Cloud lab specifications

Dive into a real, safe environment to get hands-on practice with AWS. We’re actively adding more services to give you the most options as possible to build new skills and explore.

Supported services

• API Gateway V1
• API Gateway V2
• Autoscaling
• Cloud Map
• CloudFormation
• CloudWatch Logs
• CloudWatch EventBridge
• Cognito-identity
• Cognito-idp
• Cognito-sync
• Elastic Compute Cloud (EC2)
• Elastic Container Registry (ECR)
• Elastic Container Service (ECS)
• EC2 ImageBuilder
• Elastic File System (EFS)
• Elastic Load Balancing V2 (ELB)
• Identity and Access Manager (IAM)
• IAM Access Analyzer
• Key Management Service (KMS)
• Kinesis
• Kinesis Analytics
• Kinesis Video
• Lambda
• Lightsail
• Relational Database Service (RDS)
• RDS Aurora
• Secrets Manager
• Simple Storage Service (S3)
• Simple Email Service (SES)
• Simple Notification Service (SNS)
• Security Token Service (STS)
• Simple Queue Service (SQS)
• Simple Systems Manager (SSM)
• Systems Manager
• Web Application Firewall (WAF)

Note: If a service or action isn’t explicitly stated in this list, it isn’t currently supported.

Allowed regions

• us-east-1 and us-west-2

Service limitations

We strive to provide the most access as possible to support your learning, but unfortunately, there are some limitations to what we can offer. You’ll receive an alert in the account if access isn’t allowed.

Unavailable across services

• Billing or account settings
• Root user access
• Organizations
• AWS support

EC2 limits

• Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small

S3 limits

• Can only be launched in us-east-1 and us-west-2 regions

IAM

• IAM users provisioned in the lab can’t be edited or removed.
• IAM default inline policy with timestamp can’t be edited or deleted (SCP DenyInlinePolicyEdits).

RDS limits

• Allowed instance types:
  • Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium
  • Memory optimized classes: db.r5d.large
• Standard classes: db.m5d.large
• Storage size limit: ≤ 250GB

Cloud labs misuse and abuse

Cloud labs are to be used for educational purposes only and within the scope of the lab instruction. We monitor for suspicious activity.

Resource providers

Below are the resource providers currently allowed. We’re actively expanding our capabilities and will add additional support in 2023.

Supported

• Microsoft.Authorization/policyDefinitions/read
• Microsoft.Authorization/policyDefinitions/write
• Microsoft.Cdn
• Microsoft.CognitiveServices
• Microsoft.Compute
• Microsoft.ContainerInstance
• Microsoft.ContainerRegistry
• Microsoft.ContainerService
• Microsoft.Databricks
• Microsoft.DevTestLab
• Microsoft.DocumentDB
• Microsoft.EventHub
• Microsoft.HDInsight
• Microsoft.KeyVault
• Microsoft.ManagedIdentity
• Microsoft.Network
• Microsoft.OperationalInsights
• Microsoft.OperationsManagement
• Microsoft.PolicyInsights
• Microsoft.ServiceBus
• Microsoft.Sql
• Microsoft.Storage
• Microsoft.Synapse
• Microsoft.Web

Note: If the resource provider isn’t explicitly stated in this list, it isn’t currently supported. See Azure’s documentation matching resource providers to services for more information.

Locations

• Allowed locations: westus and eastus

App service plan

• Allowed free and shared, basic, and standard services plans (docs)
  • SKU names: F1, D1, B1, B2, B3, S1, S2, S3

Virtual machines

• Allowed general-purpose VMs with vCPU ≤ 8 and memoryGB ≤ 32 (docs)
  • Sizes: B, Dsv3, Dv3, Dasv4, Dav4, DSv2, Dv2, Av2, DC, DCv2, Dv4, Dsv4, Ddv4, Ddsv4, Dv5, Dsv5, Ddv5, Ddsv5, Dasv5, Dadsv5

Cognitive services

• Allowed SKUs: F0, S0, S1, S2

Databricks

• Allowed standard workspaces

Elasticpools

• Allowed basic, standard tiers

Microsoft SQL

• Allowed SKUs (requestedServiceObjectiveName): Free, Basic, S0, S1, S2, S3, S4, S6, S7, S9, S12, DW100c, DW200c

Synapse Big Data Pools

• Allowed nodesizes: small and medium

Virtual machine scale sets

• Allowed general-purpose VMs with vCPU ≤ 8 and memoryGB ≤ 32 (docs)
  • Sizes: B, Dsv3, Dv3, Dasv4, Dav4, DSv2, Dv2, Av2, DC, DCv2, Dv4, Dsv4, Ddv4, Ddsv4, Dv5, Dsv5, Ddv5, Ddsv5, Dasv5, Dadsv5

Cloud labs misuse and abuse

Cloud labs are to be used for educational purposes only and within the scope of the lab instruction. We monitor for suspicious activity.

Supported services

• App Engine
• BigQuery
• Cloud Bigtable
• Cloud Functions
• Cloud Logging
• Cloud Monitoring
• Cloud NAT
• Cloud Run
• Cloud Spanner
• Cloud SQL
• Cloud Storage
• Cloud Trace
• Compute Engine
• Dataflow
• Dataproc
• Firestore
• IAM
• Kubernetes GKE
• Vertex AI
• Config Connector
• Cloud Shell
• Cloud SDK
• Cloud VPCs

Note: If a service or action isn’t explicitly stated in this list, it isn’t currently supported, but we are actively expanding access.

Service limitations

We strive to provide the most access possible to support your learning, but unfortunately, there are some limitations to what we can offer. You’ll receive an error in the account if access isn’t allowed.

Unavailable in account

• Set up cloud projects and accounts
  • Apply organizational policies to a resource hierarchy
  • Manage users and groups in Cloud Identity
  • Manage billing configuration
  • Configuring CLI and Cloud SDK
• Use service accounts across projects
• Cloud DNS domain registration
• Service usage quota adjustments
• Reserved capacity commitments

Cloud labs misuse and abuse

Cloud labs are to be used for educational purposes only and within the scope of the lab instruction. We monitor for suspicious activity.