메뉴
Amazon Web Services
일반 참조 (Version 1.0)

Amazon 리소스 이름(ARN) 및 AWS 서비스 네임스페이스

Amazon 리소스 이름(ARN)은 AWS 리소스를 고유하게 식별합니다. IAM 정책, Amazon Relational Database Service(Amazon RDS) 태그 및 API 호출과 같은 모든 AWS에서 리소스를 명료하게 지정해야 하는 경우 ARN이 필요합니다.

ARN 형식

몇 가지 ARN이 아래에 예시되어 있습니다.

Copy
<!-- Elastic Beanstalk application version --> arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment <!-- IAM user name --> arn:aws:iam::123456789012:user/David <!-- Amazon RDS instance used for tagging --> arn:aws:rds:eu-west-1:123456789012:db:mysql-db <!-- Object in an Amazon S3 bucket --> arn:aws:s3:::my_corporate_bucket/exampleobject.png

다음은 ARN에 대한 일반적인 형식입니다. 사용되는 특정 구성 요소와 값은 AWS 서비스에 따라 달라집니다.

Copy
arn:partition:service:region:account-id:resource arn:partition:service:region:account-id:resourcetype/resource arn:partition:service:region:account-id:resourcetype:resource
partition

리소스가 있는 파티션. 표준 AWS 리전에서 파티션은 aws입니다. 리소스가 다른 파티션에 있는 경우 파티션은 aws-partitionname입니다. 예를 들어 중국(베이징) 리전에 있는 리소스의 파티션은 aws-cn입니다.

service

AWS 제품(예: Amazon S3, IAM 또는 Amazon RDS)을 식별하는 서비스 네임스페이스입니다. 네임스페이스 목록은 AWS 서비스 네임스페이스 단원을 참조하십시오.

region

리소스가 상주하는 리전입니다. 일부 리소스의 ARN에는 리전이 필요하지 않으므로 이 구성 요소는 생략될 수 있습니다.

account

리소스를 소유하는 AWS 계정의 ID이며 하이픈은 제외합니다(예: 123456789012). 일부 리소스의 ARN에는 계정 번호가 필요하지 않으므로 이 구성 요소는 생략될 수 있습니다.

resource, resourcetype:resource 또는 resourcetype/resource

이 ARN 부분의 내용은 서비스별로 다릅니다. 주로 리소스 유형(예: IAM 사용자 또는 Amazon RDS 데이터베이스) 표시기를 포함하고 그 뒤에 슬래시(/) 또는 콜론(:)이 오고 그 뒤에 리소스 이름이 옵니다. ARN의 경로에 설명된 대로 일부 서비스에서는 리소스 이름에 대한 경로를 허용합니다.

예제 ARN

다음 단원에서는 다양한 서비스에 대한 ARN 구문과 예제를 제공합니다. 특정 AWS 서비스에서 ARN을 사용하는 방법에 대한 자세한 내용은 해당 서비스의 설명서를 참조하십시오.

일부 서비스에서는 IAM 리소스 수준 권한을 지원합니다. 자세한 내용은 IAM으로 작업하는 AWS 서비스를 참조하십시오.

Amazon API Gateway

구문:

Copy
arn:aws:apigateway:region::resource-path arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path

예:

Copy
arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*

AWS Artifact

구문:

Copy
arn:aws:artifact:::report-package/document-type/report-type

예:

Copy
arn:aws:artifact:::report-package/Certifications and Attestations/SOC/* arn:aws:artifact:::report-package/Certifications and Attestations/ISO/* arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Auto Scaling

구문:

Copy
arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyname/policyfriendlyname arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

예:

Copy
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

AWS Certificate Manager

구문:

Copy
arn:aws:acm:region:account-id:certificate/certificate-id

예:

Copy
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

Amazon Cloud Directory

구문:

Copy
arn:aws:clouddirectory:region:account-id:directory/directoryID

예:

Copy
arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

AWS CloudFormation

구문:

Copy
arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
Copy
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

예:

Copy
arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
Copy
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudSearch

구문:

Copy
arn:aws:cloudsearch:region:account-id:domain/domainname

예:

Copy
arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

구문:

Copy
arn:aws:cloudtrail:region:account-id:trail/trailname

예:

Copy
arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch 이벤트

구문:

Copy
arn:aws:events:region:*:*

예:

Copy
arn:aws:events:us-east-1:*:* arn:aws:events:us-east-1:123456789012:* arn:aws:events:us-east-1:123456789012:rule/my-rule

Amazon CloudWatch Logs

구문:

Copy
arn:aws:logs:region:*:*

예:

Copy
arn:aws:logs:us-east-1:*:* arn:aws:logs:us-east-1:123456789012:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*

AWS CodeBuild

구문:

Copy
arn:aws:codebuild:region:account-id:resourcetype/resource

예:

Copy
arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

구문:

Copy
arn:aws:codecommit:region:account-id:resource-specifier

예:

Copy
arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

구문:

Copy
arn:aws:codedeploy:region:account-id:resource-type:resource-specifier arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

예:

Copy
arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

Amazon Cognito 사용자 풀

구문:

Copy
arn:aws:cognito-idp:region:account-id:userpool/user-pool-id

예:

Copy
arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito 연동 자격 증명

구문:

Copy
arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id

예:

Copy
arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito Sync

구문:

Copy
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
Copy
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
Copy
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name

예:

Copy
arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

AWS Config

구문:

Copy
arn:aws:config:region:account-id:config-rule/config-rule-id

예:

Copy
arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan

AWS CodePipeline

구문:

Copy
arn:aws:codepipeline:region:account-id:resource-specifier

예:

Copy
arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS CodeStar

구문:

Copy
arn:aws:codestar:region:account-id:resource-specifier

예:

Copy
arn:aws:codestar:us-east-1:123456789012:my-first-projec

AWS Direct Connect

구문:

Copy
arn:aws:directconnect:region:account-id:dxcon/connection-id arn:aws:directconnect:region:account-id:dxlag/lag-id arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id

예:

Copy
arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048 arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x

AWS Directory Service

구문:

Copy
arn:aws:ds:region:account-id:directory/directoryId

예:

Copy
arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

Amazon DynamoDB

구문:

Copy
arn:aws:dynamodb:region:account-id:table/tablename

예:

Copy
arn:aws:dynamodb:us-east-1:123456789012:table/books_table

Amazon EC2 Container Registry(Amazon ECR)

구문:

Copy
arn:aws:ecr:region:account-id:repository/repository-name

예:

Copy
arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon EC2 Container Service(Amazon ECS)

구문:

Copy
arn:aws:ecs:region:account-id:cluster/cluster-name arn:aws:ecs:region:account-id:container-instance/container-instance-id arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number arn:aws:ecs:region:account-id:service/service-name arn:aws:ecs:region:account-id:task/task-id arn:aws:ecs:region:account-id:container/container-id

예:

Copy
arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster arn:aws:ecs:us-east-1:123456789012:container-instance/403125b0-555c-4473-86b5-65982db28a6d arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8 arn:aws:ecs:us-east-1:123456789012:service/sample-webapp arn:aws:ecs:us-east-1:123456789012:task/1abf0f6d-a411-4033-b8eb-a4eed3ad252a arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic Compute Cloud(Amazon EC2)

구문:

Copy
arn:aws:ec2:region:account-id:customer-gateway/cgw-id arn:aws:ec2:region:account-id:dedicated-host/host_id arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id arn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-id arn:aws:ec2:region::image/image-id arn:aws:ec2:region:account-id:instance/instance-id arn:aws:iam::account:instance-profile/instance-profile-name arn:aws:ec2:region:account-id:internet-gateway/igw-id arn:aws:ec2:region:account-id:key-pair/key-pair-name arn:aws:ec2:region:account-id:natgateway/natgateway-id arn:aws:ec2:region:account-id:network-acl/nacl-id arn:aws:ec2:region:account-id:network-interface/eni-id arn:aws:ec2:region:account-id:placement-group/placement-group-name arn:aws:ec2:region:account-id:reserved-instance/reservation-id arn:aws:ec2:region:account-id:route-table/route-table-id arn:aws:ec2:region:account-id:security-group/security-group-id arn:aws:ec2:region:account-id:snapshot/snapshot-id arn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-id arn:aws:ec2:region:account-id:subnet/subnet-id arn:aws:ec2:region:account-id:volume/volume-id arn:aws:ec2:region:account-id:vpc/vpc-id arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id arn:aws:ec2:region:account-id:vpn-connection/vpn-id arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

예:

Copy
arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678 arn:aws:ec2:us-east-1::image/ami-1a2b3c4d arn:aws:ec2:us-east-1:123456789012:instance/* arn:aws:ec2:us-east-1:123456789012:volume/* arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

AWS Elastic Beanstalk

구문:

Copy
arn:aws:elasticbeanstalk:region:account-id:application/applicationname arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

예:

Copy
arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7 arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic File System

구문:

Copy
arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

예:

Copy
arn:aws:elasticfilesystem:us-east-1:123456789012:file-system-id/fs12345678

Elastic Load Balancing (Application Load Balancer)

구문:

Copy
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

예:

Copy
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

구문:

Copy
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

예:

Copy
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

구문:

Copy
arn:aws:elastictranscoder:region:account-id:resource/id

예:

Copy
arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

구문:

Copy
arn:aws:elasticache:region:account-id:resourcetype:resourcename

예:

Copy
arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

구문:

Copy
arn:aws:es:region:account-id:domain/domain-name

예:

Copy
arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon Glacier

구문:

Copy
arn:aws:glacier:region:account-id:vaults/vaultname

예:

Copy
arn:aws:glacier:us-east-1:123456789012:vaults/examplevault arn:aws:glacier:us-east-1:123456789012:vaults/example* arn:aws:glacier:us-east-1:123456789012:vaults/*

AWS Health / Personal Health Dashboard

구문:

Copy
arn:aws:health:region::event/event-id arn:aws:health:region:account-id:entity/entity-id

예:

Copy
arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management(IAM)

구문:

Copy
arn:aws:iam::account-id:root arn:aws:iam::account-id:user/user-name arn:aws:iam::account-id:group/group-name arn:aws:iam::account-id:role/role-name arn:aws:iam::account-id:policy/policy-name arn:aws:iam::account-id:instance-profile/instance-profile-name arn:aws:sts::account-id:federated-user/user-name arn:aws:sts::account-id:assumed-role/role-name/role-session-name arn:aws:iam::account-id:mfa/virtual-device-name arn:aws:iam::account-id:server-certificate/certificate-name arn:aws:iam::account-id:saml-provider/provider-name arn:aws:iam::account-id:oidc-provider/provider-name

예:

Copy
arn:aws:iam::123456789012:root arn:aws:iam::123456789012:user/Bob arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob arn:aws:iam::123456789012:group/Developers arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws:iam::123456789012:role/S3Access arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access arn:aws:iam::123456789012:policy/UsersManageOwnCredentials arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials arn:aws:iam::123456789012:instance-profile/Webserver arn:aws:sts::123456789012:federated-user/Bob arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary arn:aws:iam::123456789012:mfa/BobJonesMFA arn:aws:iam::123456789012:server-certificate/ProdServerCert arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert arn:aws:iam::123456789012:saml-provider/ADFSProvider arn:aws:iam::123456789012:oidc-provider/GoogleProvider

IAM ARN에 대한 자세한 내용은 IAM 사용 설명서IAM ARN을 참조하십시오.

AWS IoT

구문:

Copy
arn:aws:iot:your-region:account-id:cert/cert-ID arn:aws:iot:your-region:account-id:policy/policy-name arn:aws:iot:your-region:account-id:rule/rule-name arn:aws:iot:your-region:account-id:client/client-id/rule-name

예:

Copy
arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7 arn:aws:iot:123456789012:policy/MyIoTPolicy arn:aws:iot:your-region:123456789012:rule/MyIoTRule arn:aws:iot:your-region:123456789012:client/client101

AWS Key Management Service(AWS KMS)

구문:

Copy
arn:aws:kms:region:account-id:key/key-id arn:aws:kms:region:account-id:alias/alias

예:

Copy
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Firehose(Kinesis Firehose)

구문:

Copy
arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

예:

Copy
arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Streams(Kinesis Streams)

구문:

Copy
arn:aws:kinesis:region:account-id:stream/stream-name

예:

Copy
arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name

AWS Lambda(Lambda)

구문:

Copy
arn:aws:lambda:region:account-id:function:function-name arn:aws:lambda:region:account-id:function:function-name:alias-name arn:aws:lambda:region:account-id:function:function-name:version arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

예:

Copy
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0 arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Machine Learning(Amazon ML)

구문:

Copy
arn:aws:machinelearning:region:account-id:datasource/datasourceID arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID arn:aws:machinelearning:region:account-id:evaluation/evaluationID

예:

Copy
arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1 arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

AWS Organizations

구문:

Copy
arn:aws:organizations:region:master-account-id:organization/o-organization-id arn:aws:organizations:region:master-account-id:root/o-organization-id/r-root-id arn:aws:organizations:region:master-account-id:account/o-organization-id/account-id arn:aws:organizations:region:master-account-id:ou/o-organization-id/r-root-id/ou-organizational-unit-id arn:aws:organizations:region:master-account-id:policy/o-organization-id/policy-type/p-policy-id arn:aws:organizations:region:master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id

예:

Copy
arn:aws:organizations:us-east-1:123456789012:organization/o-a1b2c3d4e5example arn:aws:organizations:us-east-1:123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example arn:aws:organizations:us-east-1:123456789012:account/o-a1b2c3d4e5/123456789012 arn:aws:organizations:us-east-1:123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example arn:aws:organizations:us-east-1:123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example arn:aws:organizations:us-east-1:123456789012:handshake/o-a1b2c3d4e5/h-u2v4w5x8y0example

AWS Mobile Hub

구문:

Copy
arn:aws:mobilehub:region:account-id:project/projectID

예:

Copy
arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc

Amazon Polly

구문:

Copy
arn:aws:polly:region:account-id:lexicon/LexiconName

예:

Copy
arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

구문:

Copy
arn:aws:redshift:region:account-id:cluster:cluster-name arn:aws:redshift:region:account-id:dbname:cluster-name/database-name arn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-name arn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-name arn:aws:redshift:region:account-id:parametergroup:parameter-group-name arn:aws:redshift:region:account-id:securitygroup:security-group-name arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name

예:

Copy
arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807 arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10

Amazon Relational Database Service(Amazon RDS)

ARN은 DB 인스턴스에 대한 태그를 포함하는 경우에만 Amazon RDS에서 사용됩니다. 자세한 내용은 Amazon Relational Database Service 사용 설명서DB 인스턴스 태그 지정을 참조하십시오.

구문:

Copy
arn:aws:rds:region:account-id:db:db-instance-name arn:aws:rds:region:account-id:snapshot:snapshot-name arn:aws:rds:region:account-id:cluster:db-cluster-name arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name arn:aws:rds:region:account-id:og:option-group-name arn:aws:rds:region:account-id:pg:parameter-group-name arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name arn:aws:rds:region:account-id:secgrp:security-group-name arn:aws:rds:region:account-id:subgrp:subnet-group-name arn:aws:rds:region:account-id:es:subscription-name

예:

Copy
arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1 arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2 arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1 arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7 arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1 arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1 arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3 arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2 arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1 arn:aws:rds:us-east-1:123456789012:es:monitor-events2

Amazon Route 53

구문:

Copy
arn:aws:route53:::hostedzone/zoneid arn:aws:route53:::change/changeid

Amazon Route 53에서는 ARN에 계정 번호 또는 리전을 요구하지 않습니다.

예:

Copy
arn:aws:route53:::hostedzone/Z148QEXAMPLE8V arn:aws:route53:::change/C2RDJ5EXAMPLE2 arn:aws:route53:::change/*

Amazon EC2 Systems Manager(SSM)

구문:

Copy
arn:aws:ssm:region:account-id:document/document_name arn:aws:ssm:region:account-id:parameter/parameter_name arn:aws:ssm:region:account-id:patchbaseline/baseline_id arn:aws:ssm:region:account-id:maintenancewindow/window_id arn:aws:ssm:region:account-id:automation-execution/execution_id arn:aws:ssm:region:account-id:automation-Activity/activity_name arn:aws:ssm:region:account-id:automation-definition/definitionName:version arn:aws:ssm:region:account-id:managed-instance/instance_id arn:aws:ssm:region:account-id:managed-instance-inventory/instance_id

예:

Copy
arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567 arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567 arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1 arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567 arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661

Amazon Simple Notification Service(Amazon SNS)

구문:

Copy
arn:aws:sns:region:account-id:topicname arn:aws:sns:region:account-id:topicname:subscriptionid

예:

Copy
arn:aws:sns:*:123456789012:my_corporate_topic arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service(Amazon SQS)

구문:

Copy
arn:aws:sqs:region:account-id:queuename

예:

Copy
arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service(Amazon S3)

구문:

Copy
arn:aws:s3:::bucket_name arn:aws:s3:::bucket_name/key_name

참고

Amazon S3에서는 ARN에 계정 번호나 리전을 요구하지 않습니다. 정책에 대한 ARN을 지정할 경우 ARN의 상대 ID 부분에 와일드카드 "*" 문자를 사용할 수도 있습니다.

예:

Copy
arn:aws:s3:::my_corporate_bucket arn:aws:s3:::my_corporate_bucket/exampleobject.png arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

자세한 내용은 Amazon Simple Storage Service 개발자 가이드정책에서 리소스 지정을 참조하십시오.

Amazon Simple Workflow Service(Amazon SWF)

구문:

Copy
arn:aws:swf:region:account-id:/domain/domain_name

예:

Copy
arn:aws:swf:us-east-1:123456789012:/domain/department1 arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

구문:

Copy
arn:aws:states:region:account-id:activity:activityName arn:aws:states:region:account-id:stateMachine:stateMachineName arn:aws:states:region:account-id:execution:stateMachineName:executionName

예:

Copy
arn:aws:states:us-east-1:123456789012:activity:HelloActivity arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

구문:

Copy
arn:aws:storagegateway:region:account-id:gateway/gateway-id arn:aws:storagegateway:region:account-id:share/share-id arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:region:account-id:tape/tapebarcode arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

예:

Copy
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572 arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

참고

각 AWS Storage Gateway 리소스에 대해 와일드카드(*)를 지정할 수 있습니다.

AWS Trusted Advisor

구문:

Copy
arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

예:

Copy
arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

구문, WAF Global(CloudFront에 사용):

Copy
arn:aws:waf::account-id:resource-type/resource-id

구문, WAF Regional(Application Load Balancer에 사용):

Copy
arn:aws:waf-regional::account-id:resource-type/resource-id

예:

Copy
arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4 arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4

ARN의 경로

일부 서비스에서는 리소스 이름에 대한 경로를 지정할 수 있습니다. 예를 들어, Amazon S3에서 리소스 식별자는 슬래시(/)를 포함하여 경로를 구성할 수 있는 객체 이름입니다. 마찬가지로, IAM 사용자 이름과 그룹 이름에 경로를 포함할 수 있습니다.

경로에 와일드카드 문자 즉, 별표(*)를 포함할 수 있는 경우도 있습니다. 예를 들어, IAM 정책을 작성 중이고 Resource 요소에서 product_1234 경로를 가진 모든 IAM 사용자를 지정하려면 다음과 같은 와일드카드를 사용할 수 있습니다.

Copy
arn:aws:iam::123456789012:user/Development/product_1234/*

마찬가지로 IAM 정책의 Resource 요소에서 ARN의 맨 끝에 다음 예제와 같이 모든 사용자를 의미하는 user/* 또는 모든 그룹을 의미하는 group/*을 지정할 수 있습니다.

Copy
"Resource":"arn:aws:iam::123456789012:user/*" "Resource":"arn:aws:iam::123456789012:group/*"

리소스 기반 정책 또는 역할 신뢰 정책의 Principal 요소에서는 와일드카드를 사용하여 모든 사용자를 지정할 수 없습니다. 그룹은 정책에서 원칙적으로 지원되지 않습니다.

다음 예에서는 리소스 이름에 경로를 포함하는 Amazon S3 버킷용 ARN을 보여줍니다.

Copy
arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

리소스 유형을 지정하는 ARN 부분에 와일드카드를 사용할 수 없습니다(예: IAM ARN의 user 용어).

다음은 허용되지 않습니다.

arn:aws:iam::123456789012:u*

AWS 서비스 네임스페이스

AWS IAM 정책을 생성하거나 Amazon 리소스 이름(ARN)으로 작업할 경우 네임스페이스를 사용하여 AWS 서비스를 식별합니다. 예를 들어, Amazon S3의 네임스페이스는 s3이고 Amazon EC2의 네임스페이스는 ec2입니다. 작업 및 리소스를 식별할 때 네임스페이스를 사용합니다.

다음 예에서는 Action 요소의 값과 ResourceCondition 요소의 값에서 네임스페이스를 사용하여 작업 및 리소스에 대한 서비스를 식별하는 IAM 정책을 보여줍니다.

Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": [ "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*", "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*", "arn:aws:ec2:us-west-2::image/*", "arn:aws:ec2:us-west-2:123456789012:instance/*", "arn:aws:iam::123456789012:instance-profile/*", "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*", "arn:aws:ec2:us-west-2:123456789012:key-pair/*", "arn:aws:ec2:us-west-2:123456789012:network-acl/*", "arn:aws:ec2:us-west-2:123456789012:network-interface/*", "arn:aws:ec2:us-west-2:123456789012:placement-group/*", "arn:aws:ec2:us-west-2:123456789012:route-table/*", "arn:aws:ec2:us-west-2:123456789012:security-group/*", "arn:aws:ec2:us-west-2::snapshot/*", "arn:aws:ec2:us-west-2:123456789012:subnet/*", "arn:aws:ec2:us-west-2:123456789012:volume/*", "arn:aws:ec2:us-west-2:123456789012:vpc/*", "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example_bucket/marketing/*" }, { "Effect": "Allow", "Action": "s3:ListBucket*", "Resource": "arn:aws:s3:::example_bucket", "Condition": {"StringLike": {"s3:prefix": "marketing/*"}} } ] }

다음 표는 각 AWS 서비스에 대한 네임스페이스를 포함합니다.

서비스 네임스페이스
API 게이트웨이 apigateway
Amazon AppStream appstream
AWS Artifact artifact
Auto Scaling autoscaling
AWS Billing and Cost Management aws-portal
AWS Certificate Manager(ACM) acm
Amazon Cloud Directory clouddirectory
AWS CloudFormation cloudformation
Amazon CloudFront cloudfront
AWS CloudHSM cloudhsm
Amazon CloudSearch cloudsearch
AWS CloudTrail cloudtrail
Amazon CloudWatch cloudwatch
Amazon CloudWatch Events events
Amazon CloudWatch Logs logs
AWS CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS CodeStar codestar
Amazon Cognito 사용자 풀 cognito-idp
Amazon Cognito 연동 자격 증명 cognito-identity
Amazon Cognito Sync cognito-sync
AWS Config config
AWS Data Pipeline datapipeline
AWS Database Migration Service(AWS DMS) dms
AWS Device Farm devicefarm
AWS Direct Connect directconnect
AWS Directory Service ds
Amazon DynamoDB dynamodb
Amazon Elastic Compute Cloud(Amazon EC2) ec2
Amazon EC2 Container Registry(Amazon ECR) ecr
Amazon EC2 Container Service(Amazon ECS) ecs
Amazon EC2 Systems Manager(SSM) ssm
AWS Elastic Beanstalk elasticbeanstalk
Amazon EFS(Amazon Elastic File System) elasticfilesystem
Elastic Load Balancing elasticloadbalancing
Amazon EMR elasticmapreduce
Amazon Elastic Transcoder elastictranscoder
Amazon ElastiCache elasticache
Amazon Elasticsearch Service(Amazon ES) es
Amazon GameLift gamelift
Amazon Glacier glacier
AWS Glue glue
AWS Health / Personal Health Dashboard health
AWS Identity and Access Management(IAM) iam
AWS Import/Export importexport
Amazon Inspector inspector
AWS IoT iot
AWS Key Management Service(AWS KMS) kms
Amazon Kinesis Analytics kinesisanalytics
Amazon Kinesis Firehose firehose
Amazon Kinesis Streams kinesis
AWS Lambda lambda
Amazon Lightsail lightsail
Amazon Machine Learning machinelearning
AWS Marketplace aws-marketplace
AWS Marketplace Management Portal aws-marketplace-management
Amazon Mobile Analytics mobileanalytics
AWS Mobile Hub mobilehub
AWS OpsWorks opsworks
AWS OpsWorks for Chef Automate opsworks-cm
AWS Organizations organizations
Amazon Polly polly
Amazon Redshift redshift
Amazon Relational Database Service(Amazon RDS) rds
Amazon Route 53 route53
Amazon Route 53 도메인 route53domains
AWS Security Token Service(AWS STS) sts
AWS Service Catalog servicecatalog
Amazon Simple Email Service(Amazon SES) ses
Amazon Simple Notification Service(Amazon SNS) sns
Amazon Simple Queue Service(Amazon SQS) sqs
Amazon Simple Storage Service(Amazon S3) s3
Amazon Simple Workflow Service(Amazon SWF) swf
Amazon SimpleDB sdb
AWS Step Functions states
AWS Storage Gateway storagegateway
AWS Support support
AWS Trusted Advisor trustedadvisor
Amazon Virtual Private Cloud(Amazon VPC) ec2
AWS WAF waf
Amazon WorkDocs workdocs
Amazon WorkMail workmail
Amazon WorkSpaces workspaces