Cloud lab specifications

Cloud labs provide preconfigured browser-based environments that will provision real, temporary cloud platform user accounts, lasting 60 minutes.

They’re intended to be used for educational purposes only. We monitor for suspicious or abusive behavior, including any misuse of a lab beyond its stated educational purpose or activities.

AWS cloud labs & sandbox

AWS cloud labs and the AWS sandbox provide you with a real, safe environment to get hands-on practice with AWS. We’re actively adding more services to give you the most options as possible to build new skills and explore.

Supported services

  • API Gateway V1
  • API Gateway V2
  • Autoscaling
  • Cloud Map
  • CloudFormation
  • CloudWatch Logs
  • CloudWatch EventBridge
  • Cognito-identity
  • Cognito-idp
  • Cognito-sync
  • Elastic Compute Cloud (EC2)
  • Elastic Container Registry (ECR)
  • Elastic Container Service (ECS)
  • EC2 ImageBuilder
  • Elastic File System (EFS)
  • Elastic Load Balancing V2 (ELB)
  • Identity and Access Manager (IAM)
  • IAM Access Analyzer
  • Key Management Service (KMS)
  • Kinesis
  • Kinesis Analytics
  • Kinesis Video
  • Lambda
  • Lightsail
  • Relational Database Service (RDS)
  • RDS Aurora
  • Secrets Manager
  • Simple Storage Service (S3)
  • Simple Email Service (SES)
  • Simple Notification Service (SNS)
  • Security Token Service (STS)
  • Simple Queue Service (SQS)
  • Simple Systems Manager (SSM)
  • Systems Manager
  • Web Application Firewall (WAF)

Note: If a service or action isn’t explicitly stated in this list, it isn’t currently supported.

Allowed regions

  • us-east-1 and us-west-2

Service limitations

We strive to provide the most access as possible to support your learning, but unfortunately, there are some limitations to what we can offer. You’ll receive an alert in the account if access isn’t allowed.

Unavailable across services

  • Billing or account settings
  • Root user access
  • Organizations
  • AWS support

EC2 limits

  • Allowed instance types: t2.nano, t2.micro, t2.small, t3.nano, t3.micro, t3.small, t4g.nano, t4g.micro, t4g.small

S3 limits

  • Can only be launched in us-east-1 and us-west-2 regions

IAM

  • IAM users provisioned in the lab can’t be edited or removed.
  • IAM default inline policy with timestamp can’t be edited or deleted (SCP DenyInlinePolicyEdits).

RDS limits

  • Allowed instance types:
    • Burstable classes: db.t2.micro, db.t3.micro, db.t3.small, db.t3.medium, db.tg4.micro, db.tg4.small, db.t4g.medium
    • Memory optimized classes: db.r5d.large
  • Standard classes: db.m5d.large
  • Storage size limit: ≤ 250GB

Cloud labs misuse and abuse

Cloud labs are to be used for educational purposes only and within the scope of the lab instruction. We monitor activity for abusive behavior.

Azure cloud labs & sandbox

Resource providers

Below are the resource providers currently allowed. We’re actively expanding our capabilities and will add additional support in 2023.

Supported

  • Microsoft.Authorization/policyDefinitions/read
  • Microsoft.Authorization/policyDefinitions/write
  • Microsoft.Cdn
  • Microsoft.CognitiveServices
  • Microsoft.Compute
  • Microsoft.ContainerInstance
  • Microsoft.ContainerRegistry
  • Microsoft.ContainerService
  • Microsoft.Databricks
  • Microsoft.DevTestLab
  • Microsoft.DocumentDB
  • Microsoft.EventHub
  • Microsoft.HDInsight
  • Microsoft.KeyVault
  • Microsoft.ManagedIdentity
  • Microsoft.Network
  • Microsoft.OperationalInsights
  • Microsoft.OperationsManagement
  • Microsoft.PolicyInsights
  • Microsoft.ServiceBus
  • Microsoft.Sql
  • Microsoft.Storage
  • Microsoft.Synapse
  • Microsoft.Web

Note: If the resource provider isn’t explicitly stated in this list, it isn’t currently supported. See Azure’s documentation matching resource providers to services for more information.

Locations

  • Allowed locations: westus and eastus

App service plan

  • Allowed free and shared, basic, and standard services plans (docs)
    • SKU names: F1, D1, B1, B2, B3, S1, S2, S3

Virtual machines

  • Allowed general-purpose VMs with vCPU ≤ 8 and memoryGB ≤ 32 (docs)
    • Sizes: B, Dsv3, Dv3, Dasv4, Dav4, DSv2, Dv2, Av2, DC, DCv2, Dv4, Dsv4, Ddv4, Ddsv4, Dv5, Dsv5, Ddv5, Ddsv5, Dasv5, Dadsv5

Cognitive services

  • Allowed SKUs: F0, S0, S1, S2

Databricks

  • Allowed standard workspaces

Elasticpools

  • Allowed basic, standard tiers

Microsoft SQL

  • Allowed SKUs (requestedServiceObjectiveName): Free, Basic, S0, S1, S2, S3, S4, S6, S7, S9, S12, DW100c, DW200c

Synapse Big Data Pools

  • Allowed nodesizes: small and medium

Virtual machine scale sets

  • Allowed general-purpose VMs with vCPU ≤ 8 and memoryGB ≤ 32 (docs)
    • Sizes: B, Dsv3, Dv3, Dasv4, Dav4, DSv2, Dv2, Av2, DC, DCv2, Dv4, Dsv4, Ddv4, Ddsv4, Dv5, Dsv5, Ddv5, Ddsv5, Dasv5, Dadsv5