AWS GovCloud (US)
User Guide

Amazon Resource Names (ARNs) in AWS GovCloud (US)

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon S3 bucket names, and API calls. In the AWS GovCloud (US) Region, ARNs have an identifier that is different from the one in other AWS regions. For all other regions, ARNs begin with:

arn:aws

In the AWS GovCloud (US) Region, ARNs begin with:

arn:aws-us-gov

If an ARN requires a region, for the AWS GovCloud (US) Region, the region should be identified as us-gov-west-1.

ARN Format

Here are some example ARNs:

<!-- IAM user name --> arn:aws-us-gov:iam::123456789012:David <!-- Amazon EC2 instances --> arn:aws-us-gov:ec2:us-gov-west-1:001234567890:instance/* <!-- Amazon S3 bucket (and all objects in it)--> arn:aws-us-gov:s3:::my_corporate_bucket/*

The following are the general formats for ARNs. The specific components and values used depend on the AWS service.

arn:aws-us-gov:service:region:account:resource arn:aws-us-gov:service:region:account:resourcetype/resource arn:aws-us-gov:service:region:account:resourcetype:resource
service

The service namespace that identifies the AWS product (for example, Amazon S3 or IAM). For a list of namespaces, see AWS Service Namespaces in the Amazon Web Services General Reference.

region

The region in which the resource reside. The ARNs for some resources do not require a region, so this component might be omitted. For the AWS GovCloud (US) Region, the region is us-gov-west-1.

account

The ID of the AWS account that owns the resource, without the hyphens (for example, 123456789012). The ARNs for some resources don't require an account number, so this component might be omitted.

resource, resourcetype:resource, or resourcetype/resource

The content of this part of the ARN varies by service. It often includes an indicator of the type of resource—for example, IAM user—followed by a slash (/) or a colon (:), followed by the resource name itself. Some services allow paths for resource names, as described in Paths in ARNs.

Example ARNs

The following sections provide syntax and examples of the ARNs for different services. For more information about using ARNs in a specific AWS service, see the documentation for that service.

Amazon API Gateway

Syntax:

arn:aws-us-gov:apigateway:region::resource-path arn:aws-us-gov:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path

Examples:

arn:aws-us-gov:apigateway:us-gov-west-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws-us-gov:apigateway:us-gov-west-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws-us-gov:apigateway*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws-us-gov:execute-api: us-gov-west-1:123456789012:qsxrty/test/GET/mydemoresource/*

AWS Auto Scaling

Syntax:

arn:aws-us-gov:autoscaling:region:account-id:scalingPolicy:policyid:resource/servicenamespace/resourceid:policyName/policyfriendlyname

Example:

arn:aws-us-gov:autoscaling:us-gov-west-1:123456789012:scalingPolicy:6d8972f3-efc8-437c-92d1-6270f29a66e7:resource/ecs/service/serverapidevcluster/serverapidev:policyName/serverapidev_scale_down_policy

Amazon Aurora

Syntax:

arn:aws-us-gov:rds:region:account number:resourcetype:name

Example:

arn:aws-us-gov:rds:us-gov-west-1:123456789012:cluster:my-aurora-cluster-1

Amazon EC2 Auto Scaling

Syntax:

arn:aws-us-gov:autoscaling:region:account:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyname/policyfriendlyname arn:aws-us-gov:autoscaling:region:account:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

Example:

arn:aws-us-gov:autoscaling:us-gov-west-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

AWS Certificate Manager

Syntax:

arn:aws-us-gov:acm:region:account-id:certificate/certificate-id

Example:

arn:aws-us-gov:acm:us-gov-west-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

Amazon CloudWatch Events

Syntax:

arn:aws-us-gov:events:region:*:*

Example:

arn:aws-us-gov:events:us-gov-west-1:*:* arn:aws-us-gov:events:us-gov-west-1:123456789012:* arn:aws-us-gov:events:us-gov-west-1:123456789012:rule/my-rule

AWS CodeDeploy

Syntax:

arn:aws-us-gov:codedeploy:* arn:aws-us-gov:codedeploy:account-id:* arn:aws-us-gov:codedeploy:account-id:application/applicationname arn:aws-us-gov:codedeploy:account-id:deploymentconfig/deployment-configuration-name arn:aws-us-gov:codedeploy:account-id:deploymentgroup/deployment-group-name arn:aws-us-gov:codedeploy:account-id:instance/instanceid

AWS Config

Syntax:

arn:aws-us-gov:config:region:account-id:config-rule/config-rule-name

Example:

arn:aws-us-gov:config:us-gov-west-1:123456789012:config-rule/MyConfigRule

AWS Database Migration Service

Syntax:

arn:aws-us-gov:dms:region:account number:resourcetype:resourcename

Example:

arn:aws-us-gov:dms:us-gov-west-1:123456789012:rep:QLXQZ64MH7CXF4QCQMGRVYVXAI

Amazon DynamoDB

Syntax:

arn:aws-us-gov:dynamodb:region:account:table/tablename

Example:

arn:aws-us-gov:dynamodb:us-gov-west-1:123456789012:table/books_table

AWS Elastic Beanstalk

Syntax:

arn:aws-us-gov:elasticbeanstalk:region:account-id:application/applicationname arn:aws-us-gov:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel arn:aws-us-gov:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename arn:aws-us-gov:elasticbeanstalk:region:account-id:environment/applicationname/environmentname arn:aws-us-gov:elasticbeanstalk:region:account-id:platform/PLATFORM_NAME/PLATFORM_VERSION arn:aws-us-gov:elasticbeanstalk:region::solutionstack/solutionstackname

Examples:

arn:aws-us-gov:elasticbeanstalk:us-west-2:123456789012:application/My App arn:aws-us-gov:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version arn:aws-us-gov:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template arn:aws-us-gov:elasticbeanstalk:us-west-2:123456789012:environment/My App/MyEnvironment arn:aws-us-gov:elasticbeanstalk:us-west-2:123456789012:platform/MyPlatform/1.0 arn:aws-us-gov:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7

Amazon Elastic Compute Cloud

Syntax:

arn:aws-us-gov:ec2:region:account:instance/instance-id arn:aws-us-gov:ec2:region:account:placement-group/placement-group-name arn:aws-us-gov:ec2:region::snapshot/snapshot-id arn:aws-us-gov:ec2:region:account:volume/volume-id

Examples:

arn:aws-us-gov:ec2:us-gov-west-1:123456789012:instance/* arn:aws-us-gov:ec2:us-gov-west-1:123456789012:volume/* arn:aws-us-gov:ec2:us-gov-west-1:123456789012:volume/vol-1a2b3c4d

Amazon Elastic Container Registry

Syntax:

arn:aws-us-gov:ecr:region:accountid:repository/repository-name

Examples:

arn:aws-us-gov:ecr:us-gov-west-1:123456789012:repository/my-repository

Amazon Elastic Container Service

Syntax:

arn:aws-us-gov:ecs:region:accountid:cluster/clustername arn:aws-us-gov:ecs:region:accountid:container-instance/container-instance-id arn:aws-us-gov:ecs:region:accountid:task-definition/task-definition-family-name:task-definition-revision-number arn:aws-us-gov:ecs:region:accountid:service/service-name arn:aws-us-gov:ecs:region:accountid:task/task-id arn:aws-us-gov:ecs:region:accountid:container/container-id

Examples:

arn:aws-us-gov:ecs:us-gov-west-1:123456789012:cluster/my-cluster
arn:aws-us-gov:ecs:us-gov-west-1:123456789012:container-instance/403125b0-555c-4473-86b5-65982db28a6d
arn:aws-us-gov:ecs:us-gov-west-1:123456789012:task-definition/hello_world:8
arn:aws-us-gov:ecs:us-gov-west-1:123456789012:service/sample-webapp
arn:aws-us-gov:ecs:us-gov-west-1:123456789012:task/1abf0f6d-a411-4033-b8eb-a4eed3ad252a
arn:aws-us-gov:ecs:us-gov-west-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elasticsearch Service

Syntax:

arn:aws-us-gov:es:region:account:domain/domain-name
arn:aws-us-gov:es:region:account:domain/domain-name/*

Examples:

arn:aws-us-gov:es:us-gov-west-1:123456789012:domain/my-domain
arn:aws-us-gov:es:us-gov-west-1:123456789012:domain/my-domain/*

AWS Glue

Syntax: PLACEHOLDER

arn:aws-us-gov:guardduty:region:account-id:detector/detector-id arn:aws-us-gov:guardduty:region:account-id:ipset/ipset-id arn:aws-us-gov:guardduty:region:account-id:threatintelset/threatintelset-id

Examples:

arn:aws-us-gov:guardduty:us-gov-west-1:detector/12abc34d567e8fa901bc2d34e56789f0 arn:aws-us-gov:guardduty:us-gov-west-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90 arn:aws-us-gov:guardduty:us-gov-west-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234

Amazon GuardDuty

Syntax:

arn:aws-us-gov:guardduty:region:account-id:detector/detector-id arn:aws-us-gov:guardduty:region:account-id:ipset/ipset-id arn:aws-us-gov:guardduty:region:account-id:threatintelset/threatintelset-id

Examples:

arn:aws-us-gov:guardduty:us-gov-west-1:detector/12abc34d567e8fa901bc2d34e56789f0 arn:aws-us-gov:guardduty:us-gov-west-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90 arn:aws-us-gov:guardduty:us-gov-west-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234

AWS Identity and Access Management

Syntax:

arn:aws-us-gov:iam:region:account-id:root arn:aws-us-gov:iam:region:account-id:user/username arn:aws-us-gov:iam:region:account-id:group/groupname arn:aws-us-gov:iam:region:account-id:role/rolename arn:aws-us-gov:iam:region:account-id:instance-profile/instanceprofilename arn:aws-us-gov:sts:region:account-id:federated-user/username arn:aws-us-gov:iam:region:account-id:mfa/virtualdevicename arn:aws-us-gov:iam:region:account-id:server-certificate/certificatename

Examples:

arn:aws-us-gov:iam:us-gov-west-1:123456789012:root arn:aws-us-gov:iam:us-gov-west-1:123456789012:user/Bob arn:aws-us-gov:iam:us-gov-west-1:123456789012:user/division_abc/subdivision_xyz/Bob arn:aws-us-gov:iam:us-gov-west-1:123456789012:group/Developers arn:aws-us-gov:iam:us-gov-west-1:123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws-us-gov:iam:us-gov-west-1:123456789012:role/S3Access arn:aws-us-gov:iam:us-gov-west-1:123456789012:role/application_abc/component_xyz/S3Access arn:aws-us-gov:iam:us-gov-west-1:123456789012:instance-profile/Webserver arn:aws-us-gov:sts:us-gov-west-1:123456789012:federated-user/Bob arn:aws-us-gov:iam:us-gov-west-1:123456789012:mfa/BobJonesMFA arn:aws-us-gov:iam:us-gov-west-1:123456789012:server-certificate/ProdServerCert arn:aws-us-gov:iam:us-gov-west-1:123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert

Amazon Inspector

Syntax:

arn:aws-us-gov:inspector:region:account-id:target/target-id arn:aws-us-gov:inspector:region:account-id:target/target-id/template/template-id arn:aws-us-gov:inspector:region:account-id:target/target-id/template/template-id/run/run-id arn:aws-us-gov:inspector:region:account-id:target/target-id/template/template-id/run/run-id/finding/finding-id

Examples:

arn:aws-us-gov:inspector:us-gov-west-1:123456789012:target/0-SbqF87sd arn:aws-us-gov:inspector:us-gov-west-1:123456789012:target/0-SbqF87sd/template/0-ltAhR4vg arn:aws-us-gov:inspector:us-gov-west-1:123456789012:target/0-SbqF87sd/template/0-ltAhR4vg/run/0-IABgH9tK arn:aws-us-gov:inspector:us-gov-west-1:123456789012:target/0-SbqF87sd/template/0-ltAhR4vg/run/0-IABgH9tK/finding/0-ZNPdf4AB

AWS IoT Core

Syntax:

arn:aws-us-gov:iot:region:account-id:authorizer/authorizer-function-name arn:aws-us-gov:iot:region:account-id:authorizer/authorizer-name arn:aws-us-gov:iot:region:account-id:cert/cert-id arn:aws-us-gov:iot:region:account-id:index/index-id arn:aws-us-gov:iot:region:account-id:index/index-name arn:aws-us-gov:iot:region:account-id:job/job-id arn:aws-us-gov:iot:region:account-id:policy/policy-name arn:aws-us-gov:iot:region:account-id:role/role-name arn:aws-us-gov:iot:region:account-id:rolealias/role-alias-name arn:aws-us-gov:iot:region:account-id:rule/rule-name arn:aws-us-gov:iot:region:account-id:thing/thing-name arn:aws-us-gov:iot:region:account-id:thinggroup/thing-group-name arn:aws-us-gov:iot:region:account-id:thingtype/thing-type-name

Examples:

arn:aws-us-gov:iot:us-gov-west-1:123456789012:authorizer/my_authorizer_function_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:authorizer/my_authorizer-name arn:aws-us-gov:iot:us-gov-west-1:123456789012:cert/my_cert_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:index/my_index_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:index/my_index_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:job/my_job_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:policy/my_policy_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:role/my_role_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:rolealias/my_role_alias_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:rule/my_rule_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thing/my_thing_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thinggroup/my_thing_group_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thingtype/my_thing_type_name

AWS IoT Device Management

Syntax:

arn:aws-us-gov:iot:region:account-id:authorizer/authorizer-function-name arn:aws-us-gov:iot:region:account-id:authorizer/authorizer-name arn:aws-us-gov:iot:region:account-id:cert/cert-id arn:aws-us-gov:iot:region:account-id:index/index-id arn:aws-us-gov:iot:region:account-id:index/index-name arn:aws-us-gov:iot:region:account-id:job/job-id arn:aws-us-gov:iot:region:account-id:policy/policy-name arn:aws-us-gov:iot:region:account-id:role/role-name arn:aws-us-gov:iot:region:account-id:rolealias/role-alias-name arn:aws-us-gov:iot:region:account-id:rule/rule-name arn:aws-us-gov:iot:region:account-id:thing/thing-name arn:aws-us-gov:iot:region:account-id:thinggroup/thing-group-name arn:aws-us-gov:iot:region:account-id:thingtype/thing-type-name

Examples:

arn:aws-us-gov:iot:us-gov-west-1:123456789012:authorizer/my_authorizer_function_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:authorizer/my_authorizer-name arn:aws-us-gov:iot:us-gov-west-1:123456789012:cert/my_cert_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:index/my_index_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:index/my_index_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:job/my_job_id arn:aws-us-gov:iot:us-gov-west-1:123456789012:policy/my_policy_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:role/my_role_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:rolealias/my_role_alias_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:rule/my_rule_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thing/my_thing_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thinggroup/my_thing_group_name arn:aws-us-gov:iot:us-gov-west-1:123456789012:thingtype/my_thing_type_name

* Please note the ARN syntax is the same for AWS IoT

Amazon Kinesis Data Streams

Syntax:

arn:aws-us-gov:kinesis:region:account:stream/stream-name

Examples:

arn:aws-us-gov:kinesis:us-gov-west-1:123456789012:stream/my_stream

AWS Lambda

Syntax:

arn:aws-us-gov:lambda:account-id:function:function-name
arn:aws-us-gov:lambda:account-id:function:function-name:alias-name
arn:aws-us-gov:lambda:account-id:function:function-name:version
arn:aws-us-gov:lambda:account-id:event-source-mappings:event-source-mapping-id

Examples:

arn:aws-us-gov:lambda:us-gov-west-1:123456789012:function:ProcessKinesisRecords
arn:aws-us-gov:lambda:us-gov-west-1:123456789012:function:ProcessKinesisRecords:your alias
arn:aws-us-gov:lambda:us-gov-west-1:123456789012:function:ProcessKinesisRecords:1.0
arn:aws-us-gov:lambda:us-gov-west-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Polly

Syntax:

arn:aws-us-gov:polly:region:account-id:lexicon/LexiconName

Examples:

arn:aws-us-gov:polly:us-gov-west-1:123456789012:lexicon/MyNewLexicon

Amazon RDS

Syntax:

arn:aws-us-gov:rds:region:account-number:resourcetype:name

Examples:

arn:aws-us-gov:rds:us-gov-west-1:123456789012:db:my-mysql-instance-1

Amazon Rekognition

Syntax:

arn:aws-us-gov:rekognition:region:account-id:collection/collection-id arn:aws-us-gov:rekognition:region:account-id:*

Examples:

arn:aws-us-gov:rekognition:us-gov-west-1:123456789012:mycollection/mycollection-id arn:aws-us-gov:rekognition:us-gov-west-1:123456789012:mycollection

Amazon SageMaker

Syntax:

arn:aws-us-gov:sagemaker:region:account-id:notebook-instance/notebookInstanceName arn:aws-us-gov:sagemaker:region:account-id:notebook-instance-lifecycle-config/notebookInstanceLifecycleConfigName arn:aws-us-gov:sagemaker:region:account-id:training-job/trainingJobName arn:aws-us-gov:sagemaker:region:account-id:model/modelName arn:aws-us-gov:sagemaker:region:account-id:endpointName arn:aws-us-gov:sagemaker:region:account-id:endpoint-config/endpointConfigName arn:aws-us-gov:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJobName arn:aws-us-gov:sagemaker:region:account-id:transform-job/transformJobName

Examples:

arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:notebook-instance/my-notebookInstance-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:notebook-instance-lifecycle-config/my-notebookInstanceLifecycleConfig-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:training-job/my-trainingJob-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:model/my-mlModel-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:endpoint/my-endpoint-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:endpoint-config/my-endpointConfig-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:hyper-parameter-tuning-job/my-hp-tuningJob-1 arn:aws-us-gov:sagemaker:us-gov-west-1:123456789012:transform-job/my-transformJob-1

Amazon Simple Notification Service

Syntax:

arn:aws-us-gov:sns:region:account:topicname arn:aws-us-gov:sns:region:account:topicname:subscriptionid

Examples:

arn:aws-us-gov:sns:us-gov-west-1:123456789012:my_corporate_topic arn:aws-us-gov:sns:us-gov-west-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service

Syntax:

arn:aws-us-gov:sqs:region:account:queuename

Example:

arn:aws-us-gov:sqs:us-gov-west-1:123456789012:queue1

Amazon Simple Storage Service

Syntax:

arn:aws-us-gov:s3:::bucketname arn:aws-us-gov:s3:::bucketname/objectpath

Amazon S3 does not require an account number or region in ARNs.

Examples:

arn:aws-us-gov:s3:::my_corporate_bucket arn:aws-us-gov:s3:::my_corporate_bucket/* arn:aws-us-gov:s3:::my_corporate_bucket/Development/*

Amazon Simple Workflow Service

Syntax:

arn:aws-us-gov:swf:region:account:domain/domainname

Examples:

arn:aws-us-gov:swf:us-gov-west-1:123456789012:domain/department1 arn:aws-us-gov:swf:us-gov-west-1:123456789012:/domain/*

AWS Step Functions

Syntax:

arn:aws:states:aws-us-gov:account-id:activity:activityName arn:aws:states:aws-us-gov:account-id:stateMachine:stateMachineName arn:aws:states:aws-us-gov:account-id:execution:stateMachineName:executionName

Examples:

arn:aws:states:us-gov-west-1:123456789012:activity:HelloActivity arn:aws:states:us-gov-west-1:123456789012:activity:stateMachine:HelloStateMachine arn:aws:states:us-gov-west-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

Syntax:

arn:aws:storagegateway:aws-us-gov:account-id:gateway/gateway-id arn:aws:storagegateway:aws-us-gov:account-id:share/share-id arn:aws:storagegateway:aws-us-gov:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:aws-us-gov:account-id:tape/tapebarcode arn:aws:storagegateway:aws-us-gov:account-id:gateway/gateway-id/target/iSCSItarget arn:aws:storagegateway:aws-us-gov:account-id:gateway/gateway-id/device/vtldevice

Examples:

arn:aws:storagegateway:us-gov-west-1:123456789012:gateway/sgw-0021C461 arn:aws:storagegateway:us-gov-west-1:123456789012:share/share-7E52E414 arn:aws:storagegateway:us-gov-west-1:123456789012:gateway/gateway-id/volume/vol-004b446472f121a0a arn:aws:storagegateway:us-gov-west-1:1234567890122:tape/AZAAF31B12 arn:aws:storagegateway:us-gov-west-1:123456789012:gateway/sgw-C0ED0111/target/iqn.1998-03.com.abc:sgw-c0ed01a8-tapedrive-02 arn:aws:storagegateway:us-gov-west-1:123456789012:gateway/sgw-C0ED0222/device/mytarget

AWS Systems Manager

Syntax:

arn:aws-us-gov:ssm:us-gov-west-1:* arn:aws-us-gov:ssm:region:account-id:* arn:aws-us-gov:ssm:region:account-id:automation-execution/automation-execution-id arn:aws-us-gov:ssm:region:account-id:automation-definition/automation-definition-id:version-id arn:aws-us-gov:ssm:region:account-id:document/document-name arn:aws-us-gov:ssm:region:account-id:maintenancewindow/window-execution-id arn:aws-us-gov:ssm:region:account-id:windowtarget/window-target-id arn:aws-us-gov:ssm:region:account-id:windowtask/window-task-id arn:aws-us-gov:ssm:region:account-id:managed-instance/managed-instance-id arn:aws-us-gov:ssm:region:account-id:managed-instance-inventory/managed-instance-id arn:aws-us-gov:ssm:region:account-id:parameter/parameter-name/ arn:aws-us-gov:ssm:region:account-id:patchbaseline/patch-baseline-id

Examples:

arn:aws-us-gov:ssm:us-gov-west-1:* arn:aws-us-gov:ssm:us-gov-west-1:123456789012:* arn:aws-us-gov:ssm:us-gov-west-1:123456789012:automation-execution/12349770-d978-4084-9658-61910EXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:automation-definition/5678f88a-4dff-4186-a238-2793fEXAMPLE:2 arn:aws-us-gov:ssm:us-gov-west-1:123456789012:document/My-Document arn:aws-us-gov:ssm:us-gov-west-1:123456789012:maintenancewindow/mw-9876042c46EXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:windowtarget/12349275-40f7-40e8-b831-95136EXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:windowtask/5678cb42-5dbd-4060-8349-bfb2fEXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:managed-instance/i-0123b04ac7EXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:managed-instance-inventory/i-6789b04ac7EXAMPLE arn:aws-us-gov:ssm:us-gov-west-1:123456789012:parameter/My-Parameter/ arn:aws-us-gov:ssm:us-gov-west-1:123456789012:patchbaseline/pb-1a2b89f711EXAMPLE

Paths in ARNs

Some services let you specify a path for the resource name. For example, in Amazon S3, the resource identifier is an object name that can include slashes (/) to form a path. Similarly, IAM user names and group names can include paths.

Paths can include wildcard characters such as an asterisk (*). For example, to specify all IAM users whose user name includes the prefix product_1234, you can use a wildcard like this:

arn:aws-us-gov:iam::123456789012:user/Development/product_1234/*

To specify all IAM users or IAM groups in the AWS account, use a wildcard after the user/ or group/part of the ARN, respectively.

arn:aws-us-gov:iam::123456789012:user/* arn:aws-us-gov:iam::123456789012:group/*

The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a path:

arn:aws-us-gov:s3:::my_corporate_bucket/* arn:aws-us-gov:s3:::my_corporate_bucket/Development/*

You cannot use a wildcard in the resource type, such as the term user in an IAM ARN. The following is not allowed:

arn:aws-us-gov:iam::123456789012:u*

For more information, see Amazon Resource Names (ARNs) and AWS Service Namespaces.