└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Validated IAM Service Principal List for AWS China Regions.
 2 | 
 3 | | Service Name | Description | IAM Service Principal |
 4 | |:------------- |:-------------|:---------|
 5 | | API Gateway | Allows API Gateway to push logs to CloudWatch Logs. | apigateway.amazonaws.com |
 6 | | EC2 | Allows EC2 instances to call AWS services on your behalf. | ec2.amazonaws.com.cn |
 7 | | EC2 Role for AWS Systems Manager | Allows EC2 instances to call AWS services like CloudWatch and Systems Manager on your behalf. | ec2.amazonaws.com.cn |
 8 | | Lambda | Allows Lambda functions to call AWS services on your behalf. | lambda.amazonaws.com |
 9 | | AWS Greengrass Role | Allows AWS Greengrass to call AWS Services on your behalf. | greengrass.amazonaws.com |
10 | | EC2 - Fleet | Allows EC2 Fleet to launch and manage EC2 instances on your behalf.  | ec2fleet.amazonaws.com |
11 | | MediaConvert | Allows MediaConvert service to call S3 APIs and API Gateway on your behalf. | mediaconvert.amazonaws.com |
12 | | AWS Support | Allows AWS Support to access AWS resources to provide billing, administrative, and support services. | support.amazonaws.com |
13 | | EC2 Auto Scaling | Allows EC2 Auto Scaling to use or manage AWS services and resources on your behalf. | autoscaling.amazonaws.com |
14 | | EC2 Auto Scaling Notification Access | Allows EC2 Auto Scaling to publish to SNS and SQS notification targets in your account. | autoscaling.amazonaws.com.cn autoscaling.amazonaws.com |
15 | | RDS - Add Role to Database | Allows you to grant RDS access to additional resources on your behalf. | rds.amazonaws.com |
16 | | RDS - Directory Service | Allows RDS to manage Directory Service resources on your behalf. | rds.amazonaws.com directoryservice.rds.amazonaws.com |
17 | | RDS - Operations | Allows RDS to perform operations using AWS resources on your behalf. | rds.amazonaws.com |
18 | | RDS Role for Enhanced Monitoring | Allows RDS to manage CloudWatch Logs resources for Enhanced Monitoring on your behalf. | monitoring.rds.amazonaws.com |
19 | | Application Auto Scaling - AppStream | Allows Application Auto Scaling to call AppStream and CloudWatch on your behalf. | appstream.application-autoscaling.amazonaws.com |
20 | | Application Auto Scaling - Custom Resource | Allows Application Auto Scaling to call API Gateway and CloudWatch to manage scaling of a custom resource on your behalf. | custom-resource.application-autoscaling.amazonaws.com |
21 | | Application Auto Scaling - DynamoDB | Allows Application Auto Scaling to call DynamoDB and CloudWatch on your behalf. | dynamodb.application-autoscaling.amazonaws.com |
22 | | Application Auto Scaling - EC2 Spot Fleet | Allows Application Auto Scaling to call EC2 Spot Fleet and CloudWatch on your behalf. | ec2.application-autoscaling.amazonaws.com |
23 | | Application Auto Scaling - ECS | Allows Application Auto Scaling to call ECS and CloudWatch on your behalf. | ecs.application-autoscaling.amazonaws.com |
24 | | EMR | Allows Elastic MapReduce to call AWS services such as EC2 on your behalf. | elasticmapreduce.amazonaws.com.cn |
25 | | EMR - Cleanup | Allows EMR to terminate instances and delete resources from EC2 on your behalf. | elasticmapreduce.amazonaws.com.cn |
26 | | EMR Role for EC2 | Allows EC2 instances in an Elastic MapReduce cluster to call AWS services such as S3 on your behalf. | ec2.amazonaws.com.cn |
27 | | Redshift | Allows Redshift clusters to call AWS services on your behalf. | redshift.amazonaws.com |
28 | | Redshift - Scheduler | Allow Redshift Scheduler to call Redshift on your behalf. | scheduler.redshift.amazonaws.com |
29 | | CloudFormation | Allows CloudFormation to create and manage AWS stacks and resources on your behalf. | cloudformation.amazonaws.com |
30 | | ElastiCache | Allows ElastiCache to manage AWS resources for your cache on your behalf. | elasticache.amazonaws.com |
31 | | S3 | Allows S3 to call AWS services on your behalf. | s3.amazonaws.com | 
32 | | S3 Batch Operations | Allows S3 Batch Operations to call AWS services on your behalf. | batchoperations.s3.amazonaws.com |
33 | | CloudWatch - EC2 Actions | Allows CloudWatch to manage EC2 instances on your behalf. | events.amazonaws.com |
34 | | Elastic Beanstalk | Allows Elastic Beanstalk to create and manage AWS resources on your behalf. | elasticbeanstalk.amazonaws.com |
35 | | SMS | Allows Server Migration Service to create and manage AWS resources on your behalf. | sms.amazonaws.com |
36 | | CodeBuild | Allows CodeBuild to call AWS services on your behalf. | codebuild.amazonaws.com |
37 | | EC2 Role for Elastic Container Service | Allows EC2 instances in an ECS cluster to access ECS. | ec2.amazonaws.com.cn |
38 | | Elastic Container Service | Allows ECS to create and manage AWS resources on your behalf. | ecs.amazonaws.com |
39 | | Elastic Container Service Autoscale | Allows Auto Scaling to access and update ECS services. | application-autoscaling.amazonaws.com.cn |
40 | | Elastic Container Service Task | Allows ECS tasks to call AWS services on your behalf. | ecs-tasks.amazonaws.com |
41 | | SWF | Allows SWF workflows to invoke Lambda functions on your behalf. | swf.amazonaws.com |
42 | | CodeDeploy | Allows CodeDeploy to call AWS services such as Auto Scaling on your behalf. | codedeploy.amazonaws.com |
43 | | CodeDeployRoleForECS | Allows CodeDeploy service wide access to perform an ECS blue or green deployment on your behalf. | codedeploy.amazonaws.com |
44 | | CodeDeployRoleForLambda | Provides CodeDeploy service access to perform a Lambda deployment on your behalf. | codedeploy.amazonaws.com |
45 | | Elastic Load Balancing | Allows ELB to call AWS services on your behalf. | elasticloadbalancing.amazonaws.com |
46 | | Step Functions | Allows Step Functions to access AWS resources on your behalf. | states.amazonaws.com |
47 | | Config | Allows Config to call AWS services and collect resource configurations on your behalf. | config.amazonaws.com |
48 | | Config - Customizable | Allows Config to call AWS services and collect resource configurations on your behalf. | config.amazonaws.com.cn |
49 | | IoT | Allows IoT to call AWS services on your behalf. | iot.amazonaws.com |
50 | | Storage Gateway | Allows Storage Gateway to call AWS services on your behalf. | storagegateway.amazonaws.com |
51 | | DMS | Allows Database Migration Service to call AWS services on your behalf. | dms.amazonaws.com |
52 | | Kinesis Firehose | Allows Kinesis Firehose to transform and deliver data to your destinations using CloudWatch Logs, Lambda, and S3 on your behalf. | firehose.amazonaws.com |
53 | | Trusted Advisor | Allows Trusted Advisor to access AWS services on your behalf. | trustedadvisor.amazonaws.com |
54 | 


--------------------------------------------------------------------------------