When working with AWS IAM policies and trust relationships, you need to know the exact service principal for each AWS service. This comprehensive reference provides instant access to all 450+ AWS service principals, making IAM policy development faster and more accurate.
What is an AWS Service Principal?
A service principal is an identifier that represents an AWS service. Service principals are used in IAM policies to grant AWS services permission to perform actions on your behalf. They're essential for:
- Trust policies that allow services to assume IAM roles
- Resource-based policies that grant services access to resources
- Service-linked roles that AWS services use to perform actions
Why Use This Service Principal Reference?
When creating IAM policies, you need to know the exact service principal format for each AWS service. While AWS documentation provides this information, it's scattered across hundreds of service-specific pages.
This cheat sheet solves that problem by consolidating every AWS service principal into a single, searchable reference - saving you hours of documentation hunting.
Quick IAM Trust Policy Example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
How to Use This Service Principal Guide
- Search (Ctrl+F) for your AWS service (e.g., "lambda", "s3", "ec2")
- Find the service principal in the second column
- Click the documentation link for more details about IAM principals
- Copy the service principal into your IAM policy or trust relationship
- Configure your IAM policies with the correct service principal
Complete List of AWS Service Principals
The table below contains every AWS service principal, automatically fetched from the AWS Policy Generator and updated for 2025. Click the documentation link to learn more about IAM principals:
Total Unique Service Principals: 452 | With Documentation Links: 91 | Last Updated: December 2, 2025
| Service Name | Service Principal | Reference |
|---|---|---|
| AWS App2Container | a2c.amazonaws.com | |
| Alexa for Business | a4b.amazonaws.com | |
| AWS IAM Access Analyzer | access-analyzer.amazonaws.com | |
| AWS Account Management | account.amazonaws.com | |
| AWS Private Certificate Authority | acm-pca.amazonaws.com | |
| AWS Certificate Manager (ACM) | acm.amazonaws.com | Documentation |
| AWS Action Recommendations | action-recommendations.amazonaws.com | |
| AWS Activate | activate.amazonaws.com | |
| Amazon AI Operations | aiops.amazonaws.com | |
| AWS MWAA Serverless | airflow-serverless.amazonaws.com | |
| Amazon Managed Workflows for Apache Airflow | airflow.amazonaws.com | |
| AWS Amplify | amplify.amazonaws.com | |
| AWS Amplify Admin | amplifybackend.amazonaws.com | |
| AWS Amplify UI Builder | amplifyuibuilder.amazonaws.com | |
| Amazon OpenSearch Serverless | aoss.amazonaws.com | |
| Amazon API Gateway Management | apigateway.amazonaws.com | |
| Amazon AppIntegrations | app-integrations.amazonaws.com | Documentation |
| AWS AppConfig | appconfig.amazonaws.com | |
| AWS AppFabric | appfabric.amazonaws.com | |
| Amazon AppFlow | appflow.amazonaws.com | |
| AWS Application Auto Scaling | application-autoscaling.amazonaws.com | |
| Amazon CloudWatch Application Signals | application-signals.amazonaws.com | |
| AWS Application Transformation Service | application-transformation.amazonaws.com | |
| Amazon CloudWatch Application Insights | applicationinsights.amazonaws.com | |
| AWS App Mesh Preview | appmesh-preview.amazonaws.com | |
| AWS App Mesh Preview | appmesh.amazonaws.com | Documentation |
| AWS App Runner | apprunner.amazonaws.com | |
| Amazon AppStream 2.0 | appstream.amazonaws.com | |
| AWS App Studio | appstudio.amazonaws.com | |
| AWS AppSync | appsync.amazonaws.com | |
| AWS Mainframe Modernization Application Testing | apptest.amazonaws.com | |
| Amazon Managed Service for Prometheus | aps.amazonaws.com | |
| Amazon ARC Region switch | arc-region-switch.amazonaws.com | |
| Amazon Application Recovery Controller - Zonal Shift | arc-zonal-shift.amazonaws.com | |
| Application Discovery Arsenal | arsenal.amazonaws.com | |
| AWS Artifact | artifact.amazonaws.com | |
| Amazon Athena | athena.amazonaws.com | |
| AWS Audit Manager | auditmanager.amazonaws.com | Documentation |
| AWS Auto Scaling | autoscaling-plans.amazonaws.com | Documentation |
| Amazon EC2 Auto Scaling | autoscaling.amazonaws.com | Documentation |
| AWS Marketplace Management Portal | aws-marketplace-management.amazonaws.com | |
| AWS Marketplace | aws-marketplace.amazonaws.com | |
| AWS MCP Server | aws-mcp.amazonaws.com | |
| AWS Billing Console | aws-portal.amazonaws.com | |
| AWS Connector Service | awsconnector.amazonaws.com | |
| AWS B2B Data Interchange | b2bi.amazonaws.com | |
| AWS Backup Gateway | backup-gateway.amazonaws.com | |
| AWS Backup Search | backup-search.amazonaws.com | |
| AWS Backup storage | backup-storage.amazonaws.com | |
| AWS Backup | backup.amazonaws.com | |
| AWS Batch | batch.amazonaws.com | |
| AWS Billing and Cost Management Dashboards | bcm-dashboards.amazonaws.com | |
| AWS Billing And Cost Management Data Exports | bcm-data-exports.amazonaws.com | |
| AWS Billing And Cost Management Pricing Calculator | bcm-pricing-calculator.amazonaws.com | |
| AWS Billing And Cost Management Recommended Actions | bcm-recommended-actions.amazonaws.com | |
| Amazon Bedrock Agentcore | bedrock-agentcore.amazonaws.com | |
| Amazon Bedrock | bedrock.amazonaws.com | |
| AWS Billing | billing.amazonaws.com | |
| AWS Billing Conductor | billingconductor.amazonaws.com | |
| Amazon Braket | braket.amazonaws.com | |
| AWS Budget Service | budgets.amazonaws.com | |
| AWS BugBust | bugbust.amazonaws.com | |
| Amazon Connect Cases | cases.amazonaws.com | |
| Amazon Keyspaces (for Apache Cassandra) | cassandra.amazonaws.com | |
| AWS Cost Explorer Service | ce.amazonaws.com | |
| AWS Chatbot | chatbot.amazonaws.com | |
| Amazon Chime | chime.amazonaws.com | |
| AWS Clean Rooms ML | cleanrooms-ml.amazonaws.com | |
| AWS Clean Rooms | cleanrooms.amazonaws.com | |
| AWS Cloud9 | cloud9.amazonaws.com | Documentation |
| Amazon Cloud Directory | clouddirectory.amazonaws.com | |
| AWS Cloud Control API | cloudformation.amazonaws.com | |
| Amazon CloudFront KeyValueStore | cloudfront-keyvaluestore.amazonaws.com | |
| Amazon CloudFront | cloudfront.amazonaws.com | |
| AWS CloudHSM | cloudhsm.amazonaws.com | Documentation |
| Amazon CloudSearch | cloudsearch.amazonaws.com | |
| AWS CloudShell | cloudshell.amazonaws.com | |
| AWS CloudTrail Data | cloudtrail-data.amazonaws.com | |
| AWS CloudTrail | cloudtrail.amazonaws.com | |
| Amazon CloudWatch | cloudwatch.amazonaws.com | |
| AWS CodeArtifact | codeartifact.amazonaws.com | |
| AWS CodeBuild | codebuild.amazonaws.com | |
| Amazon CodeCatalyst | codecatalyst.amazonaws.com | Documentation |
| AWS CodeCommit | codecommit.amazonaws.com | |
| AWS CodeConnections | codeconnections.amazonaws.com | |
| AWS CodeDeploy secure host commands service | codedeploy-commands-secure.amazonaws.com | |
| AWS CodeDeploy | codedeploy.amazonaws.com | |
| Amazon CodeGuru Profiler | codeguru-profiler.amazonaws.com | Documentation |
| Amazon CodeGuru Reviewer | codeguru-reviewer.amazonaws.com | |
| Amazon CodeGuru Security | codeguru-security.amazonaws.com | |
| Amazon CodeGuru | codeguru.amazonaws.com | |
| AWS CodePipeline | codepipeline.amazonaws.com | |
| AWS CodeStar Connections | codestar-connections.amazonaws.com | |
| AWS CodeStar Notifications | codestar-notifications.amazonaws.com | Documentation |
| AWS CodeStar | codestar.amazonaws.com | |
| Amazon CodeWhisperer | codewhisperer.amazonaws.com | |
| Amazon Cognito Identity | cognito-identity.amazonaws.com | |
| Amazon Cognito User Pools | cognito-idp.amazonaws.com | |
| Amazon Cognito Sync | cognito-sync.amazonaws.com | |
| Amazon Comprehend | comprehend.amazonaws.com | |
| Amazon Comprehend Medical | comprehendmedical.amazonaws.com | |
| AWS Compute Optimizer | compute-optimizer.amazonaws.com | Documentation |
| AWS Config | config.amazonaws.com | Documentation |
| Amazon Connect Outbound Campaigns | connect-campaigns.amazonaws.com | |
| Amazon Connect | connect.amazonaws.com | Documentation |
| AWS Console Mobile App | consoleapp.amazonaws.com | |
| AWS Consolidated Billing | consolidatedbilling.amazonaws.com | |
| AWS Control Catalog | controlcatalog.amazonaws.com | |
| AWS Control Tower | controltower.amazonaws.com | |
| AWS Cost Optimization Hub | cost-optimization-hub.amazonaws.com | |
| AWS Cost and Usage Report | cur.amazonaws.com | |
| AWS Customer Verification Service | customer-verification.amazonaws.com | |
| AWS Glue DataBrew | databrew.amazonaws.com | |
| AWS Data Exchange | dataexchange.amazonaws.com | |
| AWS Data Pipeline | datapipeline.amazonaws.com | |
| AWS DataSync | datasync.amazonaws.com | |
| Amazon DataZone | datazone.amazonaws.com | |
| Amazon DynamoDB Accelerator (DAX) | dax.amazonaws.com | Documentation |
| Database Query Metadata Service | dbqms.amazonaws.com | |
| AWS Deadline Cloud | deadline.amazonaws.com | |
| AWS DeepComposer | deepcomposer.amazonaws.com | |
| AWS DeepRacer | deepracer.amazonaws.com | |
| Amazon Detective | detective.amazonaws.com | |
| AWS Device Farm | devicefarm.amazonaws.com | |
| Amazon DevOps Guru | devops-guru.amazonaws.com | Documentation |
| AWS Direct Connect | directconnect.amazonaws.com | Documentation |
| AWS Application Discovery Service | discovery.amazonaws.com | |
| Amazon Data Lifecycle Manager | dlm.amazonaws.com | |
| AWS Database Migration Service | dms.amazonaws.com | |
| Amazon DocumentDB Elastic Clusters | docdb-elastic.amazonaws.com | Documentation |
| AWS Elastic Disaster Recovery | drs.amazonaws.com | Documentation |
| AWS Directory Service Data | ds-data.amazonaws.com | |
| AWS Directory Service | ds.amazonaws.com | Documentation |
| Amazon Aurora DSQL | dsql.amazonaws.com | |
| Amazon DynamoDB | dynamodb.amazonaws.com | |
| Amazon Elastic Block Store | ebs.amazonaws.com | |
| Amazon EC2 Instance Connect | ec2-instance-connect.amazonaws.com | Documentation |
| Amazon EC2 | ec2.amazonaws.com | |
| Application Auto Scaling | ec2.application-autoscaling.amazonaws.com | Documentation |
| Amazon Message Delivery Service | ec2messages.amazonaws.com | |
| Amazon Elastic Container Registry Public | ecr-public.amazonaws.com | |
| Amazon Elastic Container Registry | ecr.amazonaws.com | |
| Amazon Elastic Container Service | ecs.amazonaws.com | |
| Amazon EKS Auth | eks-auth.amazonaws.com | |
| Amazon EKS MCP Server | eks-mcp.amazonaws.com | |
| Amazon Elastic Kubernetes Service | eks.amazonaws.com | |
| Amazon ElastiCache | elasticache.amazonaws.com | Documentation |
| AWS Elastic Beanstalk | elasticbeanstalk.amazonaws.com | |
| Amazon Elastic File System (Amazon EFS) | elasticfilesystem.amazonaws.com | Documentation |
| AWS Elastic Load Balancing V2 | elasticloadbalancing.amazonaws.com | Documentation |
| Amazon Elastic MapReduce | elasticmapreduce.amazonaws.com | |
| Amazon Elastic Transcoder | elastictranscoder.amazonaws.com | |
| AWS Elemental Appliances and Software Activation Service | elemental-activations.amazonaws.com | |
| AWS Elemental Appliances and Software | elemental-appliances-software.amazonaws.com | |
| AWS Elemental Support Cases | elemental-support-cases.amazonaws.com | |
| AWS Elemental Support Content | elemental-support-content.amazonaws.com | |
| Amazon Cognito user pools | email.cognito-idp.amazonaws.com | Documentation |
| Amazon EMR on EKS (EMR Containers) | emr-containers.amazonaws.com | Documentation |
| Amazon EMR Serverless | emr-serverless.amazonaws.com | |
| AWS Entity Resolution | entityresolution.amazonaws.com | |
| Amazon OpenSearch Service | es.amazonaws.com | |
| Amazon EventBridge | events.amazonaws.com | |
| Amazon WorkMail | events.workmail.amazonaws.com | Documentation |
| Amazon CloudWatch Evidently | evidently.amazonaws.com | |
| Amazon Elastic VMware Service | evs.amazonaws.com | Documentation |
| Amazon API Gateway | execute-api.amazonaws.com | |
| Amazon FinSpace API | finspace-api.amazonaws.com | |
| Amazon FinSpace | finspace.amazonaws.com | Documentation |
| Amazon Kinesis Firehose | firehose.amazonaws.com | |
| AWS Fault Injection Service | fis.amazonaws.com | Documentation |
| AWS Firewall Manager | fms.amazonaws.com | |
| Amazon Forecast | forecast.amazonaws.com | |
| Amazon Fraud Detector | frauddetector.amazonaws.com | |
| Amazon FreeRTOS | freertos.amazonaws.com | |
| AWS Free Tier | freetier.amazonaws.com | |
| Amazon FSx | fsx.amazonaws.com | |
| Amazon GameLift Servers | gamelift.amazonaws.com | |
| Amazon GameLift Streams | gameliftstreams.amazonaws.com | |
| Amazon Location Service Maps | geo-maps.amazonaws.com | |
| Amazon Location Service Places | geo-places.amazonaws.com | |
| Amazon Location Service Routes | geo-routes.amazonaws.com | |
| Amazon Location | geo.amazonaws.com | |
| Amazon S3 Glacier | glacier.amazonaws.com | |
| AWS Global Accelerator | globalaccelerator.amazonaws.com | Documentation |
| AWS Glue | glue.amazonaws.com | |
| Amazon Managed Grafana | grafana.amazonaws.com | Documentation |
| AWS IoT Greengrass | greengrass.amazonaws.com | |
| AWS Ground Station | groundstation.amazonaws.com | Documentation |
| Amazon GroundTruth Labeling | groundtruthlabeling.amazonaws.com | |
| Amazon GuardDuty | guardduty.amazonaws.com | |
| AWS Health APIs and Notifications | health.amazonaws.com | |
| AWS HealthLake | healthlake.amazonaws.com | |
| Amazon Honeycode | honeycode.amazonaws.com | |
| AWS Identity and Access Management (IAM) | iam.amazonaws.com | |
| AWS Identity Sync | identity-sync.amazonaws.com | |
| AWS Identity Store Auth | identitystore-auth.amazonaws.com | |
| AWS Identity Store | identitystore.amazonaws.com | |
| Amazon EC2 Image Builder | imagebuilder.amazonaws.com | Documentation |
| AWS Import Export Disk Service | importexport.amazonaws.com | |
| Amazon InspectorScan | inspector-scan.amazonaws.com | |
| Amazon Inspector Classic | inspector.amazonaws.com | Documentation |
| Amazon Inspector2 | inspector2.amazonaws.com | |
| Amazon CloudWatch Internet Monitor | internetmonitor.amazonaws.com | |
| AWS Invoicing Service | invoicing.amazonaws.com | |
| AWS IoT Device Tester | iot-device-tester.amazonaws.com | |
| AWS IoT | iot.amazonaws.com | |
| AWS IoT Analytics | iotanalytics.amazonaws.com | |
| AWS IoT Core Device Advisor | iotdeviceadvisor.amazonaws.com | |
| AWS IoT Events | iotevents.amazonaws.com | |
| AWS IoT Fleet Hub for Device Management | iotfleethub.amazonaws.com | |
| AWS IoT FleetWise | iotfleetwise.amazonaws.com | |
| AWS IoT Jobs DataPlane | iotjobsdata.amazonaws.com | |
| AWS IoT Managed Integrations Service | iotmanagedintegrations.amazonaws.com | Documentation |
| AWS IoT SiteWise | iotsitewise.amazonaws.com | |
| AWS IoT TwinMaker | iottwinmaker.amazonaws.com | Documentation |
| AWS IoT Wireless | iotwireless.amazonaws.com | |
| AWS IQ Permissions | iq-permission.amazonaws.com | |
| AWS IQ | iq.amazonaws.com | |
| Amazon Interactive Video Service | ivs.amazonaws.com | Documentation |
| Amazon Interactive Video Service Chat | ivschat.amazonaws.com | |
| Apache Kafka APIs for Amazon MSK clusters | kafka-cluster.amazonaws.com | |
| Amazon Managed Streaming for Apache Kafka | kafka.amazonaws.com | |
| Amazon Managed Streaming for Kafka Connect | kafkaconnect.amazonaws.com | Documentation |
| Amazon Kendra Intelligent Ranking | kendra-ranking.amazonaws.com | |
| Amazon Kendra | kendra.amazonaws.com | |
| Amazon Kinesis Data Streams | kinesis.amazonaws.com | |
| Amazon Kinesis Analytics | kinesisanalytics.amazonaws.com | |
| Amazon Kinesis Video Streams | kinesisvideo.amazonaws.com | |
| AWS Key Management Service | kms.amazonaws.com | |
| AWS Lake Formation | lakeformation.amazonaws.com | Documentation |
| AWS Lambda | lambda.amazonaws.com | |
| AWS Launch Wizard | launchwizard.amazonaws.com | |
| Amazon Lex | lex.amazonaws.com | Documentation |
| Amazon Lex V2 | lexv2.amazonaws.com | Documentation |
| AWS License Manager Linux Subscriptions Manager | license-manager-linux-subscriptions.amazonaws.com | |
| AWS License Manager User Subscriptions | license-manager-user-subscriptions.amazonaws.com | Documentation |
| AWS License Manager | license-manager.amazonaws.com | |
| Amazon Lightsail | lightsail.amazonaws.com | |
| Amazon CloudWatch Logs | logs.amazonaws.com | Documentation |
| Amazon Lookout for Equipment | lookoutequipment.amazonaws.com | |
| Amazon Lookout for Metrics | lookoutmetrics.amazonaws.com | |
| Amazon Lookout for Vision | lookoutvision.amazonaws.com | |
| AWS Mainframe Modernization Service | m2.amazonaws.com | Documentation |
| Amazon Machine Learning | machinelearning.amazonaws.com | |
| Amazon Macie | macie.amazonaws.com | Documentation |
| Amazon Macie | macie2.amazonaws.com | |
| Amazon Managed Blockchain Query | managedblockchain-query.amazonaws.com | |
| Amazon Managed Blockchain | managedblockchain.amazonaws.com | |
| AWS Migration Acceleration Program Credits | mapcredits.amazonaws.com | |
| AWS Marketplace Commerce Analytics Service | marketplacecommerceanalytics.amazonaws.com | |
| Amazon Mechanical Turk | mechanicalturk.amazonaws.com | |
| AWS Elemental MediaConnect | mediaconnect.amazonaws.com | |
| AWS Elemental MediaConvert | mediaconvert.amazonaws.com | |
| AmazonMediaImport | mediaimport.amazonaws.com | |
| AWS Elemental MediaLive | medialive.amazonaws.com | |
| AWS Elemental MediaPackage VOD | mediapackage-vod.amazonaws.com | |
| AWS Elemental MediaPackage | mediapackage.amazonaws.com | |
| AWS Elemental MediaPackage V2 | mediapackagev2.amazonaws.com | |
| AWS Elemental MediaStore | mediastore.amazonaws.com | |
| AWS Elemental MediaTailor | mediatailor.amazonaws.com | |
| AWS HealthImaging | medical-imaging.amazonaws.com | |
| Amazon MemoryDB | memorydb.amazonaws.com | Documentation |
| AWS Migration Hub | mgh.amazonaws.com | |
| AWS Application Migration Service | mgn.amazonaws.com | Documentation |
| AWS Migration Hub Orchestrator | migrationhub-orchestrator.amazonaws.com | Documentation |
| AWS Migration Hub Strategy Recommendations | migrationhub-strategy.amazonaws.com | Documentation |
| Amazon Mobile Analytics | mobileanalytics.amazonaws.com | |
| Amazon Pinpoint | mobiletargeting.amazonaws.com | |
| Amazon Monitron | monitron.amazonaws.com | |
| Multi-party approval | mpa.amazonaws.com | |
| Amazon MQ | mq.amazonaws.com | Documentation |
| Amazon Neptune | neptune-db.amazonaws.com | |
| Amazon Neptune Analytics | neptune-graph.amazonaws.com | |
| AWS Network Firewall | network-firewall.amazonaws.com | Documentation |
| AWS Shield network security director | network-security-director.amazonaws.com | |
| Network Flow Monitor | networkflowmonitor.amazonaws.com | |
| AWS Network Manager Chat | networkmanager-chat.amazonaws.com | |
| AWS Network Manager | networkmanager.amazonaws.com | Documentation |
| Amazon CloudWatch Network Synthetic Monitor | networkmonitor.amazonaws.com | |
| Amazon Nimble Studio | nimble.amazonaws.com | |
| AWS User Notifications Contacts | notifications-contacts.amazonaws.com | |
| AWS User Notifications | notifications.amazonaws.com | |
| Amazon CloudWatch Observability Access Manager | oam.amazonaws.com | |
| Amazon OpenSearch Serverless | observability.aoss.amazonaws.com | Documentation |
| Amazon CloudWatch Observability Admin Service | observabilityadmin.amazonaws.com | |
| AWS Service - Oracle Database@AWS | odb.amazonaws.com | |
| AWS HealthOmics | omics.amazonaws.com | |
| Amazon One Enterprise | one.amazonaws.com | |
| Amazon OpenSearch | opensearch.amazonaws.com | |
| Amazon API Gateway | ops.apigateway.amazonaws.com | Documentation |
| Amazon EMR Serverless | ops.emr-serverless.amazonaws.com | Documentation |
| AWS OpsWorks Configuration Management | opsworks-cm.amazonaws.com | |
| AWS OpsWorks | opsworks.amazonaws.com | |
| AWS Organizations | organizations.amazonaws.com | |
| Amazon OpenSearch Ingestion | osis.amazonaws.com | |
| AWS Outposts | outposts.amazonaws.com | Documentation |
| AWS Panorama | panorama.amazonaws.com | Documentation |
| AWS Partner central account management | partnercentral-account-management.amazonaws.com | |
| AWS Partner Central | partnercentral.amazonaws.com | |
| AWS Payment Cryptography | payment-cryptography.amazonaws.com | |
| AWS Payments | payments.amazonaws.com | |
| AWS Private CA Connector for Active Directory | pca-connector-ad.amazonaws.com | |
| AWS Private CA Connector for SCEP | pca-connector-scep.amazonaws.com | |
| AWS Parallel Computing Service | pcs.amazonaws.com | Documentation |
| AWS IQ | permission.iq.amazonaws.com | Documentation |
| Amazon Personalize | personalize.amazonaws.com | |
| AWS Performance Insights | pi.amazonaws.com | |
| Amazon EventBridge Pipes | pipes.amazonaws.com | |
| Amazon Polly | polly.amazonaws.com | |
| Amazon Route 53 Recovery Readiness | practice-run.arc-zonal-shift.amazonaws.com | Documentation |
| AWS Price List | pricing.amazonaws.com | |
| AWS PricingPlanManager Service | pricingplanmanager.amazonaws.com | |
| AWS service providing managed private networks | private-networks.amazonaws.com | |
| Amazon Connect Customer Profiles | profile.amazonaws.com | Documentation |
| AWS Proton | proton.amazonaws.com | |
| AWS Purchase Orders Console | purchase-orders.amazonaws.com | |
| Amazon Q | q.amazonaws.com | |
| Amazon Q Business Q Apps | qapps.amazonaws.com | Documentation |
| Amazon Q Business | qbusiness.amazonaws.com | Documentation |
| Amazon Q Developer | qdeveloper.amazonaws.com | |
| Amazon QLDB | qldb.amazonaws.com | |
| Amazon QuickSight | quicksight.amazonaws.com | |
| AWS Resource Access Manager (AWS RAM) | ram.amazonaws.com | Documentation |
| AWS Recycle Bin | rbin.amazonaws.com | |
| Amazon RDS Data API | rds-data.amazonaws.com | |
| Amazon RDS IAM Authentication | rds-db.amazonaws.com | |
| Amazon Relational Database Service (Amazon RDS) ( Info ) | rds.amazonaws.com | Documentation |
| Amazon Redshift Data API | redshift-data.amazonaws.com | |
| Amazon Redshift Serverless | redshift-serverless.amazonaws.com | |
| Amazon Redshift | redshift.amazonaws.com | Documentation |
| AWS Migration Hub Refactor Spaces | refactor-spaces.amazonaws.com | Documentation |
| Amazon Rekognition | rekognition.amazonaws.com | |
| AWS CodeStar Connections | repository.sync.codeconnections.amazonaws.com | Documentation |
| AWS re:Post Private | repostspace.amazonaws.com | Documentation |
| AWS Resilience Hub | resiliencehub.amazonaws.com | |
| AWS Resource Explorer | resource-explorer-2.amazonaws.com | Documentation |
| Tag Editor | resource-explorer.amazonaws.com | |
| AWS Resource Groups | resource-groups.amazonaws.com | |
| AWS Resource Groups | resourcegroups.amazonaws.com | Documentation |
| Amazon RHEL Knowledgebase Portal | rhelkb.amazonaws.com | |
| AWS RoboMaker | robomaker.amazonaws.com | |
| AWS Identity and Access Management Roles Anywhere | rolesanywhere.amazonaws.com | Documentation |
| Amazon Route 53 Recovery Cluster | route53-recovery-cluster.amazonaws.com | |
| Amazon Route 53 Recovery Controls | route53-recovery-control-config.amazonaws.com | |
| Amazon Route 53 Recovery Readiness | route53-recovery-readiness.amazonaws.com | |
| Amazon Route 53 | route53.amazonaws.com | |
| Amazon Route 53 Domains | route53domains.amazonaws.com | |
| AWS Route53 Global Resolver | route53globalresolver.amazonaws.com | |
| Amazon Route 53 Profiles | route53profiles.amazonaws.com | |
| Amazon Route 53 Resolver | route53resolver.amazonaws.com | |
| AWS RTB Fabric | rtbfabric.amazonaws.com | Documentation |
| AWS CloudWatch RUM | rum.amazonaws.com | |
| Amazon S3 Object Lambda | s3-object-lambda.amazonaws.com | |
| Amazon Simple Storage Service (Amazon S3) on AWS Outposts | s3-outposts.amazonaws.com | Documentation |
| Amazon S3 | s3.amazonaws.com | |
| Amazon S3 Express | s3express.amazonaws.com | |
| Amazon S3 Tables | s3tables.amazonaws.com | |
| Amazon S3 Vectors | s3vectors.amazonaws.com | |
| Amazon SageMaker data science assistant | sagemaker-data-science-assistant.amazonaws.com | |
| Amazon SageMaker geospatial capabilities | sagemaker-geospatial.amazonaws.com | |
| Amazon SageMaker with MLflow | sagemaker-mlflow.amazonaws.com | |
| Amazon SageMaker Unified Studio MCP | sagemaker-unified-studio-mcp.amazonaws.com | |
| Amazon SageMaker | sagemaker.amazonaws.com | |
| AWS Savings Plans | savingsplans.amazonaws.com | |
| Amazon EventBridge Scheduler | scheduler.amazonaws.com | |
| Amazon EventBridge Schemas | schemas.amazonaws.com | |
| AWS Supply Chain | scn.amazonaws.com | |
| Amazon SimpleDB | sdb.amazonaws.com | |
| AWS Secrets Manager | secretsmanager.amazonaws.com | |
| AWS Security Incident Response | security-ir.amazonaws.com | |
| AWS Security Hub | securityhub.amazonaws.com | Documentation |
| Amazon Security Lake | securitylake.amazonaws.com | |
| AWS Serverless Application Repository | serverlessrepo.amazonaws.com | |
| AWS Service Catalog | servicecatalog.amazonaws.com | |
| AWS Cloud Map | servicediscovery.amazonaws.com | |
| AWS Microservice Extractor for .NET | serviceextract.amazonaws.com | |
| Service Quotas | servicequotas.amazonaws.com | |
| Amazon Simple Email Service (Amazon SES) v2 | ses.amazonaws.com | Documentation |
| AWS Shield | shield.amazonaws.com | Documentation |
| AWS Signer | signer.amazonaws.com | |
| AWS Signin | signin.amazonaws.com | |
| AWS SimSpace Weaver | simspaceweaver.amazonaws.com | |
| AWS End User Messaging SMS and Voice V2 | sms-voice.amazonaws.com | Documentation |
| AWS Server Migration Service | sms.amazonaws.com | |
| AWS Snow Device Management | snow-device-management.amazonaws.com | |
| AWS Snowball | snowball.amazonaws.com | |
| Amazon SNS | sns.amazonaws.com | |
| AWS End User Messaging Social | social-messaging.amazonaws.com | Documentation |
| AWS SQL Workbench | sqlworkbench.amazonaws.com | |
| Amazon SQS | sqs.amazonaws.com | |
| AWS Systems Manager Incident Manager Contacts | ssm-contacts.amazonaws.com | |
| AWS Systems Manager GUI Connect | ssm-guiconnect.amazonaws.com | |
| AWS Systems Manager Incident Manager | ssm-incidents.amazonaws.com | Documentation |
| AWS Systems Manager Quick Setup | ssm-quicksetup.amazonaws.com | |
| AWS Systems Manager for SAP | ssm-sap.amazonaws.com | |
| AWS Systems Manager | ssm.amazonaws.com | |
| Amazon Message Gateway Service | ssmmessages.amazonaws.com | |
| AWS IAM Identity Center directory | sso-directory.amazonaws.com | |
| AWS IAM Identity Center OIDC service | sso-oauth.amazonaws.com | |
| AWS IAM Identity Center | sso.amazonaws.com | Documentation |
| AWS Step Functions | states.amazonaws.com | |
| AWS Storage Gateway | storagegateway.amazonaws.com | |
| AWS Security Token Service | sts.amazonaws.com | |
| AWS Support Console | support-console.amazonaws.com | |
| AWS Support | support.amazonaws.com | Documentation |
| AWS Support App in Slack | supportapp.amazonaws.com | |
| AWS Support Plans | supportplans.amazonaws.com | |
| AWS Sustainability | sustainability.amazonaws.com | |
| Amazon Simple Workflow Service | swf.amazonaws.com | |
| Amazon CloudWatch Synthetics | synthetics.amazonaws.com | |
| Amazon Resource Group Tagging API | tag.amazonaws.com | |
| AWS Tax Settings | tax.amazonaws.com | |
| Amazon Textract | textract.amazonaws.com | |
| Amazon WorkSpaces Thin Client | thinclient.amazonaws.com | |
| Amazon Timestream InfluxDB | timestream-influxdb.amazonaws.com | |
| Amazon Timestream | timestream.amazonaws.com | |
| Amazon Timestream Influxdb | timestreamforinfluxdb.amazonaws.com | Documentation |
| AWS Tiros | tiros.amazonaws.com | |
| AWS Telco Network Builder | tnb.amazonaws.com | |
| Amazon Transcribe | transcribe.amazonaws.com | |
| AWS Transfer Family | transfer.amazonaws.com | |
| AWS Transform Custom | transform-custom.amazonaws.com | |
| AWS Transform | transform.amazonaws.com | |
| Amazon Translate | translate.amazonaws.com | |
| AWS Security Incident Response | triage.security-ir.amazonaws.com | Documentation |
| AWS Trusted Advisor | trustedadvisor.amazonaws.com | Documentation |
| AWS Diagnostic tools | ts.amazonaws.com | |
| AWS User Subscriptions | user-subscriptions.amazonaws.com | |
| AWS Service for managing AWS Console user experience capabilities. | uxc.amazonaws.com | |
| AWS Marketplace Vendor Insights | vendor-insights.amazonaws.com | |
| AWS Verified Access | verified-access.amazonaws.com | |
| Amazon Verified Permissions | verifiedpermissions.amazonaws.com | |
| Amazon Connect Voice ID | voiceid.amazonaws.com | |
| Amazon VPC Lattice Services | vpc-lattice-svcs.amazonaws.com | |
| Amazon VPC Lattice | vpc-lattice.amazonaws.com | Documentation |
| AWS PrivateLink | vpce.amazonaws.com | |
| Amazon CloudFront | vpcorigin.cloudfront.amazonaws.com | Documentation |
| AWS WAF Regional | waf-regional.amazonaws.com | |
| AWS WAF Regional | waf.amazonaws.com | Documentation |
| AWS WAF V2 | wafv2.amazonaws.com | Documentation |
| Amazon WorkSpaces Application Manager | wam.amazonaws.com | |
| AWS Well-Architected Tool | wellarchitected.amazonaws.com | |
| AWS Wickr | wickr.amazonaws.com | |
| Amazon Q in Connect | wisdom.amazonaws.com | |
| Amazon WorkDocs | workdocs.amazonaws.com | |
| Amazon WorkLink | worklink.amazonaws.com | |
| Amazon WorkMail | workmail.amazonaws.com | |
| Amazon WorkMail Message Flow | workmailmessageflow.amazonaws.com | |
| AWS WorkSpaces Managed Instances | workspaces-instances.amazonaws.com | |
| Amazon WorkSpaces Secure Browser | workspaces-web.amazonaws.com | |
| Amazon WorkSpaces | workspaces.amazonaws.com | |
| AWS X-Ray | xray.amazonaws.com |
Note: The data is automatically fetched from the official AWS Policy Generator and parsed into this markdown table using a custom Node.js script. The table is regularly updated to include the latest AWS services.
Common Use Cases for Service Principals
Service principals are commonly used in these scenarios:
-
Lambda Execution Roles: Allow Lambda to write logs to CloudWatch
- Service Principal:
lambda.amazonaws.com
- Service Principal:
-
EC2 Instance Profiles: Allow EC2 instances to call AWS services
- Service Principal:
ec2.amazonaws.com
- Service Principal:
-
ECS Task Roles: Enable ECS tasks to access AWS resources
- Service Principal:
ecs-tasks.amazonaws.com
- Service Principal:
-
CodeBuild Service Roles: Grant CodeBuild permissions to build projects
- Service Principal:
codebuild.amazonaws.com
- Service Principal:
-
EventBridge Rules: Allow EventBridge to invoke targets
- Service Principal:
events.amazonaws.com
- Service Principal:
Generate Service Principals in VS Code
If you prefer working directly in your IDE, I've created a VS Code extension that automatically generates IAM service principal snippets for you.
Instead of looking up this table every time, you can simply use the IAM Service Principal Snippets extension to autocomplete service principals directly in your IAM policies.
More Useful AWS Cheat Sheets, Lists and Tables
- AWS CloudFormation Resource Attributes - Complete reference of all CloudFormation resource types and their attributes
- AWS CloudFormation Resource Properties - Comprehensive table of all CloudFormation resource properties
- Amazon Resource Names (ARNs) - Complete reference list of ARNs for all AWS services
- AWS Trusted Advisor Cheat Sheet - Cheat Sheet containing a practical overview of checks that are being done by the AWS Trusted Advisor
- AWS IAM Documentation - Official guide to IAM policy principals