Arn

class aws_cdk.core.Arn(*args: Any, **kwargs)

Bases: object

Static Methods

classmethod extract_resource_name(arn, resource_type)

Extract the full resource name from an ARN.

Necessary for resource names (paths) that may contain the separator, like arn:aws:iam::111111111111:role/path/to/role/name.

Only works if we statically know the expected resourceType beforehand, since we’re going to use that to split the string on ‘:/’ (and take the right-hand side).

We can’t extract the ‘resourceType’ from the ARN at hand, because CloudFormation Expressions only allow literals in the ‘separator’ argument to { Fn::Split }, and so it can’t be { Fn::Select: [5, { Fn::Split: [':', ARN] }}.

Only necessary for ARN formats for which the type-name separator is /.

Parameters:

  • arn (str) –

  • resource_type (str) –

Return type:

str

classmethod format(components, stack=None)

Creates an ARN from components.

If partition, region or account are not specified, the stack’s partition, region and account will be used.

If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.

The ARN will be formatted as follows:

arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}

The required ARN pieces that are omitted will be taken from the stack that the ‘scope’ is attached to. If all ARN pieces are supplied, the supplied scope can be ‘undefined’.

Parameters:
Return type:

str

classmethod parse(arn, sep_if_token=None, has_name=None)

(deprecated) Given an ARN, parses it and returns components.

IF THE ARN IS A CONCRETE STRING…

…it will be parsed and validated. The separator (sep) will be set to ‘/’ if the 6th component includes a ‘/’, in which case, resource will be set to the value before the ‘/’ and resourceName will be the rest. In case there is no ‘/’, resource will be set to the 6th components and resourceName will be set to the rest of the string.

IF THE ARN IS A TOKEN…

…it cannot be validated, since we don’t have the actual value yet at the time of this function call. You will have to supply sepIfToken and whether or not ARNs of the expected format usually have resource names in order to parse it properly. The resulting ArnComponents object will contain tokens for the subexpressions of the ARN, not string literals.

If the resource name could possibly contain the separator char, the actual resource name cannot be properly parsed. This only occurs if the separator char is ‘/’, and happens for example for S3 object ARNs, IAM Role ARNs, IAM OIDC Provider ARNs, etc. To properly extract the resource name from a Tokenized ARN, you must know the resource type and call Arn.extractResourceName.

Parameters:

  • arn (str) – The ARN to parse.

  • sep_if_token (Optional[str]) – The separator used to separate resource from resourceName.

  • has_name (Optional[bool]) – Whether there is a name component in the ARN at all. For example, SNS Topics ARNs have the ‘resource’ component contain the topic name, and no ‘resourceName’ component.

Return type:

ArnComponents

Returns:

an ArnComponents object which allows access to the various components of the ARN.

Deprecated:

use split instead

Stability:

deprecated

classmethod split(arn, arn_format)

Splits the provided ARN into its components.

Works both if ‘arn’ is a string like ‘arn:aws:s3:::bucket’, and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).

Parameters:

  • arn (str) – the ARN to split into its components.

  • arn_format (ArnFormat) – the expected format of ‘arn’ - depends on what format the service ‘arn’ represents uses.

Return type:

ArnComponents