
| Amazon EMR Serverless | emr-serverless |
| AWS Entity Resolution | entityresolution |
| Amazon OpenSearch Service | es |
| Amazon EventBridge | events |
| Amazon CloudWatch Evidently | evidently |
| Amazon API Gateway | execute-api |
| Amazon FinSpace | finspace |
| Amazon FinSpace API | finspace-api |
| Amazon Kinesis Firehose | firehose |
| AWS Fault Injection Service | fis |
| AWS Firewall Manager | fms |
| Amazon Forecast | forecast |
| Amazon Fraud Detector | frauddetector |
| Amazon FreeRTOS | freertos |
| AWS Free Tier | freetier |
| Amazon FSx | fsx |
| Amazon GameLift | gamelift |
| Amazon Location | geo |
| Amazon S3 Glacier | glacier |
| AWS Global Accelerator | globalaccelerator |
| AWS Glue | glue |
| Amazon Managed Grafana | grafana |
| AWS IoT Greengrass | greengrass |
| AWS Ground Station | groundstation |
| Amazon GroundTruth Labeling | groundtruthlabeling |
| Amazon GuardDuty | guardduty |
| AWS Health APIs and Notifications | health |
| AWS HealthLake | healthlake |
| Amazon Honeycode | honeycode |
| AWS Identity and Access Management | iam |
| AWS Identity Sync | identity-sync |
| AWS Identity Store | identitystore |
| AWS Identity Store Auth | identitystore-auth |
| Amazon EC2 Image Builder | imagebuilder |
| AWS Import Export | importexport |
| Amazon Inspector | inspector |
| Amazon InspectorScan | inspector-scan |
| Amazon Inspector2 | inspector2 |
| Amazon CloudWatch Internet Monitor | internetmonitor |
| AWS Invoicing Service | invoicing |
| AWS IoT | iot |
| AWS IoT Device Tester | iot-device-tester |
| AWS IoT 1-Click | iot1click |
| AWS IoT Analytics | iotanalytics |
| AWS IoT Core Device Advisor | iotdeviceadvisor |
| AWS IoT Events | iotevents |
| AWS IoT Fleet Hub for Device Management | iotfleethub |
| AWS IoT FleetWise | iotfleetwise |
| AWS IoT Jobs DataPlane | iotjobsdata |
| AWS IoT RoboRunner | iotroborunner |
| AWS IoT SiteWise | iotsitewise |
| AWS IoT TwinMaker | iottwinmaker |
| AWS IoT Wireless | iotwireless |
| AWS IQ | iq |
| AWS IQ Permissions | iq-permission |
| Amazon Interactive Video Service | ivs |
| Amazon Interactive Video Service Chat | ivschat |
| Amazon Managed Streaming for Apache Kafka | kafka |
| Apache Kafka APIs for Amazon MSK clusters | kafka-cluster |
| Amazon Managed Streaming for Kafka Connect | kafkaconnect |
| Amazon Kendra | kendra |
| Amazon Kendra Intelligent Ranking | kendra-ranking |
| Amazon Kinesis Data Streams | kinesis |
| Amazon Kinesis Analytics | kinesisanalytics |
| Amazon Kinesis Video Streams | kinesisvideo |
| AWS Key Management Service | kms |
| AWS Lake Formation | lakeformation |
| AWS Lambda | lambda |
| AWS Launch Wizard | launchwizard |
| Amazon Lex | lex |
| AWS License Manager | license-manager |
| AWS License Manager Linux Subscriptions Manager | license-manager-linux-subscriptions |
| AWS License Manager User Subscriptions | license-manager-user-subscriptions |
| Amazon Lightsail | lightsail |
| Amazon CloudWatch Logs | logs |
| Amazon Lookout for Equipment | lookoutequipment |
| Amazon Lookout for Metrics | lookoutmetrics |
| Amazon Lookout for Vision | lookoutvision |
| AWS Mainframe Modernization Service | m2 |
| Amazon Machine Learning | machinelearning |
| Amazon Macie | macie2 |
| Amazon Managed Blockchain | managedblockchain |
| Amazon Managed Blockchain Query | managedblockchain-query |
| AWS Migration Acceleration Program Credits | mapcredits |
| AWS Marketplace Commerce Analytics Service | marketplacecommerceanalytics |
| Amazon Mechanical Turk | mechanicalturk |
| AWS Elemental MediaConnect | mediaconnect |
| AWS Elemental MediaConvert | mediaconvert |
| AmazonMediaImport | mediaimport |
| AWS Elemental MediaLive | medialive |
| AWS Elemental MediaPackage | mediapackage |
| AWS Elemental MediaPackage VOD | mediapackage-vod |
| AWS Elemental MediaPackage V2 | mediapackagev2 |
| AWS Elemental MediaStore | mediastore |
| AWS Elemental MediaTailor | mediatailor |
| AWS HealthImaging | medical-imaging |
| Amazon MemoryDB | memorydb |
| AWS Migration Hub | mgh |
| AWS Application Migration Service | mgn |
| AWS Migration Hub Orchestrator | migrationhub-orchestrator |
| AWS Migration Hub Strategy Recommendations | migrationhub-strategy |
| Amazon Mobile Analytics | mobileanalytics |
| Amazon Pinpoint | mobiletargeting |
| Amazon Monitron | monitron |
| Amazon MQ | mq |
| Amazon Neptune | neptune-db |
| Amazon Neptune Analytics | neptune-graph |
| AWS Network Firewall | network-firewall |
| AWS Network Manager | networkmanager |
| AWS Network Manager Chat | networkmanager-chat |
| Amazon CloudWatch Network Monitor | networkmonitor |
| Amazon Nimble Studio | nimble |
| AWS User Notifications | notifications |
| AWS User Notifications Contacts | notifications-contacts |
| Amazon CloudWatch Observability Access Manager | oam |
| AWS HealthOmics | omics |
| Amazon One Enterprise | one |
| AWS OpsWorks | opsworks |
| AWS OpsWorks Configuration Management | opsworks-cm |
| AWS Organizations | organizations |
| Amazon OpenSearch Ingestion | osis |
| AWS Outposts | outposts |
| AWS Panorama | panorama |
| AWS Partner central account management | partnercentral-account-management |
| AWS Payment Cryptography | payment-cryptography |
| AWS Payments | payments |
| AWS Private CA Connector for Active Directory | pca-connector-ad |
| AWS Private CA Connector for SCEP | pca-connector-scep |
| Amazon Personalize | personalize |
| AWS Performance Insights | pi |
| Amazon EventBridge Pipes | pipes |
| Amazon Polly | polly |
| AWS Price List | pricing |
| AWS service providing managed private networks | private-networks |
| Amazon Connect Customer Profiles | profile |
| AWS Proton | proton |
| AWS Purchase Orders Console | purchase-orders |
| Amazon Q | q |
| Amazon Q Business Q Apps | qapps |
| Amazon Q Business | qbusiness |
| Amazon QLDB | qldb |
| Amazon QuickSight | quicksight |
| AWS Resource Access Manager (RAM) | ram |
| AWS Recycle Bin | rbin |
| Amazon RDS | rds |
| Amazon RDS Data API | rds-data |
| Amazon RDS IAM Authentication | rds-db |
| Amazon Redshift | redshift |
| Amazon Redshift Data API | redshift-data |
| Amazon Redshift Serverless | redshift-serverless |
| AWS Migration Hub Refactor Spaces | refactor-spaces |
| Amazon Rekognition | rekognition |
| AWS re:Post Private | repostspace |
| AWS Resilience Hub | resiliencehub |
| Tag Editor | resource-explorer |
| AWS Resource Explorer | resource-explorer-2 |
| AWS Resource Groups | resource-groups |
| Amazon RHEL Knowledgebase Portal | rhelkb |
| AWS RoboMaker | robomaker |
| AWS Identity and Access Management Roles Anywhere | rolesanywhere |
| Amazon Route 53 | route53 |
| Amazon Route 53 Recovery Cluster | route53-recovery-cluster |
| Amazon Route 53 Recovery Controls | route53-recovery-control-config |
| Amazon Route 53 Recovery Readiness | route53-recovery-readiness |
| Amazon Route 53 Domains | route53domains |
| Amazon Route 53 Profiles enables sharing DNS settings with VPCs | route53profiles |
| Amazon Route 53 Resolver | route53resolver |
| AWS CloudWatch RUM | rum |
| Amazon S3 | s3 |
| Amazon S3 Object Lambda | s3-object-lambda |
| Amazon S3 on Outposts | s3-outposts |
| Amazon S3 Express | s3express |
| Amazon SageMaker | sagemaker |
| Amazon SageMaker geospatial capabilities | sagemaker-geospatial |
| Amazon SageMaker Ground Truth Synthetic | sagemaker-groundtruth-synthetic |
| Amazon SageMaker with MLflow | sagemaker-mlflow |
| AWS Savings Plans | savingsplans |
| Amazon EventBridge Scheduler | scheduler |
| Amazon EventBridge Schemas | schemas |
| AWS Supply Chain | scn |
| Amazon SimpleDB | sdb |
| AWS Secrets Manager | secretsmanager |
| AWS Security Hub | securityhub |
| Amazon Security Lake | securitylake |
| AWS Serverless Application Repository | serverlessrepo |
| AWS Service Catalog | servicecatalog |
| AWS Cloud Map | servicediscovery |
| AWS Microservice Extractor for .NET | serviceextract |
| Service Quotas | servicequotas |
| Amazon SES | ses |
| AWS Shield | shield |
| AWS Signer | signer |
| AWS Signin | signin |
| AWS SimSpace Weaver | simspaceweaver |
| AWS Server Migration Service | sms |
| Amazon Pinpoint SMS Voice V2 | sms-voice |
| AWS Snow Device Management | snow-device-management |
| AWS Snowball | snowball |
| Amazon SNS | sns |
| AWS SQL Workbench | sqlworkbench |
| Amazon SQS | sqs |
| AWS Systems Manager | ssm |
| AWS Systems Manager Incident Manager Contacts | ssm-contacts |
| AWS Systems Manager GUI Connect | ssm-guiconnect |
| AWS Systems Manager Incident Manager | ssm-incidents |
| AWS Systems Manager Quick Setup | ssm-quicksetup |
| AWS Systems Manager for SAP | ssm-sap |
| Amazon Message Gateway Service | ssmmessages |
| AWS IAM Identity Center (successor to AWS Single Sign-On) | sso |
| AWS IAM Identity Center (successor to AWS Single Sign-On) directory | sso-directory |
| AWS IAM Identity Center OIDC service | sso-oauth |
| AWS Step Functions | states |
| AWS Storage Gateway | storagegateway |
| AWS Security Token Service | sts |
| AWS Support | support |
| AWS Support App in Slack | supportapp |
| AWS Support Plans | supportplans |
| AWS Support Recommendations | supportrecommendations |
| AWS Sustainability | sustainability |
| Amazon Simple Workflow Service | swf |
| Amazon CloudWatch Synthetics | synthetics |
| Amazon Resource Group Tagging API | tag |
| AWS Tax Settings | tax |
| Amazon Textract | textract |
| Amazon WorkSpaces Thin Client | thinclient |
| Amazon Timestream | timestream |
| Amazon Timestream InfluxDB | timestream-influxdb |
| AWS Tiros | tiros |
| AWS Telco Network Builder | tnb |
| Amazon Transcribe | transcribe |
| AWS Transfer Family | transfer |
| Amazon Translate | translate |
| AWS Trusted Advisor | trustedadvisor |
| AWS Diagnostic tools | ts |
| AWS User Subscriptions | user-subscriptions |
| AWS Marketplace Vendor Insights | vendor-insights |
| AWS Verified Access | verified-access |
| Amazon Verified Permissions | verifiedpermissions |
| Amazon Connect Voice ID | voiceid |
| Amazon VPC Lattice | vpc-lattice |
| Amazon VPC Lattice Services | vpc-lattice-svcs |
| AWS WAF | waf |
| AWS WAF Regional | waf-regional |
| AWS WAF V2 | wafv2 |
| Amazon WorkSpaces Application Manager | wam |
| AWS Well-Architected Tool | wellarchitected |
| AWS Wickr | wickr |
| Amazon Q in Connect | wisdom |
| Amazon WorkDocs | workdocs |
| Amazon WorkLink | worklink |
| Amazon WorkMail | workmail |
| Amazon WorkMail Message Flow | workmailmessageflow |
| Amazon WorkSpaces | workspaces |
| Amazon WorkSpaces Secure Browser | workspaces-web |
| AWS X-Ray | xray |
Discussion