AWS Service Coverage¶

Version: v0.5.0 Events: 411 CloudTrail events Services: 23 AWS services Status: Production Ready

TFDrift-Falco monitors 411 CloudTrail events across 23 AWS services. This page provides an overview of AWS service coverage.

For GCP service coverage, see GCP Services →.

Coverage Summary¶

Service	Events	Status	Documentation
EC2	8	✅ Full	View →
VPC	19	✅ Full	View →
S3	12	✅ Full	View →
RDS/Aurora	11	✅ Full	View →
IAM	14	✅ Full	View →
KMS	13	✅ Full	View →
API Gateway	9	⚠️ Partial	View →
Route53	6	✅ Full	View →
CloudFront	6	✅ Full	View →
SNS	8	✅ Full	View →
SQS	7	✅ Full	View →
ECR	9	✅ Full	View →
Total	122

Service Categories¶

Compute¶

EC2¶

Instance lifecycle management
Instance attribute modifications
Network interface changes
Tagging operations

Full EC2 Coverage →

Networking¶

VPC¶

Security group rules (ingress/egress)
Route table modifications
NAT Gateway operations
Internet Gateway attachments

Full VPC Coverage →

Route53¶

DNS record changes
Hosted zone management
VPC associations

Full Route53 Coverage →

CloudFront¶

Distribution configuration
Origin modifications
Cache policy updates

Full CloudFront Coverage →

Storage¶

S3¶

Bucket configuration
Encryption settings
Bucket policies
Public access blocks
Lifecycle rules

Full S3 Coverage →

Databases¶

RDS / Aurora¶

Instance and cluster configuration
Engine version upgrades
Multi-AZ changes
Backup settings
Parameter groups

Full RDS Coverage →

Security & Identity¶

IAM¶

Role trust policies
Policy attachments/detachments
Inline policy modifications
User management

Full IAM Coverage →

KMS¶

Key management
Key policies
Key rotation
Key deletion scheduling

Full KMS Coverage →

Application Services¶

API Gateway¶

REST API configuration
Authorizer management
Stage deployments
Throttling settings

Full API Gateway Coverage →

Messaging¶

SNS¶

Topic configuration
Subscription management
Topic policies
Encryption settings

Full SNS Coverage →

SQS¶

Queue configuration
Dead letter queues
Queue policies
Encryption settings

Full SQS Coverage →

Containers¶

ECR¶

Repository management
Image scanning configuration
Tag mutability
Lifecycle policies

Full ECR Coverage →

Coverage Status Legend¶

Icon	Status	Description
✅	Full	All major events covered
⚠️	Partial	Core events covered, some advanced features pending
🚧	In Progress	Under development
📅	Planned	Planned for future release

Planned Service Additions (v0.3.0)¶

The following services are planned for v0.3.0:

Lambda: Function configuration, triggers, environment variables
ECS: Task definitions, services, cluster configuration
EKS: Cluster configuration, node groups, add-ons
Step Functions: State machine definitions
WAF: Web ACL rules, rate limiting
CodePipeline: Pipeline configuration

View v0.3.0 Release Plan →

Requesting New Service Coverage¶

Need coverage for a service not listed here?

Check existing issues: GitHub Issues
Open a new request: Request Service Coverage
Contribute: See Contributing Guide

Service-Specific Limitations¶

Each service has known limitations documented in its respective page. Common limitations include:

Eventual consistency: Some AWS services (IAM, Route53) have eventual consistency
CloudTrail delays: Regional events may have 5-15 minute delay
Complex attributes: Nested resource configurations may have partial coverage

Refer to individual service documentation for details.