Menu
Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Working with Amazon Resource Names (ARNs) in Amazon RDS

Resources created in Amazon Web Services are each uniquely identified with an Amazon Resource Name (ARN). For certain Amazon Relational Database Service (Amazon RDS) operations, you need to uniquely identify an Amazon RDS resource by specifying its ARN. For example, to add metadata to an Amazon RDS resource, you must supply the ARN for that Amazon RDS resource. Similarly, when you create an RDS DB instance Read Replica, you need to supply the ARN for the source DB instance.

The following sections describe how you can construct a new ARN or get an existing ARN.

Constructing a New ARN for Amazon RDS

Resources created in Amazon Web Services are each uniquely identified with an Amazon Resource Name (ARN). You can construct an ARN for an Amazon RDS resource using the following syntax.

arn:aws:rds:<region>:<account number>:<resourcetype>:<name>

In this syntax, the indicated items have these meanings:

  • <region> is the ID of the AWS Region where the Amazon RDS resource was created, such as us-west-2.

  • <account number> is your account number with dashes omitted. To find your account number, sign in to your AWS account at http:///aws.amazon.com, choose My Account/Console, and then My Account.

  • <resourcetype> is the type of Amazon RDS resource, for example a DB instance or cluster.

  • <name> is the resource identifier for the Amazon RDS resource.

The following table shows AWS Region names, the Region ID name you should use when constructing an ARN, and the region endpoints for reference.

Region Name Endpoint
US East (N. Virginia) Region us-east-1 https://rds.us-east-1.amazonaws.com
US East (Ohio) Region us-east-2 https://rds.us-east-2.amazonaws.com
US West (N. California) Region us-west-1 https://rds.us-west-1.amazonaws.com
US West (Oregon) Region us-west-2 https://rds.us-west-2.amazonaws.com
Asia Pacific (Mumbai) Region ap-south-1 https://rds.ap-south-1.amazonaws.com
Asia Pacific (Seoul) Region ap-northeast-2 https://rds.ap-northeast-2.amazonaws.com
Asia Pacific (Singapore) Region ap-southeast-1 https://rds.ap-southeast-1.amazonaws.com
Asia Pacific (Sydney) Region ap-southeast-2 https://rds.ap-southeast-2.amazonaws.com
Asia Pacific (Tokyo) Region ap-northeast-1 https://rds.ap-northeast-1.amazonaws.com
Canada (Central) Region ca-central-1 https://rds.ca-central-1.amazonaws.com
China (Beijing) Region cn-north-1 https://rds.cn-north-1.amazonaws.com.cn
EU (Frankfurt) Region eu-central-1 https://rds.eu-central-1.amazonaws.com
EU (Ireland) Region eu-west-1 https://rds.eu-west-1.amazonaws.com
EU (London) Region eu-west-2 https://rds.eu-west-2.amazonaws.com
South America (São Paulo) Region sa-east-1 https://rds.sa-east-1.amazonaws.com
AWS GovCloud (US) us-gov-west-1 https://rds.us-gov-west-1.amazonaws.com

The following table shows the format you should use when constructing an ARN for a particular Amazon RDS resource type.

Resource Type ARN Format
DB instance arn:aws:rds:<region>:<account>:db:<dbinstance name>
DB cluster arn:aws:rds:<region>:<account>:cluster:<dbcluster name>
Event subscription arn:aws:rds:<region>:<account>:es:<subscription name>
DB option group arn:aws:rds:<region>:<account>:og:<option group name>
DB parameter group arn:aws:rds:<region>:<account>:pg:<parameter group name>
DB cluster parameter group arn:aws:rds:<region>:<account>:cluster-pg:<cluster parameter group name>
Reserved DB instance arn:aws:rds:<region>:<account>:ri:<reserve instance name>
DB security group arn:aws:rds:<region>:<account>:secgrp:<security group name>
DB snapshot arn:aws:rds:<region>:<account>:snapshot:<snapshot name>
DB cluster snapshot arn:aws:rds:<region>:<account>:cluster-snapshot:<snapshot name>
DB subnet group arn:aws:rds:<region>:<account>:subgrp:<subnet group name>

The following table shows examples of ARNs for RDS resources with an AWS account of 123456789012, which were created in the US East (N. Virginia) region:

Resource Type Sample ARN
DB instance arn:aws:rds:us-east-1:123456789012:db:my-mysql-instance
DB cluster arn:aws:rds:us-east-1:123456789012:cluster:my-aurora-cluster
Event subscription arn:aws:rds:us-east-1:123456789012:es:my-subscription
DB option group arn:aws:rds:us-east-1:123456789012:og:my-option-group-oracle-tde
DB parameter group arn:aws:rds:us-east-1:123456789012:pg:my-param-enable-logs
DB cluster parameter group arn:aws:rds:us-east-1:123456789012:cluster-pg:my-cluster-param-timezone
Reserved DB instance arn:aws:rds:us-east-1:123456789012:ri:my-reserved-multiaz
DB security group arn:aws:rds:us-east-1:123456789012:secgrp:my-public
DB snapshot arn:aws:rds:us-east-1:123456789012:snapshot:my-mysql-snap-20130507
DB cluster snapshot arn:aws:rds:us-east-1:123456789012:cluster-snapshot:my-aurora-snap-20160407
DB subnet group arn:aws:rds:us-east-1:123456789012:subgrp:my-subnet-10

Getting an Existing ARN

Resources created in Amazon Web Services are each uniquely identified with an Amazon Resource Name (ARN). You can get an ARN for an RDS resource by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or RDS API.

AWS Management Console

You can get an Amazon Resource Name (ARN) from the AWS Management Console for the following resources:

To get an ARN from the AWS Management Console, navigate to the resource you want an ARN for, and choose See Details for that resource. For example, you can get the ARN for a DB instance from the Configuration Details page as shown following.


    				DB instance ARN

AWS CLI

To get an ARN from the AWS CLI for a particular RDS resource, you use the describe command for that resource. The following table shows each RDS CLI command, and the ARN property used with the command to get an ARN.

RDS CLI Command ARN Property
describe-event-subscriptions EventSubscriptionArn
describe-certificates CertificateArn
describe-db-parameter-groups DBParameterGroupArn
describe-db-cluster-parameter-groups DBClusterParameterGroupArn
describe-db-instances DBInstanceArn
describe-db-security-groups DBSecurityGroupArn
describe-db-snapshots DBSnapshotArn
describe-events SourceArn
describe-reserved-db-instances ReservedDBInstanceArn
describe-db-subnet-groups DBSubnetGroupArn
describe-option-groups OptionGroupArn
describe-db-clusters DBClusterArn
describe-db-cluster-snapshots DBClusterSnapshotArn

For example, the following AWS CLI command gets the ARN for a DB instance.

Example

For Linux, OS X, or Unix:

Copy
aws rds describe-db-instances \ --db-instance-identifier DBInstanceIdentifier \ --region us-west-2

For Windows:

Copy
aws rds describe-db-instances ^ --db-instance-identifier DBInstanceIdentifier ^ --region us-west-2

API

To get an ARN for a particular RDS resource, you can call the following RDS API actions and use the ARN properties shown following.

RDS CLI Command ARN Property
DescribeEventSubscriptions EventSubscriptionArn
DescribeCertificates CertificateArn
DescribeDBParameterGroups DBParameterGroupArn
DescribeDBClusterParameterGroups DBClusterParameterGroupArn
DescribeDBInstances DBInstanceArn
DescribeDBSecurityGroups DBSecurityGroupArn
DescribeDBSnapshots DBSnapshotArn
DescribeEvents SourceArn
DescribeReservedDBInstances ReservedDBInstanceArn
DescribeDBSubnetGroups DBSubnetGroupArn
DescribeOptionGroups OptionGroupArn
DescribeDBClusters DBClusterArn
DescribeDBClusterSnapshots DBClusterSnapshotArn

Related Topics