---
title: "AWS Endpoints List"
slug: "aws-endpoints-list"
description: "View the complete list of AWS Metadata and Flow Log endpoints required for Kentik integration. This reference covers necessary permissions for EC2, Direct Connect, ELB, and Network Manager to ensure seamless cloud visibility."
tags: ["AWS Endpoints", "Kentik Access"]
updated: 2026-04-29T13:59:45Z
published: 2026-04-29T13:59:45Z
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.kentik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Endpoints List

As part of AWS [**Metadata**](/v1/docs/metadata-configuration-aws) and [**Flow/Firewall Log Collection**](/v1/docs/flow-firewall-log-collection-configuration), Kentik needs permission to access selected endpoints on your behalf, as detailed in the following lists.

### AWS Metadata Endpoints

#### **EC2**

- `DescribeAvailabilityZones`
- `DescribeCustomerGateways`
- `DescribeFlowLogs`
- `DescribeInternetGateways`
- `DescribeInstances`
- `DescribeNatGateways`
- `DescribeNetworkAcls`
- `DescribeNetworkInterfaces`
- `DescribeManagedPrefixLists`
- `DescribePrefixLists`
- `DescribeRouteTables`
- `DescribeSecurityGroups`
- `DescribeSubnets`
- `DescribeTransitGateways`
- `DescribeTransitGatewayAttachments`
- `DescribeTransitGatewayVpcAttachments`
- `DescribeTransitGatewayRouteTables`
- `DescribeTransitGatewayConnects`
- `DescribeTransitGatewayConnectPeers`
- `DescribeVpcs`
- `DescribeVpcEndpoints`
- `DescribeVpcPeeringConnections`
- `DescribeVpnConnections`
- `DescribeVpnGateways`
- `DescribeManagedPrefixLists`
- `DescribeTransitGatewayRouteTables`
- `SearchTransitGatewayRoutes`
- `GetManagedPrefixListEntries`

#### **Direct Connect**

- `DescribeDirectConnectGateways`
- `DescribeVirtualInterfaces`
- `DescribeLags`
- `DescribeConnections`

#### **ELB**

- `DescribeLoadBalancers`

#### **IAM**

- `ListAccountAliases`

#### **Network Manager** (core network metadata)

- `ListCoreNetworks`
- `GetCoreNetwork`
- `GetCoreNetworkPolicy`
- `ListAttachments`
- `GetNetworkRoutes`

#### **Network Firewall**

- `ListFirewalls`
- `DescribeFirewall`
- `ListFirewallPolicies`
- `DescribeFirewallPolicy`
- `DescribeRuleGroup`

### Optional AWS Endpoints

To optionally get a list of accounts in an AWS organization, Kentik may need to access the following additional endpoints:

#### **Organizations**

- `ListAccounts`

#### **CloudWatch**

- `ListMetrics`
- `GetMetricStatistics`
- `GetMetricData`

#### **STS**

- `AssumeRole`