Amazon General Reference Reference guide Version 1.0 Amazon General Reference Reference guide Amazon General Reference: Reference guide Amazon General Reference Reference guide Table of Contents Amazon General Reference .................................................................................................................. 1 Amazon security credentials ................................................................................................................ 2 Amazon users ............................................................................................................................ 2 Tasks that require root user credentials ................................................................................. 3 Amazon credentials .................................................................................................................... 3 Console access ................................................................................................................... 4 Programmatic access .......................................................................................................... 5 Temporary access keys ........................................................................................................ 6 Amazon account identifiers ......................................................................................................... 6 Finding your Amazon account ID .......................................................................................... 7 Best practices for managing Amazon access keys ........................................................................... 7 Protect or don't create your root user access key .................................................................... 8 Manage access keys for IAM users ........................................................................................ 8 Use IAM roles instead of long-term access keys ...................................................................... 9 Access the mobile app using Amazon access keys ................................................................... 9 Learn more ...................................................................................................................... 10 Amazon security audit guidelines ............................................................................................... 10 When you should perform a security audit .......................................................................... 11 Guidelines for auditing ...................................................................................................... 11 Review your Amazon account credentials ............................................................................ 11 Review your IAM users ...................................................................................................... 12 Review your IAM groups .................................................................................................... 12 Review your IAM roles ...................................................................................................... 12 Review your IAM providers for SAML and OpenID Connect (OIDC) ........................................... 12 Review Your mobile apps .................................................................................................. 13 Review your Amazon EC2 security configuration ................................................................... 13 Review Amazon policies in other services ............................................................................ 13 Monitor activity in your Amazon account ............................................................................. 14 Tips for reviewing IAM policies ........................................................................................... 14 Learn more ...................................................................................................................... 15 Amazon resources ............................................................................................................................ 16 Tagging Amazon resources ........................................................................................................ 16 Best practices .................................................................................................................. 16 Tagging categories ........................................................................................................... 17 Tag naming limits and requirements ................................................................................... 17 Common tagging strategies ............................................................................................... 18 Tagging governance .......................................................................................................... 19 Learn more ...................................................................................................................... 19 Amazon Resource Names (ARNs) ................................................................................................ 20 ARN format ..................................................................................................................... 20 Paths in ARNs .................................................................................................................. 21 Amazon IP address ranges ................................................................................................................. 22 Download ................................................................................................................................ 22 Syntax ..................................................................................................................................... 22 Filtering the JSON file .............................................................................................................. 24 Windows ......................................................................................................................... 24 Linux .............................................................................................................................. 25 Implementing egress control ..................................................................................................... 26 Windows PowerShell ......................................................................................................... 27 jq ................................................................................................................................... 27 Python ............................................................................................................................ 27 Release notes ........................................................................................................................... 28 Amazon APIs ................................................................................................................................... 30 API retries ............................................................................................................................... 30 Version 1.0 iii Amazon General Reference Reference guide Signing Amazon API requests .................................................................................................... 32 When to sign requests ...................................................................................................... 32 Why requests are signed ................................................................................................... 32 Signing requests ............................................................................................................... 33 Signature versions ............................................................................................................ 33 Signature Version 4 signing process .................................................................................... 33 Signature Version 2 signing process .................................................................................... 61 Amazon SDK support for Amazon S3 client-side encryption ........................................................... 68 Amazon SDK features for Amazon S3 client-side encryption .................................................. 68 Amazon S3 encryption client cryptographic algorithms ......................................................... 69 Document conventions ...................................................................................................................... 71 Amazon glossary .............................................................................................................................. 73 Version 1.0 iv Amazon General Reference Reference guide Amazon General Reference The Amazon General Reference provides information that is useful across Amazon Web Services. Contents • Amazon security credentials (p. 2) • Amazon resources (p. 16) • Amazon IP address ranges (p. 22) • Amazon APIs (p. 30) • Document conventions (p. 71) • Amazon glossary (p. 73) Version 1.0 1 Amazon General Reference Reference guide Amazon users Amazon security credentials When you interact with Amazon, you specify your Amazon security credentials to verify who you are and whether you have permission to access the resources that you are requesting. Amazon uses the security credentials to authenticate and authorize your requests. For example, if you want to download a protected