AWS General Reference - Referenzhandbuch · AWS General Reference Referenzhandbuch...

Allgemeine AWS-ReferenzReferenzhandbuch

Version 1.0

Allgemeine AWS-Referenz Referenzhandbuch

Allgemeine AWS-Referenz: ReferenzhandbuchCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's,in any manner that is likely to cause confusion among customers, or in any manner that disparages or discreditsAmazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may notbe affiliated with, connected to, or sponsored by Amazon.


Table of ContentsAWS General Reference ..................................................................................................................... 1AWS-Sicherheitsanmeldeinformationen .................................................................................................. 2

AWS-Benutzer ............................................................................................................................ 2Aufgaben, die Root-Benutzer-Anmeldeinformationen erfordern ................................................... 3

AWS-Anmeldeinformationen ......................................................................................................... 4Konsolenzugriff ................................................................................................................... 4Programmgesteuerter Zugriff ................................................................................................ 5Temporäre Zugriffsschlüssel ................................................................................................. 6

AWS-Konto-Kennungen ............................................................................................................... 6Wie Sie Ihre AWS-Konto-ID finden ........................................................................................ 7Wie Sie die kanonische Benutzer-ID für Ihr AWS-Konto finden ................................................... 8

Bewährte Methoden für die Verwaltung von AWS-Zugriffsschlüsseln ................................................... 9Entfernen Sie einen Zugriffsschlüssel für das Konto (bzw. erstellen Sie erst gar keinen). ................. 9Verwenden Sie temporäre Sicherheitsanmeldeinformationen (IAM-Rollen) anstelle langfristigerZugriffsschlüssel. ................................................................................................................ 9Ordnungsgemäße Verwaltung der IAM-Benutzerzugriffsschlüssel ............................................. 10Zugriff auf die mobile App mit AWS-Zugriffsschlüsseln ............................................................ 11Weitere Informationen. ....................................................................................................... 12

AWS security audit guidelines ..................................................................................................... 12When you should perform a security audit ............................................................................ 13Guidelines for auditing ....................................................................................................... 13Review your AWS account credentials ................................................................................. 13Review your IAM users ...................................................................................................... 14Review your IAM groups .................................................................................................... 14Review your IAM roles ...................................................................................................... 14Review your IAM providers for SAML and OpenID Connect (OIDC) .......................................... 15Review Your mobile apps .................................................................................................. 15Review your Amazon EC2 security configuration ................................................................... 15Review AWS policies in other services ................................................................................. 16Monitor activity in your AWS account ................................................................................... 16Tips for reviewing IAM policies ............................................................................................ 16Learn more ...................................................................................................................... 17

Service Endpunkte und Kontingente .................................................................................................... 18Alexa for Business .................................................................................................................... 22

Service-Endpunkte ............................................................................................................ 22Servicekontingente ............................................................................................................ 22

AWS Amplify ............................................................................................................................ 23Amplify-Endpunkte ............................................................................................................ 23Servicekontingente ............................................................................................................ 24

Amazon API Gateway ............................................................................................................... 25Service-Endpunkte ............................................................................................................ 25Servicekontingente ............................................................................................................ 29

Application Auto Scaling ............................................................................................................ 29Regionen und Endpunkte ................................................................................................... 30Servicekontingente ............................................................................................................ 31

AWS Application Discovery Service ............................................................................................. 32Service-Endpunkte ............................................................................................................ 32Servicekontingente ............................................................................................................ 33

Amazon AppStream 2.0 ............................................................................................................. 33Service-Endpunkte ............................................................................................................ 33Servicekontingente ............................................................................................................ 34

AWS App Mesh ........................................................................................................................ 35Service-Endpunkte ............................................................................................................ 35Servicekontingente ............................................................................................................ 37

Version 1.0iii


AWS AppSync .......................................................................................................................... 37Service Endpoints ............................................................................................................. 37Service Quotas ................................................................................................................. 39

Amazon Athena ........................................................................................................................ 40Service-Endpunkte ............................................................................................................ 41Servicekontingente ............................................................................................................ 42

Amazon Augmented AI .............................................................................................................. 43Servicekontingente ............................................................................................................ 43

Amazon Aurora ........................................................................................................................ 44Service-Endpunkte ............................................................................................................ 44Servicekontingente ............................................................................................................ 48

AWS Auto Scaling .................................................................................................................... 48Regionen und Endpunkte ................................................................................................... 48Servicekontingente ............................................................................................................ 50

Amazon EC2 Auto Scaling ......................................................................................................... 51Regionen und Endpunkte ................................................................................................... 51Servicekontingente ............................................................................................................ 53

AWS Backup ............................................................................................................................ 53Service-Endpunkte ............................................................................................................ 54Servicekontingente ............................................................................................................ 55

AWS Batch .............................................................................................................................. 57Service-Endpunkte ............................................................................................................ 57Servicekontingente ............................................................................................................ 59

Billing and Cost Management ..................................................................................................... 59Service-Endpunkte ............................................................................................................ 60Servicekontingente ............................................................................................................ 63

AWS Certificate Manager ........................................................................................................... 63Service-Endpunkte ............................................................................................................ 63Servicekontingente ............................................................................................................ 65

AWS Certificate Manager Private Certificate Authority ..................................................................... 66Service-Endpunkte ............................................................................................................ 66Servicekontingente ............................................................................................................ 67

AWS Chatbot ........................................................................................................................... 68Servicekontingente ............................................................................................................ 68

Amazon Chime ......................................................................................................................... 68Service-Endpunkte ............................................................................................................ 68Servicekontingente ............................................................................................................ 68

AWS Cloud9 ............................................................................................................................ 69Service-Endpunkte ............................................................................................................ 69Servicekontingente ............................................................................................................ 70

Amazon Cloud Directory ............................................................................................................ 71Service-Endpunkte ............................................................................................................ 71

AWS CloudFormation ................................................................................................................ 72Service-Endpunkte ............................................................................................................ 72Servicekontingente ............................................................................................................ 74

Amazon CloudFront .................................................................................................................. 74Service-Endpunkte ............................................................................................................ 74Servicekontingente ............................................................................................................ 74

AWS CloudHSM ....................................................................................................................... 75Service-Endpunkte ............................................................................................................ 75Servicekontingente ............................................................................................................ 78

AWS Cloud Map ....................................................................................................................... 78Service-Endpunkte ............................................................................................................ 78Servicekontingente ............................................................................................................ 80

Amazon CloudSearch ................................................................................................................ 80Service-Endpunkte ............................................................................................................ 81Servicekontingente ............................................................................................................ 81

Version 1.0iv


AWS CloudTrail ........................................................................................................................ 82Service-Endpunkte ............................................................................................................ 82Servicekontingente ............................................................................................................ 84

Amazon CloudWatch ................................................................................................................. 84Service-Endpunkte ............................................................................................................ 84Servicekontingente ............................................................................................................ 86

Amazon CloudWatch Events ...................................................................................................... 88Service-Endpunkte ............................................................................................................ 88Servicekontingente ............................................................................................................ 90

Amazon CloudWatch Logs ......................................................................................................... 91Service-Endpunkte ............................................................................................................ 91Servicekontingente ............................................................................................................ 93

AWS CodeArtifact ..................................................................................................................... 93Service-Endpunkte ............................................................................................................ 93Servicekontingente ............................................................................................................ 94

AWS CodeBuild ........................................................................................................................ 94Service-Endpunkte ............................................................................................................ 95Servicekontingente ............................................................................................................ 96

AWS CodeCommit .................................................................................................................... 97Service-Endpunkte ............................................................................................................ 97Servicekontingente ............................................................................................................ 98

AWS CodeDeploy ..................................................................................................................... 99Service-Endpunkte ............................................................................................................ 99Servicekontingente .......................................................................................................... 101

Amazon CodeGuru Profiler ....................................................................................................... 101Service-Endpunkte .......................................................................................................... 101Servicekontingente .......................................................................................................... 102

Amazon CodeGuru Reviewer .................................................................................................... 102Service-Endpunkte .......................................................................................................... 102Servicekontingente .......................................................................................................... 103

AWS CodePipeline .................................................................................................................. 103Service-Endpunkte .......................................................................................................... 103Servicekontingente .......................................................................................................... 105

AWS CodeStar ....................................................................................................................... 106Service-Endpunkte .......................................................................................................... 107

AWS CodeStar Notifications ..................................................................................................... 108Amazon Cognito-Identität ......................................................................................................... 109

Service-Endpunkte .......................................................................................................... 109Servicekontingente .......................................................................................................... 112

Amazon Cognito Sync ............................................................................................................. 112Service-Endpunkte .......................................................................................................... 112Servicekontingente .......................................................................................................... 113

Amazon Comprehend .............................................................................................................. 114Service-Endpunkte .......................................................................................................... 114Servicekontingente .......................................................................................................... 115

Amazon Comprehend Medical ................................................................................................... 115Service-Endpunkte .......................................................................................................... 115Servicekontingente .......................................................................................................... 116

Compute Optimizer .................................................................................................................. 117Service-Endpunkte .......................................................................................................... 118Servicekontingente .......................................................................................................... 119

AWS Config ........................................................................................................................... 119Service-Endpunkte .......................................................................................................... 119Servicekontingente .......................................................................................................... 121

Amazon Connect ..................................................................................................................... 121Service-Endpunkte .......................................................................................................... 121Servicekontingente .......................................................................................................... 122

Version 1.0v


AWS Data Exchange ............................................................................................................... 122Service-Endpunkte .......................................................................................................... 122

Amazon Data Lifecycle Manager ............................................................................................... 123Service-Endpunkte .......................................................................................................... 123Servicekontingente .......................................................................................................... 125

AWS Data Pipeline .................................................................................................................. 125Service-Endpunkte .......................................................................................................... 125Servicekontingente .......................................................................................................... 126

DataSync ............................................................................................................................... 126Service-Endpunkte .......................................................................................................... 126Servicekontingente .......................................................................................................... 128

AWS Database Migration Service .............................................................................................. 128Service Endpoints ........................................................................................................... 129Service Quotas ............................................................................................................... 130

AWS DeepLens ...................................................................................................................... 130Service-Endpunkte .......................................................................................................... 131Servicekontingente .......................................................................................................... 131

Detective ................................................................................................................................ 131Service-Endpunkte .......................................................................................................... 131

AWS Device Farm .................................................................................................................. 133Service-Endpunkte .......................................................................................................... 133Servicekontingente .......................................................................................................... 133

AWS Direct Connect ................................................................................................................ 133Service-Endpunkte .......................................................................................................... 134Servicekontingente .......................................................................................................... 135

AWS Directory Service ............................................................................................................. 136Service-Endpunkte .......................................................................................................... 136Servicekontingente .......................................................................................................... 137

Amazon DocumentDB .............................................................................................................. 138Service-Endpunkte .......................................................................................................... 138Servicekontingente .......................................................................................................... 139

Amazon DynamoDB ................................................................................................................ 139Service-Endpunkte .......................................................................................................... 140Servicekontingente .......................................................................................................... 145

AWS Elastic Beanstalk ............................................................................................................. 145Service-Endpunkte .......................................................................................................... 146Servicekontingente .......................................................................................................... 149

Amazon EBS .......................................................................................................................... 149Service-Endpunkte .......................................................................................................... 150Servicekontingente .......................................................................................................... 153

Amazon EC2 .......................................................................................................................... 155Service-Endpunkte .......................................................................................................... 156Servicekontingente .......................................................................................................... 157

EC2 Image Builder .................................................................................................................. 158Service-Endpunkte .......................................................................................................... 158Servicekontingente .......................................................................................................... 160

Amazon ECR ......................................................................................................................... 161Service Endpoints ........................................................................................................... 161Service Quotas ............................................................................................................... 165

Amazon ECS .......................................................................................................................... 169Service-Endpunkte .......................................................................................................... 169Amazon ECS-Servicekontingente ....................................................................................... 171AWS Fargate-Servicekontingente ....................................................................................... 173

Amazon EKS .......................................................................................................................... 173Service-Endpunkte .......................................................................................................... 173Servicekontingente .......................................................................................................... 175AWS Fargate-Servicekontingente ....................................................................................... 175

Version 1.0vi


Amazon EFS .......................................................................................................................... 176Service-Endpunkte .......................................................................................................... 176Servicekontingente .......................................................................................................... 178

Amazon Elastic Inference ......................................................................................................... 179Service-Endpunkte .......................................................................................................... 179Servicekontingente .......................................................................................................... 180

Elastic Load Balancing ............................................................................................................. 180Service-Endpunkte .......................................................................................................... 180Servicekontingente .......................................................................................................... 182

Elastic Transcoder ................................................................................................................... 183Service-Endpunkte .......................................................................................................... 184Servicekontingente .......................................................................................................... 184

Amazon ElastiCache ................................................................................................................ 185Service-Endpunkte .......................................................................................................... 185Servicekontingente .......................................................................................................... 187

Amazon ES ............................................................................................................................ 188Service-Endpunkte .......................................................................................................... 188

Amazon EMR ......................................................................................................................... 190Service-Endpunkte .......................................................................................................... 190Servicekontingente .......................................................................................................... 192

EventBridge ............................................................................................................................ 193Service-Endpunkte .......................................................................................................... 193Servicekontingente .......................................................................................................... 195

Firewall Manager ..................................................................................................................... 195Service-Endpunkte .......................................................................................................... 195Servicekontingente .......................................................................................................... 197

Forecast ................................................................................................................................ 198Service-Endpunkte .......................................................................................................... 198

Amazon Fraud Detector ........................................................................................................... 200Service Endpoints ........................................................................................................... 200Service Quotas ............................................................................................................... 200

FreeRTOS .............................................................................................................................. 201Service-Endpunkte .......................................................................................................... 201Servicekontingente .......................................................................................................... 204

Amazon FSx .......................................................................................................................... 204Service-Endpunkte .......................................................................................................... 205Servicekontingente .......................................................................................................... 206

GameLift ................................................................................................................................ 207Service-Endpunkte .......................................................................................................... 207Servicekontingente .......................................................................................................... 208

S3 Glacier .............................................................................................................................. 209Service-Endpunkte .......................................................................................................... 209Servicekontingente .......................................................................................................... 211

Global Accelerator ................................................................................................................... 211Service-Endpunkte .......................................................................................................... 211Servicekontingente .......................................................................................................... 211

AWS Glue .............................................................................................................................. 212Service-Endpunkte .......................................................................................................... 212Servicekontingente .......................................................................................................... 214

AWS Ground Station ............................................................................................................... 215Service-Endpunkte .......................................................................................................... 215Servicekontingente .......................................................................................................... 215

GuardDuty .............................................................................................................................. 216Service-Endpunkte .......................................................................................................... 216Servicekontingente .......................................................................................................... 217

AWS Health ........................................................................................................................... 218Service-Endpunkte .......................................................................................................... 218

Version 1.0vii


IAM ....................................................................................................................................... 218Service Endpoints ........................................................................................................... 218Service Quotas ............................................................................................................... 220

IAM Access Analyzer ............................................................................................................... 221Service-Endpunkte .......................................................................................................... 221Servicekontingente .......................................................................................................... 223

AWS Import/Export .................................................................................................................. 223Service-Endpunkte .......................................................................................................... 223

Amazon Inspector ................................................................................................................... 223Service-Endpunkte .......................................................................................................... 224Servicekontingente .......................................................................................................... 225

AWS IoT 1-Click ..................................................................................................................... 225Service-Endpunkte .......................................................................................................... 225Servicekontingente .......................................................................................................... 226

AWS IoT Analytics .................................................................................................................. 227Service Endpoints ........................................................................................................... 227Service Quotas ............................................................................................................... 228

AWS IoT Core ........................................................................................................................ 229Service-Endpunkte .......................................................................................................... 229Servicekontingente .......................................................................................................... 236

AWS IoT Device Defender ....................................................................................................... 253Service Endpoints ........................................................................................................... 253Service Quotas ............................................................................................................... 255

AWS IoT Device Management .................................................................................................. 256Service-Endpunkte .......................................................................................................... 256Servicekontingente .......................................................................................................... 262

AWS IoT Events ..................................................................................................................... 266Service-Endpunkte .......................................................................................................... 267Servicekontingente .......................................................................................................... 268

AWS IoT Greengrass ............................................................................................................... 270Service-Endpunkte .......................................................................................................... 270Servicekontingente .......................................................................................................... 274

AWS IoT SiteWise .................................................................................................................. 276Service-Endpunkte .......................................................................................................... 276Servicekontingente .......................................................................................................... 276

AWS IoT Things Graph ............................................................................................................ 280Service-Endpunkte .......................................................................................................... 280Servicekontingente .......................................................................................................... 280

Amazon IVS ........................................................................................................................... 282Service Endpoints ........................................................................................................... 283Service Quotas ............................................................................................................... 283

Amazon Kendra ...................................................................................................................... 283Service-Endpunkte .......................................................................................................... 283

Amazon Keyspaces (für Apache Cassandra) ............................................................................... 283Service-Endpunkte .......................................................................................................... 284Servicekontingente .......................................................................................................... 285

AWS KMS .............................................................................................................................. 285Service-Endpunkte .......................................................................................................... 285Servicekontingente .......................................................................................................... 287

Kinesis Data Analytics ............................................................................................................. 288Service-Endpunkte .......................................................................................................... 288Servicekontingente .......................................................................................................... 289

Kinesis Data Firehose .............................................................................................................. 290Service-Endpunkte .......................................................................................................... 290Servicekontingente .......................................................................................................... 292

Kinesis Data Streams .............................................................................................................. 292Service-Endpunkte .......................................................................................................... 293

Version 1.0viii


Servicekontingente .......................................................................................................... 294Kinesis-Videostreams ............................................................................................................... 295


Lake Formation ....................................................................................................................... 302Service-Endpunkte .......................................................................................................... 302Servicekontingente .......................................................................................................... 304

Lambda ................................................................................................................................. 304Service-Endpunkte .......................................................................................................... 304Servicekontingente .......................................................................................................... 306

AWS Launch Wizard ............................................................................................................... 306Service-Endpunkte .......................................................................................................... 158Servicekontingente .......................................................................................................... 307

Amazon Lex ........................................................................................................................... 308Service-Endpunkte .......................................................................................................... 308

License Manager ..................................................................................................................... 309Service-Endpunkte .......................................................................................................... 309Servicekontingente .......................................................................................................... 311

Amazon Lightsail ..................................................................................................................... 311Service-Endpunkte .......................................................................................................... 311Servicekontingente .......................................................................................................... 312

Macie .................................................................................................................................... 314Service-Endpunkte .......................................................................................................... 314Servicekontingente .......................................................................................................... 316

Amazon ML ............................................................................................................................ 316Service-Endpunkte .......................................................................................................... 316Servicekontingente .......................................................................................................... 317

Managed Blockchain ................................................................................................................ 317Service-Endpunkte .......................................................................................................... 318Servicekontingente .......................................................................................................... 318

AWS Marketplace .................................................................................................................... 319Service-Endpunkte .......................................................................................................... 319

Amazon Mechanical Turk ......................................................................................................... 321Service-Endpunkte .......................................................................................................... 321

Amazon MSK ......................................................................................................................... 321Service-Endpunkte .......................................................................................................... 322

MediaConnect ......................................................................................................................... 323Service-Endpunkte .......................................................................................................... 323Servicekontingente .......................................................................................................... 324

MediaConvert ......................................................................................................................... 325Service Endpoints ........................................................................................................... 325Service Quotas ............................................................................................................... 326

MediaLive .............................................................................................................................. 328Service-Endpunkte .......................................................................................................... 328Servicekontingente .......................................................................................................... 329

MediaPackage ........................................................................................................................ 329Service-Endpunkte .......................................................................................................... 329Servicekontingente .......................................................................................................... 331

MediaStore ............................................................................................................................. 332Service-Endpunkte .......................................................................................................... 332Servicekontingente .......................................................................................................... 333

MediaTailor ............................................................................................................................ 335Service-Endpunkte .......................................................................................................... 335Servicekontingente .......................................................................................................... 335

Migration Hub ......................................................................................................................... 336Service-Endpunkte .......................................................................................................... 336

Amazon MQ ........................................................................................................................... 337

Version 1.0ix



Neptune ................................................................................................................................. 338Service-Endpunkte .......................................................................................................... 338Servicekontingente .......................................................................................................... 340

Network Manager .................................................................................................................... 340Service-Endpunkte .......................................................................................................... 340Servicekontingente .......................................................................................................... 340

AWS OpsWorks ...................................................................................................................... 340Service-Endpunkte .......................................................................................................... 341Servicekontingente .......................................................................................................... 343

Organisationen ........................................................................................................................ 343Service-Endpunkte .......................................................................................................... 343Servicekontingente .......................................................................................................... 346

AWS Outposts ........................................................................................................................ 346Service-Endpunkte .......................................................................................................... 346

Amazon Personalize ................................................................................................................ 348Service-Endpunkte .......................................................................................................... 348

Amazon Pinpoint ..................................................................................................................... 350Service-Endpunkte .......................................................................................................... 351Servicekontingente .......................................................................................................... 352

Amazon Polly ......................................................................................................................... 354Service-Endpunkte .......................................................................................................... 354Servicekontingente .......................................................................................................... 355

QLDB .................................................................................................................................... 356Service Endpoints ........................................................................................................... 356Service Quotas ............................................................................................................... 357

Amazon QuickSight ................................................................................................................. 358Service-Endpunkte .......................................................................................................... 358

AWS RAM ............................................................................................................................. 359Service-Endpunkte .......................................................................................................... 360Servicekontingente .......................................................................................................... 361

Amazon Redshift ..................................................................................................................... 361Service-Endpunkte .......................................................................................................... 362Servicekontingente .......................................................................................................... 363

Amazon Rekognition ................................................................................................................ 364Service-Endpunkte .......................................................................................................... 364Servicekontingente .......................................................................................................... 365

Amazon RDS ......................................................................................................................... 368Service-Endpunkte .......................................................................................................... 368Servicekontingente .......................................................................................................... 372

Ressourcengruppen ................................................................................................................. 372Service-Endpunkte .......................................................................................................... 373Servicekontingente .......................................................................................................... 376

AWS RoboMaker .................................................................................................................... 376Service-Endpunkte .......................................................................................................... 376Servicekontingente .......................................................................................................... 377

Route 53 ................................................................................................................................ 380Service Endpoints ........................................................................................................... 380Service Quotas ............................................................................................................... 384

SageMaker ............................................................................................................................. 385Service-Endpunkte .......................................................................................................... 385Servicekontingente .......................................................................................................... 388

Secrets Manager ..................................................................................................................... 396Service-Endpunkte .......................................................................................................... 396Servicekontingente .......................................................................................................... 398

Security Hub .......................................................................................................................... 398

Version 1.0x


Service-Endpunkte .......................................................................................................... 398AWS STS .............................................................................................................................. 400

Service-Endpunkte .......................................................................................................... 400AWS SMS .............................................................................................................................. 402


Servicekontingente .................................................................................................................. 404Service-Endpunkte .......................................................................................................... 405Servicekontingente .......................................................................................................... 406

AWS Serverless Application Repository ...................................................................................... 406Service-Endpunkte .......................................................................................................... 406Servicekontingente .......................................................................................................... 408

AWS Service Catalog .............................................................................................................. 408Service-Endpunkte .......................................................................................................... 408Servicekontingente .......................................................................................................... 410

Shield Advanced ..................................................................................................................... 411Service-Endpunkte .......................................................................................................... 411Servicekontingente .......................................................................................................... 413

Amazon SES .......................................................................................................................... 413Service-Endpunkte .......................................................................................................... 414Servicekontingente .......................................................................................................... 416

Amazon SNS .......................................................................................................................... 417Service-Endpunkte .......................................................................................................... 417Servicekontingente .......................................................................................................... 419

Amazon SQS ......................................................................................................................... 422Service-Endpunkte .......................................................................................................... 422Servicekontingente .......................................................................................................... 425

Amazon S3 ............................................................................................................................ 425Service-Endpunkte .......................................................................................................... 425Servicekontingente .......................................................................................................... 443

Amazon SWF ......................................................................................................................... 444Service-Endpunkte .......................................................................................................... 444Servicekontingente .......................................................................................................... 446

Amazon SimpleDB .................................................................................................................. 446Service-Endpunkte .......................................................................................................... 446Servicekontingente .......................................................................................................... 447

AWS SSO .............................................................................................................................. 447Service-Endpunkte .......................................................................................................... 447Servicekontingente .......................................................................................................... 448

Snow-Familie .......................................................................................................................... 449Service-Endpunkte .......................................................................................................... 449Servicekontingente .......................................................................................................... 451

Step Functions ........................................................................................................................ 451Service-Endpunkte .......................................................................................................... 451Servicekontingente .......................................................................................................... 453

AWS Storage Gateway ............................................................................................................ 453Service-Endpunkte .......................................................................................................... 453Servicekontingente .......................................................................................................... 455

AWS Support ......................................................................................................................... 456Service Endpoints ........................................................................................................... 456Service Quotas ............................................................................................................... 456

AWS Systems Manager ........................................................................................................... 456Service-Endpunkte .......................................................................................................... 457Servicekontingente .......................................................................................................... 459

Amazon Textract ..................................................................................................................... 467Service-Endpunkte .......................................................................................................... 467Servicekontingente .......................................................................................................... 468

Version 1.0xi


Amazon Transcribe ................................................................................................................. 468Service-Endpunkte .......................................................................................................... 469Servicekontingente .......................................................................................................... 471

Amazon Transcribe Medical ...................................................................................................... 472Service-Endpunkte .......................................................................................................... 473Servicekontingente .......................................................................................................... 473

AWS Transfer Family ............................................................................................................... 474Service-Endpunkte .......................................................................................................... 474Servicekontingente .......................................................................................................... 476

Amazon Translate ................................................................................................................... 476Service Endpoints ........................................................................................................... 476Service Quotas ............................................................................................................... 478

Amazon VPC .......................................................................................................................... 478Service-Endpunkte .......................................................................................................... 478Servicekontingente .......................................................................................................... 480

AWS WAF ............................................................................................................................. 480Service-Endpunkte .......................................................................................................... 481Servicekontingente .......................................................................................................... 482

AWS WAF Classic .................................................................................................................. 483Service-Endpunkte .......................................................................................................... 484Servicekontingente .......................................................................................................... 487

Amazon WorkDocs .................................................................................................................. 488Service-Endpunkte .......................................................................................................... 489

Amazon WorkLink ................................................................................................................... 489Service-Endpunkte .......................................................................................................... 489

Amazon WorkMail ................................................................................................................... 490Service-Endpunkte .......................................................................................................... 490Servicekontingente .......................................................................................................... 491

Amazon WorkSpaces ............................................................................................................... 491Service-Endpunkte .......................................................................................................... 491Servicekontingente .......................................................................................................... 492

X-Ray .................................................................................................................................... 493Service-Endpunkte .......................................................................................................... 493Servicekontingente .......................................................................................................... 494

AWS-Ressourcen ............................................................................................................................ 496AWS-Service-Endpunkte .......................................................................................................... 496

Regionale Endpunkte ....................................................................................................... 496Anzeigen von Service-Endpunkten ..................................................................................... 497FIPS-Endpunkte .............................................................................................................. 498Weitere Informationen ...................................................................................................... 498

Verwalten von AWS-Regionen .................................................................................................. 498Aktivieren einer Region .................................................................................................... 499Deaktivieren einer Region ................................................................................................ 499Beschreiben Ihrer Regionen mithilfe der AWS CLI ................................................................ 500

AWS-Servicekontingente .......................................................................................................... 500Taggen von AWS-Ressourcen .................................................................................................. 501

Bewährte Methoden ......................................................................................................... 502Tagging-Kategorien ......................................................................................................... 502Beschränkungen und Anforderungen für die Benennung von Tags .......................................... 503Häufig verwendete Tagging-Strategien ............................................................................... 504Tagging-Governance ........................................................................................................ 505Weitere Informationen ...................................................................................................... 505

Amazon-Ressourcennamen (ARNs) ........................................................................................... 505Format ........................................................................................................................... 506Ressourcen-ARNs ........................................................................................................... 507

IP-Adressbereiche für AWS .............................................................................................................. 508Download ............................................................................................................................... 508

Version 1.0xii


Syntax ................................................................................................................................... 508Filtern der JSON-Datei ............................................................................................................. 510

Windows ........................................................................................................................ 510Linux ............................................................................................................................. 511

Implementieren der Kontrolle ausgehenden Datenverkehrs ............................................................ 513Windows PowerShell ....................................................................................................... 513jq .................................................................................................................................. 513Python ........................................................................................................................... 514

Benachrichtigungen zu den IP-Adressbereichen von AWS ............................................................. 514Versionshinweise ..................................................................................................................... 516

AWS APIs ...................................................................................................................................... 517API-Wiederholversuche ............................................................................................................ 517Signieren von AWS-API-Anforderungen ...................................................................................... 519

Wann müssen Anforderungen signiert werden? ................................................................... 519Warum werden Anforderungen signiert? ............................................................................. 519Signieren von Anforderungen ............................................................................................ 520Signaturversionen ............................................................................................................ 520Signaturprozess mit Signaturversion 4 ................................................................................ 520Signaturprozess mit Signature Version 2 ............................................................................. 551

AWS-SDK-Support für die clientseitige Amazon S3-Verschlüsselung ............................................... 558AWS-SDK-Funktionen für die clientseitige Amazon S3-Verschlüsselung ................................... 558Amazon S3Verschlüsselungsalgorithmen für -Verschlüsselungs-Clients ................................... 559

Dokumentkonventionen .................................................................................................................... 561AWS-Glossar .................................................................................................................................. 563................................................................................................................................................. dcxxiv

Version 1.0xiii


AWS General ReferenceAWS General Reference enthält Informationen, die für alle Amazon Web Services nützlich sind.

Inhalt

• AWS-Sicherheitsanmeldeinformationen (p. 2)• Service Endpunkte und Kontingente (p. 18)• AWS-Ressourcen (p. 496)• IP-Adressbereiche für AWS (p. 508)• AWS APIs (p. 517)• Dokumentkonventionen (p. 561)• AWS-Glossar (p. 563)

Version 1.01

Allgemeine AWS-Referenz ReferenzhandbuchAWS-Benutzer

AWS-Sicherheitsanmeldeinformationen

Wenn Sie mit AWS interagieren, geben Sie Ihre AWS-Sicherheitsanmeldeinformationen an, um zuüberprüfen, wer Sie sind und ob Sie die Zugriffsberechtigung für die Ressourcen haben, die Sie anfordern.AWS verwendet die Sicherheitsanmeldeinformationen zur Authentifizierung und Autorisierung IhrerAnforderungen.

Wenn Sie beispielsweise eine geschützte Datei aus einem Amazon Simple Storage Service (Amazon S3)-Bucket herunterladen möchten, müssen Ihre Anmeldeinformationen diesen Zugriff zulassen. Wenn IhreAnmeldeinformationen nicht autorisiert sind, die Datei herunterzuladen, verweigert AWS Ihre Anforderung.Ihre AWS-Sicherheitsanmeldeinformationen sind jedoch nicht erforderlich, um eine Datei in einem öffentlichfreigegebenen Amazon S3-Bucket herunterzuladen.

Inhalt• Stammbenutzer des AWS-Kontos-Anmeldeinformationen und IAM-

Benutzeranmeldeinformationen (p. 2)• Verstehen und Abrufen Ihrer AWS-Anmeldeinformationen (p. 4)• Ihre AWS-Konto-IDs (p. 6)• Bewährte Methoden für die Verwaltung von AWS-Zugriffsschlüsseln (p. 9)• AWS security audit guidelines (p. 12)

Stammbenutzer des AWS-Kontos-Anmeldeinformationen und IAM-Benutzeranmeldeinformationen

Es gibt zwei verschiedene Arten von Benutzern in AWS. Sie sind entweder der Kontoinhaber (Root-Benutzer) oder Sie sind ein AWS Identity and Access Management (IAM)-Benutzer. Der Root-Benutzer wird erstellt, wenn das AWS-Konto erstellt wird und IAM-Benutzer vom Root-Benutzeroder von einem IAM-Administrator für das Konto erstellt werden. Alle AWS-Benutzer verfügen überSicherheitsanmeldeinformationen.

Root-Benutzer-Anmeldeinformationen

Die Anmeldeinformationen des Kontoinhabers erlauben vollen Zugriff auf alle Ressourcen im Konto. Siekönnen -RichtlinienIAM nicht verwenden, um den -Zugriff auf Ressourcen explizit zu verweigern.Root-Benutzer Sie können nur eine AWS OrganizationsService-Kontrollrichtlinie (Service Control Policy, SCP)verwenden, um die Berechtigungen der einzuschränken.Root-Benutzer Aus diesem Grund empfehlenwir, dass Sie einen IAM-Benutzer mit Administratorberechtigungen für die Verwendung für tägliche AWS-Aufgaben erstellen und die Zugriffsschlüssel für die Root-Benutzer sperren.

Es gibt bestimmte Aufgaben, die auf Stammbenutzer des AWS-Kontos beschränkt sind. Beispielsweisekann nur die Root-Benutzer Ihr Konto schließen. Wenn Sie eine Aufgabe ausführen müssen, die Root-

Version 1.02

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.html

Allgemeine AWS-Referenz ReferenzhandbuchAufgaben, die Root-Benutzer-

Anmeldeinformationen erfordern

Benutzer erfordert, melden Sie sich bei der AWS Management Console mit der E-Mail-Adresse unddem Passwort der Root-Benutzer an. Weitere Informationen finden Sie im Aufgaben, die Root-Benutzer-Anmeldeinformationen erfordern (p. 3).

IAM-Anmeldeinformationen

Mit IAM können Sie den Zugriff auf AWS-Services und -Ressourcen für die Benutzer Ihres AWS-Kontossicher kontrollieren. Wenn Sie beispielsweise Administratorberechtigungen benötigen, können Sie einenIAM-Benutzer erstellen, diesem Benutzer vollständigen Zugriff gewähren und diese Anmeldeinformationendann für die Interaktion mit AWS verwenden. Müssen Sie Ihre Berechtigungen ändern oder aufheben,können Sie sie löschen oder die Richtlinien ändern, die mit dem betreffenden IAM-Benutzer verknüpft sind.

Wenn mehrere Ihrer Benutzer Zugriff auf Ihr AWS-Konto haben, können Sie eindeutigeAnmeldeinformationen für jeden Benutzer erstellen und festlegen, wer Zugriff auf welche Ressourcen hat.Sie müssen keine Anmeldeinformationen teilen. Sie können beispielsweise IAM-Benutzer mit Lesezugriffauf Ressourcen in Ihrem AWS-Konto erstellen und diese Anmeldeinformationen an Benutzer verteilen.

Aufgaben, die Root-Benutzer-AnmeldeinformationenerfordernWir empfehlen die Verwendung eines IAM-Benutzers mit entsprechenden Berechtigungen zum Ausführenvon Aufgaben und zum Zugriff auf AWS-Ressourcen. Sie können die unten aufgeführten Aufgaben abernur ausführen, wenn Sie als Root-Benutzer eines Kontos angemeldet sind.

Tasks

• Ändern Ihrer Kontoeinstellungen. Dazu gehören der Kontoname, das Root-Benutzer-Passwort und dieE-Mail-Adresse. Andere Kontoeinstellungen wie Kontaktinformationen, Zahlungswährung und Regionenerfordern keine Root-Benutzer-Anmeldeinformationen.

• Anzeigen bestimmter Steuerrechnungen. Ein IAM-Benutzer mit der Berechtigung aws-portal:ViewBillingkann Rechnungen mit Mehrwertsteuer aus AWS Europa anzeigen und herunterladen, jedoch nicht vonAWS Inc oder Amazon Internet Services Pvt. Ltd (AISPL).

• Schließen Sie Ihr AWS-Konto.• Stellen Sie IAM-Benutzerberechtigungen wieder her. Wenn der einzige IAM-Administrator versehentlich

seine eigenen Berechtigungen widerruft, können Sie sich als Root-Benutzer anmelden, um die Richtlinienzu bearbeiten und diese Berechtigungen wiederherzustellen.

• Ändern Sie Ihren AWS Support-Plan oder kündigen Sie Ihren AWS Support-Plan auf. WeitereInformationen finden Sie unter IAM für AWS Support.

• Sie haben sich im Reserved Instance Marketplace als Verkäufer registriert.• Konfigurieren eines Amazon S3-Buckets zur Aktivierung des Löschens mit MFA (Multifaktor-

Authentifizierung).• Bearbeiten oder Löschen einer Amazon S3-Bucket-Richtlinie mit einer ungültigen VPC-ID oder VPC-

Endpunkt-ID.• Registrieren für GovCloud.

Troubleshooting

Wenn Sie keine dieser Aufgaben mit Ihren Root-Benutzer-Anmeldeinformationen ausführenkönnen, ist Ihr Konto möglicherweise Mitglied einer Organisation in AWS Organizations. Wenn IhrOrganisationsadministrator eine Service-Kontrollrichtlinie (Service Control Policy, SCP) verwendet hat, umdie Berechtigungen Ihres Kontos einzuschränken, sind Ihre Root-Benutzer-Berechtigungen möglicherweisebetroffen. Weitere Informationen finden Sie unter Service-Kontrollrichtlinien im AWS Organizations-Benutzerhandbuch.

Version 1.03

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentialshttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentialshttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#manage-account-payment-edit-user-namehttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissionshttps://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.htmlhttps://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.htmlhttp://aws.amazon.com/premiumsupport/knowledge-center/change-support-plan/http://aws.amazon.com/premiumsupport/knowledge-center/cancel-support-plan/http://aws.amazon.com/premiumsupport/iam-access/https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.htmlhttps://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDeletehttps://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDeletehttps://docs.aws.amazon.com/govcloud-us/latest/UserGuide/getting-started-sign-up.htmlhttps://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_type-auth.html

Allgemeine AWS-Referenz ReferenzhandbuchAWS-Anmeldeinformationen

Verstehen und Abrufen Ihrer AWS-Anmeldeinformationen

AWS erfordert verschiedene Arten von Sicherheitsanmeldeinformationen, je nachdem, wie Sie auf AWSzugreifen. Sie benötigen beispielsweise einen Benutzernamen und ein Passwort, um sich bei der AWSManagement Console anzumelden, und Sie benötigen Zugriffsschlüssel, um programmgesteuerte Aufrufean AWS auszuführen oder AWS Command Line Interface oder AWS-Tools für PowerShell zu verwenden.

Considerations

• Speichern Sie Folgendes an einem sicheren Ort: die mit Ihrem AWS-Konto verknüpfte E-Mail-Adresse, die AWS-Konto-ID, Ihr Passwort und Ihre geheimen Zugriffsschlüssel. Wenn Siediese Anmeldeinformationen vergessen oder verlieren, können Sie sie nicht wiederherstellen.Aus Sicherheitsgründen stellt AWS Ihnen oder jemand anderem die Möglichkeit bereit, IhreAnmeldeinformationen abzurufen.

• Wir empfehlen dringend, dass Sie einen IAM-Benutzer mit Administratorberechtigungen für dieVerwendung für tägliche AWS-Aufgaben erstellen und das Passwort und die Zugriffsschlüssel für dieRoot-Benutzer absichern. Verwenden Sie die Root-Benutzer nur für die Aufgaben, die auf die Root-Benutzer beschränkt sind.

• Sicherheitsanmeldeinformationen gelten jeweils für ein Konto. Wenn Sie Zugriff auf mehrere AWS-Konten haben, verfügen Sie über separate Anmeldeinformationen für jedes

AWS General Reference - Referenzhandbuch · AWS General Reference Referenzhandbuch...

Documents

Transcript of AWS General Reference - Referenzhandbuch · AWS General Reference Referenzhandbuch...