You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<li><b>SLA</b>: This column indicates if there is a Service Level Agreement. These are documented <ahref="https://aws.amazon.com/legal/service-level-agreements/">here</a>. These aren't as great as you'd hope. They only guarantee some cost savings in the event of an outage if the service is down for more than a period of time (ie. you still pay when the service is down, just less if it is really bad). These do not cover every part of a service. For example, the SLA for RDS does not cover any of the Aurora flavors.
<li><b>CloudFormation</b>: Indicates whether any CloudFormation support at all is provided for this service.
<li><b>CloudTrail</b>: AWS is supposed to log all API calls to CloudTrail. This column indicates if the service logs at all to CloudTrail, as documented <ahref="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-unsupported-aws-services.html">here</a>. Note that new features of existing services often do not log to CloudTrail, for example, the boundary related APIs of IAM do not. Also, data level calls sometimes do not. In the case of S3 objects and Lambda invokes, you can specially configure CloudTrail to record these, but in some cases, such as the CloudWatch PutMetricData call, these are never recorded.
<li><b>Config</b>: The AWS Config service is meant to give you a snapshot of how an account looks. The resources it records are documented <ahref="https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html">here</a>. Some services, such as EC2, contain a lot of resource types, and not all resources are recorded by AWS Config.
<li><b>Encryption at rest by default</b>: In 2019, or really since maybe 2015 or earlier, you'd expect all data to be stored encrypted at rest by default. This is not the case with AWS. This column was researched manually by reviewing the docs. Some fields here need to be changed to "N/A" to account for the fact that they don't store any data.
