Working with Amazon Resource Names (ARNs) in Amazon RDS
Resources created in Amazon Web Services are each uniquely identified with an Amazon Resource Name (ARN). For certain Amazon RDS operations, you must uniquely identify an Amazon RDS resource by specifying its ARN. For example, when you create an RDS DB instance read replica, you must supply the ARN for the source DB instance.
Constructing an ARN for Amazon RDS
Resources created in Amazon Web Services are each uniquely identified with an Amazon Resource Name (ARN). You can construct an ARN for an Amazon RDS resource using the following syntax.
arn:aws:rds:
<region>:<account number>:<resourcetype>:<name>
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
rds.us-east-2.amazonaws.com rds-fips.us-east-2.api.aws rds.us-east-2.api.aws rds-fips.us-east-2.amazonaws.com |
HTTPS HTTPS HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
rds.us-east-1.amazonaws.com rds-fips.us-east-1.api.aws rds-fips.us-east-1.amazonaws.com rds.us-east-1.api.aws |
HTTPS HTTPS HTTPS HTTPS |
| US West (N. California) | us-west-1 |
rds.us-west-1.amazonaws.com rds.us-west-1.api.aws rds-fips.us-west-1.amazonaws.com rds-fips.us-west-1.api.aws |
HTTPS HTTPS HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
rds.us-west-2.amazonaws.com rds-fips.us-west-2.amazonaws.com rds.us-west-2.api.aws rds-fips.us-west-2.api.aws |
HTTPS HTTPS HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 |
rds.af-south-1.amazonaws.com rds.af-south-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 |
rds.ap-east-1.amazonaws.com rds.ap-east-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 |
rds.ap-south-2.amazonaws.com rds.ap-south-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 |
rds.ap-southeast-3.amazonaws.com rds.ap-southeast-3.api.aws |
HTTPS HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 |
rds.ap-southeast-4.amazonaws.com rds.ap-southeast-4.api.aws |
HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 |
rds.ap-south-1.amazonaws.com rds.ap-south-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 |
rds.ap-northeast-3.amazonaws.com rds.ap-northeast-3.api.aws |
HTTPS HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 |
rds.ap-northeast-2.amazonaws.com rds.ap-northeast-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 |
rds.ap-southeast-1.amazonaws.com rds.ap-southeast-1.api.aws |
HTTPS HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 |
rds.ap-southeast-2.amazonaws.com rds.ap-southeast-2.api.aws |
HTTPS HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 |
rds.ap-northeast-1.amazonaws.com rds.ap-northeast-1.api.aws |
HTTPS HTTPS |
| Canada (Central) | ca-central-1 |
rds.ca-central-1.amazonaws.com rds.ca-central-1.api.aws rds-fips.ca-central-1.api.aws rds-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 |
rds.eu-central-1.amazonaws.com rds.eu-central-1.api.aws |
HTTPS HTTPS |
| Europe (Ireland) | eu-west-1 |
rds.eu-west-1.amazonaws.com rds.eu-west-1.api.aws |
HTTPS HTTPS |
| Europe (London) | eu-west-2 |
rds.eu-west-2.amazonaws.com rds.eu-west-2.api.aws |
HTTPS HTTPS |
| Europe (Milan) | eu-south-1 |
rds.eu-south-1.amazonaws.com rds.eu-south-1.api.aws |
HTTPS HTTPS |
| Europe (Paris) | eu-west-3 |
rds.eu-west-3.amazonaws.com rds.eu-west-3.api.aws |
HTTPS HTTPS |
| Europe (Spain) | eu-south-2 |
rds.eu-south-2.amazonaws.com rds.eu-south-2.api.aws |
HTTPS HTTPS |
| Europe (Stockholm) | eu-north-1 |
rds.eu-north-1.amazonaws.com rds.eu-north-1.api.aws |
HTTPS HTTPS |
| Europe (Zurich) | eu-central-2 |
rds.eu-central-2.amazonaws.com rds.eu-central-2.api.aws |
HTTPS HTTPS |
| Israel (Tel Aviv) | il-central-1 |
rds.il-central-1.amazonaws.com rds.il-central-1.api.aws |
HTTPS HTTPS |
| Middle East (Bahrain) | me-south-1 |
rds.me-south-1.amazonaws.com rds.me-south-1.api.aws |
HTTPS HTTPS |
| Middle East (UAE) | me-central-1 |
rds.me-central-1.amazonaws.com rds.me-central-1.api.aws |
HTTPS HTTPS |
| South America (São Paulo) | sa-east-1 |
rds.sa-east-1.amazonaws.com rds.sa-east-1.api.aws |
HTTPS HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
rds.us-gov-east-1.amazonaws.com rds.us-gov-east-1.api.aws |
HTTPS HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
rds.us-gov-west-1.amazonaws.com rds.us-gov-west-1.api.aws |
HTTPS HTTPS |
The following table shows the format that you should use when constructing an ARN for a particular Amazon RDS resource type.
| Resource type | ARN format |
|---|---|
| DB instance |
arn:aws:rds: For example:
|
DB cluster |
arn:aws:rds: For example:
|
| Event subscription |
arn:aws:rds: For example:
|
| DB option group |
arn:aws:rds: For example:
|
| DB parameter group |
arn:aws:rds: For example:
|
| DB cluster parameter group |
arn:aws:rds: For example:
|
| Reserved DB instance |
arn:aws:rds: For example:
|
| DB security group |
arn:aws:rds: For example:
|
| Automated DB snapshot |
arn:aws:rds: For example:
|
| Automated DB cluster snapshot |
arn:aws:rds: For example:
|
| Manual DB snapshot |
arn:aws:rds: For example:
|
| Manual DB cluster snapshot |
arn:aws:rds: For example:
|
| DB subnet group |
arn:aws:rds: For example:
|
Getting an existing ARN
You can get the ARN of an RDS resource by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or RDS API.
Console
To get an ARN from the AWS Management Console, navigate to the resource you want an ARN for, and view the details for that resource.
For example, you can get the ARN for a DB instance from the Configuration tab of the DB instance details.
AWS CLI
To get an ARN from the AWS CLI for a particular RDS resource, you use the describe command for that resource.
The following table shows each AWS CLI command, and the ARN property used with the command to get an ARN.
| AWS CLI command | ARN property |
|---|---|
| describe-event-subscriptions | EventSubscriptionArn |
| describe-certificates | CertificateArn |
| describe-db-parameter-groups | DBParameterGroupArn |
| describe-db-cluster-parameter-groups | DBClusterParameterGroupArn |
| describe-db-instances | DBInstanceArn |
| describe-db-security-groups | DBSecurityGroupArn |
| describe-db-snapshots | DBSnapshotArn |
| describe-events | SourceArn |
| describe-reserved-db-instances | ReservedDBInstanceArn |
| describe-db-subnet-groups | DBSubnetGroupArn |
| describe-option-groups | OptionGroupArn |
| describe-db-clusters | DBClusterArn |
| describe-db-cluster-snapshots | DBClusterSnapshotArn |
For example, the following AWS CLI command gets the ARN for a DB instance.
Example
For Linux, macOS, or Unix:
aws rds describe-db-instances \ --db-instance-identifierDBInstanceIdentifier\ --regionus-west-2\ --query "*[].{DBInstanceIdentifier:DBInstanceIdentifier,DBInstanceArn:DBInstanceArn}"
For Windows:
aws rds describe-db-instances ^ --db-instance-identifierDBInstanceIdentifier^ --regionus-west-2^ --query "*[].{DBInstanceIdentifier:DBInstanceIdentifier,DBInstanceArn:DBInstanceArn}"
The output of that command is like the following:
[
{
"DBInstanceArn": "arn:aws:rds:us-west-2:account_id:db:instance_id",
"DBInstanceIdentifier": "instance_id"
}
]
RDS API
To get an ARN for a particular RDS resource, you can call the following RDS API operations and use the ARN properties shown following.
| RDS API operation | ARN property |
|---|---|
| DescribeEventSubscriptions | EventSubscriptionArn |
| DescribeCertificates | CertificateArn |
| DescribeDBParameterGroups | DBParameterGroupArn |
| DescribeDBClusterParameterGroups | DBClusterParameterGroupArn |
| DescribeDBInstances | DBInstanceArn |
| DescribeDBSecurityGroups | DBSecurityGroupArn |
| DescribeDBSnapshots | DBSnapshotArn |
| DescribeEvents | SourceArn |
| DescribeReservedDBInstances | ReservedDBInstanceArn |
| DescribeDBSubnetGroups | DBSubnetGroupArn |
| DescribeOptionGroups | OptionGroupArn |
| DescribeDBClusters | DBClusterArn |
| DescribeDBClusterSnapshots | DBClusterSnapshotArn |
