AWS Toolkit for Visual Studio Endpoints Amazon Q plugin endpoints Amazon Q Developer endpoints Amazon Q Code Transform Endpoints Authentication endpoints Identity Endpoints Telemetry References

Updating firewalls and gateways to allow access

If you filter access to specific AWS domains or URL endpoints by using a web-content filtering solution, the following endpoints must be allow listed in order to access all of the services and features available through the AWS Toolkit for Visual Studio and Amazon Q. For detailed steps on how to troubleshoot firewall and proxy settings for the AWS Toolkit with Amazon Q, see the Firewall and proxy settings section in the Troubleshooting topic in this User Guide.

AWS Toolkit for Visual Studio Endpoints

The following are lists of AWS Toolkit for Visual Studio specific endpoints and references that need to be allow listed.

Endpoints



https://idetoolkits-hostedfiles.amazonaws.com/*
https://idetoolkits.amazonwebservices.com/*
http://vstoolkit.amazonwebservices.com/*
https://aws-vs-toolkit.s3.amazonaws.com/*
https://raw.githubusercontent.com/aws/aws-toolkit-visual-studio/main/version.json
https://aws-toolkit-language-servers.amazonaws.com/*

Amazon Q plugin endpoints

The following is a list of Amazon Q plugin specific endpoints and references that need to be allow listed.



https://idetoolkits-hostedfiles.amazonaws.com/*    (Plugin for configs)
https://idetoolkits.amazonwebservices.com/*   (Plugin for endpoints)
https://aws-toolkit-language-servers.amazonaws.com/*  (Language Server Process)
https://client-telemetry.us-east-1.amazonaws.com/ (Telemetry)                
https://cognito-identity.us-east-1.amazonaws.com    (Telemetry)
https://aws-language-servers.us-east-1.amazonaws.com (Language Server Process)

Amazon Q Developer endpoints

The following is a list of Amazon Q Developer specific endpoints and references that need to be allow listed.



https://codewhisperer.us-east-1.amazonaws.com (Inline,Chat, QSDA,...)
https://q.us-east-1.amazonaws.com (Inline,Chat, QSDA....)
https://desktop-release.codewhisperer.us-east-1.amazonaws.com/ (Download URL for CLI.)
https://specs.q.us-east-1.amazonaws.com (URL for auto-complete specs used by CLI)
* aws-language-servers.us-east-1.amazonaws.com (Local Workspace context)

Amazon Q Code Transform Endpoints

The following is a list of Amazon Q Code Transform specific endpoints and references that need to be allow listed.



https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html

Authentication endpoints

The following is a list of authentication endpoints and references that need to be allow listed.



[Directory ID or alias].awsapps.com 
* oidc.[Region].amazonaws.com
*.sso.[Region].amazonaws.com
*.sso-portal.[Region].amazonaws.com
*.aws.dev
*.awsstatic.com
*.console.aws.a2z.com
*.sso.amazonaws.com

Identity Endpoints

The following lists contain endpoints that are specific to identity, such as AWS IAM Identity Center and AWS Builder ID.

AWS IAM Identity Center

For details on required endpoints for IAM Identity Center, see the Enable IAM Identity Center topic in the AWS IAM Identity Center User Guide.

Enterprise IAM Identity Center



https://[Center director id].awsapps.com/start (should be permitted to initiate auth)
https://us-east-1.signin.aws (for facilitating authentication, assuming IAM Identity Center is in IAD)
https://oidc.(us-east-1).amazonaws.com
https://log.sso-portal.eu-west-1.amazonaws.com
https://portal.sso.eu-west-1.amazonaws.com

AWS Builder ID



https://view.awsapps.com/start (must be blocked to disable individual tier) 
https://codewhisperer.us-east-1.amazonaws.com and q.us-east-1.amazonaws.com (should be permitted)

Telemetry

The following is a Telemetry specific endpoint that needs to be allow listed.



https://telemetry.aws-language-servers.us-east-1.amazonaws.com/
https://client-telemetry.us-east-1.amazonaws.com

References

The following is a list of endpoint references.



idetoolkits-hostedfiles.amazonaws.com
cognito-identity.us-east-1.amazonaws.com
amazonwebservices.gallery.vsassets.io
eu-west-1.prod.pr.analytics.console.aws.a2z.com
prod.pa.cdn.uis.awsstatic.com
portal.sso.eu-west-1.amazonaws.com
log.sso-portal.eu-west-1.amazonaws.com
prod.assets.shortbread.aws.dev
prod.tools.shortbread.aws.dev
prod.log.shortbread.aws.dev
a.b.cdn.console.awsstatic.com
assets.sso-portal.eu-west-1.amazonaws.com
oidc.eu-west-1.amazonaws.com
aws-toolkit-language-servers.amazonaws.com
aws-language-servers.us-east-1.amazonaws.com
idetoolkits.amazonwebservices.com

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

External credentials

Working with AWS Services