Amazon リソースネーム (ARN) と AWS サービスの名前空間
Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API コールなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。
コンテンツ
ARN 形式
次に ARN の例を示します。
<!-- Elastic Beanstalk application version --> arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment <!-- IAM user name --> arn:aws:iam::123456789012:user/David <!-- Amazon RDS instance used for tagging --> arn:aws:rds:eu-west-1:123456789012:db:mysql-db <!-- Object in an Amazon S3 bucket --> arn:aws:s3:::my_corporate_bucket/exampleobject.png
次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。ARN を使用するには、例で赤の斜体で示されているテキストを自分の情報に置き換えます。
arn:partition:service:region:account-id:resourcearn:partition:service:region:account-id:resourcetype/resourcearn:partition:service:region:account-id:resourcetype/resource/qualifierarn:partition:service:region:account-id:resourcetype/resource:qualifierarn:partition:service:region:account-id:resourcetype:resourcearn:partition:service:region:account-id:resourcetype:resource:qualifier
パーティション-
リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは
awsです。他のパーティションにリソースがある場合、パーティションはaws-です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、partitionnameaws-cnです。 service-
AWS 製品(例: Amazon S3、IAM、Amazon RDS)を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。
リージョン-
リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。
アカウント-
リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012 と指定します。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。
resource、resourcetype:resource、またはresourcetype/resource-
ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (
/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。
ARN の例
次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。ARN
を使用するには、例で赤の斜体で示されているテキストを自分の情報に置き換えます。
一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。
Alexa for Business
構文:
arn:aws:a4b:region:accountid:resourcetype/resource
例:
arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158
Amazon API Gateway
構文:
arn:aws:apigateway:region::resource-patharn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-patharn:aws:execute-api:region:account-id:api-id/stage-name/route-key
例:
arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws:apigateway:us-east-1::/apis/a123456789012bc3de45678901f23a45/* arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/* arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$connect arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$route1
AWS AppSync
構文:
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-namearn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-namearn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name
例:
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription
AWS Artifact
構文:
arn:aws:artifact:::report-package/document-type/report-type
例:
arn:aws:artifact:::report-package/Certifications and Attestations/SOC/* arn:aws:artifact:::report-package/Certifications and Attestations/ISO/* arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*
Amazon EC2 Auto Scaling
構文:
arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyName/policyfriendlynamearn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname
例:
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy
アプリケーションの Auto Scaling
構文:
arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:resource/service-namespace/resource-id:policyName/policyfriendlynamearn:aws:autoscaling:region:account-id:scheduledAction:action-id:resource/service-namespace/resource-id:scheduledActionName/actionfriendlyname
例:
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:resource/ec2/spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE:policyName/cpu40 arn:aws:autoscaling:us-east-1:123456789012:scheduledAction:38c84579-0f51-4adc-879b-a2cc4EXAMPLE:resource/ec2/spot-fleet-request/sfr-09d694de-4d82-4b48-a4f4-2f38fEXAMPLE:scheduledActionName/my-action
AWS Batch
構文:
arn:aws:batch:region:account-id:compute-environment/namearn:aws:batch:region:account-id:job-definition/job-name:revisionarn:aws:batch:region:account-id:job-queue/queue-name
例:
arn:aws:batch:us-east-1:123456789012:compute-environment/my-environment arn:aws:batch:us-east-1:123456789012:job-definition/my-job-definition:1 arn:aws:batch:us-east-1:123456789012:job-queue/my-queue
AWS Certificate Manager
構文:
arn:aws:acm:region:account-id:certificate/certificate-id
例:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
AWS Certificate Manager Private Certificate Authority
構文 (プライベート認証機関):
arn:aws:acm-pca:region:account-id:certificate-authority/ca-id
例:
arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8
AWS Cloud9
構文:
arn:aws:cloud9:region:account-id:environment:environment-id
例:
arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX
Amazon Cloud Directory
構文:
arn:aws:clouddirectory:region:account-id:directory/directoryID
例:
arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI
AWS CloudFormation
構文:
arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier
例:
arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
Amazon CloudFront
構文:
arn:aws:cloudfront::account-id:*
例:
arn:aws:cloudfront::123456789012:*
AWS Cloud Map
構文:
arn:aws:servicediscovery:region:account-id:namespace/namespace-idarn:aws:servicediscovery:region:account-id:service/service-id
AWS Cloud Map には、ARN のアカウント番号またはリージョンは不要です。
例:
arn:aws:servicediscovery:us-east-1:123456789012:namespace/ns-e1tpmexample0001 arn:aws:servicediscovery:us-east-1:123456789012:service/srv-e4anhexample0004
Amazon CloudSearch
構文:
arn:aws:cloudsearch:region:account-id:domain/domainname
例:
arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies
AWS CloudTrail
構文:
arn:aws:cloudtrail:region:account-id:trail/trailname
例:
arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname
Amazon CloudWatch
構文:
arn:aws:cloudwatch:region:account-id:alarm:alarm-name
arn:aws:cloudwatch::account-id:dashboard/dashboard-name
例:
arn:aws:cloudwatch:us-east-1:123456789012:alarm:* arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName
Amazon CloudWatch Events
構文:
arn:aws:events:region:*:*
例:
arn:aws:events:us-east-1:*:* arn:aws:events:us-east-1:123456789012:* arn:aws:events:us-east-1:123456789012:rule/my-rule
Amazon CloudWatch Logs
構文:
arn:aws:logs:region:*:*
例:
arn:aws:logs:us-east-1:*:* arn:aws:logs:us-east-1:123456789012:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*
CodeBuild
構文:
arn:aws:codebuild:region:account-id:resourcetype/resource
例:
arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad
AWS CodeCommit
構文:
arn:aws:codecommit:region:account-id:resource-specifier
例:
arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo
AWS CodeDeploy
構文:
arn:aws:codedeploy:region:account-id:resource-type:resource-specifierarn:aws:codedeploy:region:account-id:resource-type/resource-specifier
例:
arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*
Amazon Cognito ユーザープール
構文:
arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
例:
arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
Amazon Cognito フェデレーテッドアイデンティティ
構文:
arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id
例:
arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
Amazon Cognito Sync
構文:
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name
例:
arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
AWS Config
構文:
arn:aws:config:region:account-id:config-rule/config-rule-id
例:
arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan
AWS CodePipeline
構文:
arn:aws:codepipeline:region:account-id:resource-specifier
例:
arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline
AWS CodeStar
構文:
arn:aws:codestar:region:account-id:project/resource-specifier
例:
arn:aws:codestar:us-east-1:123456789012:project/my-first-project
AWS DataSync
arn:aws:datasync:region:account-id:agent/agent-idarn:aws:datasync:region:account-id:location/location-idarn:aws:datasync:region:account-id:task/task-idarn:aws:datasync:region:account-id:task/task-id/execution/exec-id
例:
arn:aws:datasync:us-east-2:111222333444:agent/agent-0b0addbeef44baca3 arn:aws:datasync:us-east-2:111222333444:location/loc-07db7abfc326c50fb arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026 arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026/execution/exec-04ce9d516d69bd52f
AWS Direct Connect
構文:
arn:aws:directconnect:region:account-id:dxcon/connection-idarn:aws:directconnect:region:account-id:dxlag/lag-idarn:aws:directconnect:region:account-id:dxvif/virtual-interface-id
例:
arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048 arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x
AWS Directory Service
構文:
arn:aws:ds:region:account-id:directory/directoryId
例:
arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI
Amazon DynamoDB
構文:
arn:aws:dynamodb:region:account-id:table/tablenamearn:aws:dynamodb:region:account-id:table/tablename/stream/label
例:
arn:aws:dynamodb:us-east-1:123456789012:table/books_table arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291
AWS Elastic Beanstalk
構文:
arn:aws:elasticbeanstalk:region:account-id:application/applicationnamearn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabelarn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentnamearn:aws:elasticbeanstalk:region::solutionstack/solutionstacknamearn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename
例:
arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7 arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template
Amazon Elastic Compute Cloud (Amazon EC2)
構文:
arn:aws:ec2:region:account-id:customer-gateway/cgw-idarn:aws:ec2:region:account-id:dedicated-host/host-idarn:aws:ec2:region:account-id:dhcp-options/dhcp-options-idarn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-idarn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-idarn:aws:ec2:region::image/image-idarn:aws:ec2:region:account-id:instance/instance-idarn:aws:ec2:region:account-id:internet-gateway/igw-idarn:aws:ec2:region:account-id:key-pair/key-pair-namearn:aws:ec2:region:account-id:launch-template/launch-template-idarn:aws:ec2:region:account-id:natgateway/natgateway-idarn:aws:ec2:region:account-id:network-acl/nacl-idarn:aws:ec2:region:account-id:network-interface/eni-idarn:aws:ec2:region:account-id:placement-group/placement-group-namearn:aws:ec2:region:account-id:reserved-instances/reservation-idarn:aws:ec2:region:account-id:route-table/route-table-idarn:aws:ec2:region:account-id:security-group/security-group-idarn:aws:ec2:region::snapshot/snapshot-idarn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-idarn:aws:ec2:region:account-id:subnet/subnet-idarn:aws:ec2:region:account-id:transit-gateway/tgw-idarn:aws:ec2:region:account-id:volume/volume-idarn:aws:ec2:region:account-id:vpc/vpc-idarn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-idarn:aws:ec2:region:account-id:vpn-connection/vpn-idarn:aws:ec2:region:account-id:vpn-gateway/vgw-id
例:
arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678 arn:aws:ec2:us-east-1::image/ami-1a2b3c4d arn:aws:ec2:us-east-1:123456789012:instance/* arn:aws:ec2:us-east-1:123456789012:volume/* arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d
Amazon Elastic Container Registry (Amazon ECR)
構文:
arn:aws:ecr:region:account-id:repository/repository-name
例:
arn:aws:ecr:us-east-1:123456789012:repository/my-repository
Amazon Elastic Container Service (Amazon ECS)
構文:
arn:aws:ecs:region:account-id:cluster/cluster-namearn:aws:ecs:region:account-id:container-instance/cluster-name/container-instance-idarn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-numberarn:aws:ecs:region:account-id:service/cluster-name/service-namearn:aws:ecs:region:account-id:task/cluster-name/task-idarn:aws:ecs:region:account-id:container/container-id
例:
arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster arn:aws:ecs:us-east-1:123456789012:container-instance/my-cluster/403125b0-555c-4473-86b5-65982db28a6d arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8 arn:aws:ecs:us-east-1:123456789012:service/my-cluster/sample-webapp arn:aws:ecs:us-east-1:123456789012:task/my-cluster/1abf0f6d-a411-4033-b8eb-a4eed3ad252a arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a
Amazon Elastic Container Service for Kubernetes (Amazon EKS)
構文:
arn:aws:eks:region:account-id:cluster/cluster-name
例:
arn:aws:eks:us-east-1:123456789012:cluster/my-cluster
Amazon Elastic File System
構文:
arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id
例:
arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs12345678
Elastic Load Balancing (Application Load Balancer)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-idarn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-idarn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-idarn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067
Elastic Load Balancing (ネットワークロードバランサー)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-idarn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-idarn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-idarn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067
Elastic Load Balancing (Classic Load Balancer)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer
Amazon Elastic Transcoder
構文:
arn:aws:elastictranscoder:region:account-id:resource/id
例:
arn:aws:elastictranscoder:us-east-1:123456789012:preset/*
Amazon ElastiCache
構文:
arn:aws:elasticache:region:account-id:resourcetype:resourcename
例:
arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot
Amazon Elasticsearch Service
構文:
arn:aws:es:region:account-id:domain/domain-name
例:
arn:aws:es:us-east-1:123456789012:domain/streaming-logs
Amazon S3 Glacier
構文:
arn:aws:glacier:region:account-id:vaults/vaultname
例:
arn:aws:glacier:us-east-1:123456789012:vaults/examplevault arn:aws:glacier:us-east-1:123456789012:vaults/example* arn:aws:glacier:us-east-1:123456789012:vaults/*
AWS Global Accelerator
構文:
arn:aws:globalaccelerator::account-id:accelerator/accelerator-id
例:
arn:aws:globalaccelerator::123456789012:accelerator/123abc4567e8fa901bc2d3example
Amazon GuardDuty
構文:
arn:aws:guardduty:region:account-id:detector/detector-id
arn:aws:guardduty:region:account-id:ipset/ipset-id
arn:aws:guardduty:region:account-id:threatintelset/threatintelset-id
例:
arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0
arn:aws:guardduty:us-east-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90
arn:aws:guardduty:us-east-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234
AWS Health / Personal Health Dashboard
構文:
arn:aws:health:region::event/event-idarn:aws:health:region:account-id:entity/entity-id
例:
arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K
AWS Identity and Access Management (IAM)
構文:
arn:aws:iam::account-id:root arn:aws:iam::account-id:user/user-namearn:aws:iam::account-id:group/group-namearn:aws:iam::account-id:role/role-namearn:aws:iam::account-id:policy/policy-namearn:aws:iam::account-id:instance-profile/instance-profile-namearn:aws:sts::account-id:federated-user/user-namearn:aws:sts::account-id:assumed-role/role-name/role-session-namearn:aws:iam::account-id:mfa/virtual-device-namearn:aws:iam::account-id:u2f/u2f-token-idarn:aws:iam::account-id:server-certificate/certificate-namearn:aws:iam::account-id:saml-provider/provider-namearn:aws:iam::account-id:oidc-provider/provider-name
例:
arn:aws:iam::123456789012:root arn:aws:iam::123456789012:user/JohnDoe arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/JaneDoe arn:aws:iam::123456789012:group/Developers arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws:iam::123456789012:role/S3Access arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access arn:aws:iam::123456789012:policy/UsersManageOwnCredentials arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials arn:aws:iam::123456789012:instance-profile/Webserver arn:aws:sts::123456789012:federated-user/JohnDoe arn:aws:sts::123456789012:assumed-role/Accounting-Role/JaneDoe arn:aws:iam::123456789012:mfa/JaneDoeMFA arn:aws:iam::123456789012:u2f/user/JohnDoe/default (U2F security key) arn:aws:iam::123456789012:server-certificate/ProdServerCert arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert arn:aws:iam::123456789012:saml-provider/ADFSProvider arn:aws:iam::123456789012:oidc-provider/GoogleProvider
IAM ARN の詳細については、IAM ユーザーガイド の「IAM ARNs」を参照してください。
AWS IoT
構文:
arn:aws:iot:your-region:account-id:cert/cert-IDarn:aws:iot:your-region:account-id:policy/policy-namearn:aws:iot:your-region:account-id:rule/rule-namearn:aws:iot:your-region:account-id:client/client-id/rule-name
例:
arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7 arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy arn:aws:iot:your-region:123456789012:rule/MyIoTRule arn:aws:iot:your-region:123456789012:client/client101
AWS Key Management Service (AWS KMS)
構文:
arn:aws:kms:region:account-id:key/key-idarn:aws:kms:region:account-id:alias/alias
例:
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 arn:aws:kms:us-east-1:123456789012:alias/example-alias
Amazon Kinesis Data Firehose (Kinesis Data Firehose)
構文:
arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name
例:
arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name
Amazon Kinesis Data Streams (Kinesis Data Streams)
構文:
arn:aws:kinesis:region:account-id:stream/stream-namearn:aws:kinesis:region:account-id:stream/stream-name/consumer/consumer-name:consumer-creation-timestamp
例:
arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name/consumer/example-consumer-name:1525898737
Amazon Kinesis Data Analytics (Kinesis Data Analytics)
構文:
arn:aws:kinesisanalytics:region:account-id:application/application-name
例:
arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name
Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)
構文:
arn:aws:kinesisvideo:region:account-id:application/stream-name/code
例:
arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012
AWS Lambda (Lambda)
構文:
arn:aws:lambda:region:account-id:function:function-namearn:aws:lambda:region:account-id:function:function-name:alias-namearn:aws:lambda:region:account-id:function:function-name:versionarn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id
例:
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your aliasarn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0 arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn
Amazon Macie
構文:
arn:aws:macie:region:account-id:trigger/triggerIDarn:aws:macie:region:account-id:trigger/triggerID/alert/alertID
例:
arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975 arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585 arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585
Amazon Machine Learning (Amazon ML)
構文:
arn:aws:machinelearning:region:account-id:datasource/datasourceIDarn:aws:machinelearning:region:account-id:mlmodel/mlmodelIDarn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlIDarn:aws:machinelearning:region:account-id:evaluation/evaluationID
例:
arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1 arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation
MediaConnect
構文:
arn:aws:mediaconnect:region:account-id:entitlement:resourceID:resourceNamearn:aws:mediaconnect:region:account-id:flow:resourceID:resourceNamearn:aws:mediaconnect:region:account-id:output:resourceID:resourceNamearn:aws:mediaconnect:region:account-id:source:resourceID:resourceName
例:
arn:aws:mediaconnect:us-east-1:111111111111:entitlement:1-1a2b3c4d5e6f7g8h-123456abcDEF:EntitlementName arn:aws:mediaconnect:us-east-1:111111111111:flow:1-12345678abcdefgh-654321abcDEF:FlowName arn:aws:mediaconnect:us-east-1:111111111111:output:1-abcDEFGH12345678-abcDEF123456:OutputName arn:aws:mediaconnect:us-east-1:111111111111:source:1-abc12345678defgh-ABCdef654321:SourceName
MediaConvert
構文:
arn:aws:mediaconvert:region:account-id:jobs/jobIDarn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateIDarn:aws:mediaconvert:region:account-id:presets/presetIDarn:aws:mediaconvert:region:account-id:queues/queueID
例:
arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123 arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678 arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p arn:aws:mediaconvert:us-east-1:111111111111:queues/default
MediaLive
構文:
arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupIDarn:aws:medialive:region:account-id:input:inputIDarn:aws:medialive:region:account-id:channel:channelID
例:
arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567 arn:aws:medialive:us-east-1:111111111111:input:2345678 arn:aws:medialive:us-east-1:111111111111:channel:3456789
MediaPackage
構文:
arn:aws:mediapackage:region:account-id:channels/channelIDarn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID
例:
arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n
MediaStore
構文:
arn:aws:mediastore:region:account-id:resourceType/resourceID
例:
arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts
MediaTailor
構文:
arn:aws:mediatailor:region:account-id:configurations/configurationID
例:
arn:aws:mediatailor:us-east-1:111111111111:configurations/2c3456de789012f34ghijk5m678n901o
AWS Mobile Hub
構文:
arn:aws:mobilehub:region:account-id:project/projectID
例:
arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc
Amazon MQ
構文:
arn:aws:mq:region:account-id:broker:broker-name:broker-idarn:aws:mq:region:account-id:configuration:configuration-name:configuration-id
例:
arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
AWS OpsWorks for Chef Automate および AWS OpsWorks for Puppet Enterprise
構文:
arn:aws:opsworks-cm:us-east-1:master-account-id:server/server-name-random-ID-suffix/server-id
例:
arn:aws:opsworks-cm:us-east-1:123456789012:server/TestServer-0123456789/EXAMPLEa-1199-43a6-aa00-8a000EXAMPLE
AWS OpsWorks スタック
構文:
arn:aws:opsworks:us-east-1:master-account-id:stack/stack-idarn:aws:opsworks:us-east-1:master-account-id:layer/layer-idarn:aws:opsworks:us-east-1:master-account-id:instance/opsworks-instance-idarn:aws:opsworks:us-east-1:master-account-id:app/opsworks-app-id
例:
arn:aws:opsworks:us-east-1:123456789012:stack/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:layer/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:instance/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:app/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE
AWS Organizations
構文:
arn:aws:organizations::master-account-id:organization/o-organization-idarn:aws:organizations::master-account-id:root/o-organization-id/r-root-idarn:aws:organizations::master-account-id:account/o-organization-id/account-idarn:aws:organizations::master-account-id:ou/o-organization-id/ou-organizational-unit-idarn:aws:organizations::master-account-id:policy/o-organization-id/policy-type/p-policy-idarn:aws:organizations::master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id
例:
arn:aws:organizations::123456789012:organization/o-a1b2c3d4e5example arn:aws:organizations::123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example arn:aws:organizations::123456789012:account/o-a1b2c3d4e5/123456789012 arn:aws:organizations::123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example arn:aws:organizations::123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example arn:aws:organizations::123456789012:handshake/o-a1b2c3d4e5/invite/h-u2v4w5x8y0example
Amazon Pinpoint
構文:
arn:aws:mobiletargeting:us-east-1:account-id:apps/appIdarn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignIdarn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId
例:
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7 arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf
Amazon Polly
構文:
arn:aws:polly:region:account-id:lexicon/LexiconName
例:
arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon
Amazon Redshift
構文:
arn:aws:redshift:region:account-id:cluster:cluster-namearn:aws:redshift:region:account-id:dbname:cluster-name/database-namearn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-namearn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-namearn:aws:redshift:region:account-id:parametergroup:parameter-group-namearn:aws:redshift:region:account-id:securitygroup:security-group-namearn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-namearn:aws:redshift:region:account-id:subnetgroup:subnet-group-name
例:
arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807 arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10
Amazon Relational Database Service (Amazon RDS)
ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon RDS ユーザーガイド』の「Tagging a DB Instance」を参照してください。
構文:
arn:aws:rds:region:account-id:db:db-instance-namearn:aws:rds:region:account-id:snapshot:snapshot-namearn:aws:rds:region:account-id:cluster:db-cluster-namearn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-namearn:aws:rds:region:account-id:og:option-group-namearn:aws:rds:region:account-id:pg:parameter-group-namearn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-namearn:aws:rds:region:account-id:secgrp:security-group-namearn:aws:rds:region:account-id:subgrp:subnet-group-namearn:aws:rds:region:account-id:es:subscription-name
例:
arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1 arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2 arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1 arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7 arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1 arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1 arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3 arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2 arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1 arn:aws:rds:us-east-1:123456789012:es:monitor-events2
AWS リソースグループ
AWS リソースグループで利用可能なリソースは、グループのみです。グループには、一意の Amazon リソースネーム (ARN) が関連付けられています。グループは、アカウント内のリージョンで固有のものです。リソースグループの詳細については、『AWS リソースグループユーザーガイド』を参照してください。
構文:
arn:aws:resource-groups:region:account:group/group-name
例:
arn:aws:resource-groups:us-west-2:123456789012:group/MyExampleGroup
AWS RoboMaker
構文:
arn:aws:robomaker:region:account-id:robot-application/robotApplicationName/createdOnEpoch arn:aws:robomaker:region:account-id:simulation-application/simulationApplicationName/createdOnEpoch arn:aws:robomaker:region:account-id:simulation-job/simulationJobIdarn:aws:robomaker:region:account-id:deployment-job/deploymentJobIdarn:aws:robomaker:region:account-id:robot/robotName/createdOnEpoch arn:aws:robomaker:region:account-id:deployment-fleet/fleetName/createdOnEpoch
例:
arn:aws:robomaker:us-east-1:123456789012:robot-application/helloWorldRobotApplication/1546541198985 arn:aws:robomaker:us-east-1:123456789012:simulation-application/helloWorldSimulationApplication/1546541192487 arn:aws:robomaker:us-east-1:123456789012:simulation-job/sim-g8h6tzlmblg7 arn:aws:robomaker:us-east-1:123456789012:deployment-job/deployment-4t9g6rp25zdb arn:aws:robomaker:us-east-1:123456789012:robot/helloWorldRobot/1546541197111 arn:aws:robomaker:us-east-1:123456789012:deployment-fleet/helloWorldFleet/1546541199833
Amazon Route 53
構文:
arn:aws:route53:::hostedzone/zoneidarn:aws:route53:::change/change-idarn:aws:route53::account-id:domain/domain-namearn:aws:route53resolver:region:account-id:resolver-rule/rule-idarn:aws:route53resolver:region:account-id:resolver-endpoint/endpoint-id
Amazon Route 53 には、ARN のアカウント番号またはリージョンは不要です。
例:
arn:aws:route53:::hostedzone/Z148QEXAMPLE8V arn:aws:route53:::change/C2RDJ5EXAMPLE2 arn:aws:route53:::change/* arn:aws:route53::123456789012:domain/example.com arn:aws:route53resolver:us-west-2:123456789012:resolver-rule/rslvr-rr-5328a0899aexample arn:aws:route53resolver:us-west-2:123456789012:resolver-endpoint/rslvr-in-60b9fd8fdbexample
Amazon Route 53 自動命名は AWS Cloud Map という別のサービスとしてリリースされました。「AWS Cloud Map」を参照してください。
Amazon SageMaker
構文:
arn:aws:sagemaker:region:account-id:notebook-instance:notebookInstanceNamearn:aws:sagemaker:region:account-id:notebook-instance-lifecycle-config:notebookInstanceLifecycleConfigNamearn:aws:sagemaker:region:account-id:training-job:trainingJobNamearn:aws:sagemaker:region:account-id:model:modelNamearn:aws:sagemaker:region:account-id:endpoint:endpointNamearn:aws:sagemaker:region:account-id:endpoint-config:endpointConfigNamearn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job:hyperParameterTuningJobNamearn:aws:sagemaker:region:account-id:transform-job:transformJobName
例:
arn:aws:sagemaker:us-east-1:123456789012:notebook-instance:my-notebookInstance-1 arn:aws:sagemaker:us-east-1:123456789012:notebook-instance-lifecycle-config:my-notebookInstanceLifecycleConfig-1 arn:aws:sagemaker:us-east-1:123456789012:training-job:my-trainingJob-1 arn:aws:sagemaker:us-east-1:123456789012:model:my-mlModel-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint:my-endpoint-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint-config:my-endpointConfig-1 arn:aws:sagemaker:us-east-1:123456789012:hyper-parameter-tuning-job:my-hp-tuningJob-1 arn:aws:sagemaker:us-east-1:123456789012:transform-job:my-transformJob-1
AWS Secrets Manager
構文:
arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code
各シークレットは、オプションのパス、ユーザーが指定したシークレットの分かりやすい名前、ダッシュに続き、AWS で生成された 6 文字のランダムコードで構成されます。
例:
arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq
AWS Serverless Application Repository
構文:
arn:aws:serverlessrepo:region:account-id:applications/application-namearn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version
例:
arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0
Amazon Simple Email Service (Amazon SES)
Amazon SES では、ARN が最もよく使用されるのは、送信承認のセットアップです。詳細については、Amazon Simple Email Service 開発者ガイドの「Amazon SES での送信承認の使用」を参照してください。
構文:
arn:aws:ses:region:account-id:identity/identity
例:
arn:aws:ses:us-east-1:123456789012:identity/example.com arn:aws:ses:us-east-1:123456789012:identity/sender@example.net
Amazon Simple Notification Service (Amazon SNS)
構文:
arn:aws:sns:region:account-id:topicnamearn:aws:sns:region:account-id:topicname:subscriptionid
例:
arn:aws:sns:*:123456789012:my_corporate_topic arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce
Amazon Simple Queue Service (Amazon SQS)
構文:
arn:aws:sqs:region:account-id:queuename
例:
arn:aws:sqs:us-east-1:123456789012:queue1
Amazon Simple Storage Service (Amazon S3)
構文:
arn:aws:s3:::bucket_namearn:aws:s3:::bucket_name/key_name
注記
Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。
例:
arn:aws:s3:::my_corporate_bucket arn:aws:s3:::my_corporate_bucket/exampleobject.png arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*
詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。
Amazon Simple Workflow Service (Amazon SWF)
構文:
arn:aws:swf:region:account-id:/domain/domain_name
例:
arn:aws:swf:us-east-1:123456789012:/domain/department1 arn:aws:swf:*:123456789012:/domain/*
AWS Step Functions
構文:
arn:aws:states:region:account-id:activity:activityNamearn:aws:states:region:account-id:stateMachine:stateMachineNamearn:aws:states:region:account-id:execution:stateMachineName:executionName
例:
arn:aws:states:us-east-1:123456789012:activity:HelloActivity arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution
AWS Storage Gateway
構文:
arn:aws:storagegateway:region:account-id:gateway/gateway-idarn:aws:storagegateway:region:account-id:share/share-idarn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-idarn:aws:storagegateway:region:account-id:tape/tapebarcodearn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItargetarn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice
例:
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572 arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010
注記
各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。
AWS Systems Manager
構文:
arn:aws:ssm:region:account-id:document/document_namearn:aws:ssm:region:account-id:parameter/parameter_namearn:aws:ssm:region:account-id:patchbaseline/baseline_idarn:aws:ssm:region:account-id:maintenancewindow/window_idarn:aws:ssm:region:account-id:automation-execution/execution_idarn:aws:ssm:region:account-id:automation-Activity/activity_namearn:aws:ssm:region:account-id:automation-definition/definitionName:versionarn:aws:ssm:region:account-id:managed-instance/instance_idarn:aws:ssm:region:account-id:managed-instance-inventory/instance_id
例:
arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567 arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567 arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1 arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567 arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661
AWS Transfer for SFTP
構文:
arn:aws:transfer:region:account-id:server/server-idarn:aws:transfer:region:account-id:user/server-id/username
例:
arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef arn:aws:transfer:us-east-1:123456789012:user/s-01234567890abcdef/user1
AWS Trusted Advisor
構文:
arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid
例:
arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP
AWS WAF
構文、WAF Global (CloudFront で使用):
arn:aws:waf::account-id:resource-type/resource-id
構文、WAF Regional (Application Load Balancer で使用):
arn:aws:waf-regional::account-id:resource-type/resource-id
例:
arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4 arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4
ARN のパス
一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ(/)を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。
特定の状況では、パスにワイルドカード文字、すなわちアスタリスク(*)を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。
arn:aws:iam::123456789012:user/Development/product_1234/*
同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。
"Resource":"arn:aws:iam::123456789012:user/*" "Resource":"arn:aws:iam::123456789012:group/*"
ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。
次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。
arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*
IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。
次のような使い方はできません。
arn:aws:iam::123456789012:u* |
AWS サービスの名前空間
IAM ポリシーを作成するとき、または Amazon リソースネーム (ARN) で作業するときには、名前空間を使用して AWS サービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。
次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": [ "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*", "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*", "arn:aws:ec2:us-west-2::image/*", "arn:aws:ec2:us-west-2:123456789012:instance/*", "arn:aws:iam::123456789012:instance-profile/*", "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*", "arn:aws:ec2:us-west-2:123456789012:key-pair/*", "arn:aws:ec2:us-west-2:123456789012:network-acl/*", "arn:aws:ec2:us-west-2:123456789012:network-interface/*", "arn:aws:ec2:us-west-2:123456789012:placement-group/*", "arn:aws:ec2:us-west-2:123456789012:route-table/*", "arn:aws:ec2:us-west-2:123456789012:security-group/*", "arn:aws:ec2:us-west-2::snapshot/*", "arn:aws:ec2:us-west-2:123456789012:subnet/*", "arn:aws:ec2:us-west-2:123456789012:volume/*", "arn:aws:ec2:us-west-2:123456789012:vpc/*", "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example_bucket/marketing/*" }, { "Effect": "Allow", "Action": "s3:ListBucket*", "Resource": "arn:aws:s3:::example_bucket", "Condition": {"StringLike": {"s3:prefix": "marketing/*"}} } ] }
次の表は、各 AWS サービスの名前空間の一覧です。
| サービス | 名前空間 |
|---|---|
| Alexa for Business | a4b |
| API Gateway | apigateway |
| アプリケーションの Auto Scaling | application-autoscaling |
| AWS Application Discovery Service | discovery |
| Amazon AppStream | appstream |
| AWS AppSync | appsync |
| AWS Artifact | artifact |
| Amazon Athena | athena |
| Auto Scaling Plans | autoscaling-plans |
| AWS Batch | batch |
| AWS Billing and Cost Management | aws-portal |
| AWS 予算 | budgets |
| AWS Certificate Manager (ACM) | acm |
| AWS Certificate Manager Private Certificate Authority | acm-pca |
| Amazon Chime | chime |
| AWS Cloud9 | cloud9 |
| Amazon Cloud Directory | clouddirectory |
| AWS CloudFormation | cloudformation |
| Amazon CloudFront | cloudfront |
| AWS CloudHSM | cloudhsm |
| AWS Cloud Map | servicediscovery |
| Amazon CloudSearch | cloudsearch |
| AWS CloudTrail | cloudtrail |
| Amazon CloudWatch | cloudwatch |
| Amazon CloudWatch Events | events |
| Amazon CloudWatch Logs | logs |
| CodeBuild | codebuild |
| AWS CodeCommit | codecommit |
| AWS CodeDeploy | codedeploy |
| AWS CodePipeline | codepipeline |
| AWS Code Signing for Amazon FreeRTOS | signer |
| AWS CodeStar | codestar |
| Amazon Cognito ユーザープール | cognito-idp |
| Amazon Cognito フェデレーテッドアイデンティティ | cognito-identity |
| Amazon Cognito Sync | cognito-sync |
| Amazon Comprehend | comprehend |
| AWS Config | config |
| Amazon Connect | connect |
| AWS のコストと使用状況レポート | cur |
| AWS Cost Explorer サービス | ce |
| AWS Data Pipeline | datapipeline |
| AWS Database Migration Service (AWS DMS) | dms |
| AWS Device Farm | devicefarm |
| AWS Direct Connect | directconnect |
| AWS Directory Service | ds |
| Amazon DynamoDB | dynamodb |
| Amazon DynamoDB Accelerator (DAX) | dax |
| Amazon EC2 Auto Scaling | autoscaling |
| Amazon Elastic Compute Cloud (Amazon EC2) | ec2 |
| Amazon Elastic Container Registry (Amazon ECR) | ecr |
| Amazon Elastic Container Service (Amazon ECS) | ecs |
| Amazon Elastic Container Service for Kubernetes (Amazon EKS) | eks |
| AWS Elastic Beanstalk | elasticbeanstalk |
| Amazon Elastic File System (Amazon EFS) | elasticfilesystem |
| Elastic Load Balancing | elasticloadbalancing |
| Amazon EMR | elasticmapreduce |
| Amazon Elastic Transcoder | elastictranscoder |
| Amazon ElastiCache | elasticache |
| Amazon Elasticsearch Service (Amazon ES) | es |
| AWS Firewall Manager | fms |
| Amazon FreeRTOS | freertos |
| Amazon GameLift | gamelift |
| Amazon S3 Glacier | glacier |
| AWS Global Accelerator | globalaccelerator |
| AWS Glue | glue |
| AWS IoT Greengrass | greengrass |
| Amazon GuardDuty | guardduty |
| AWS Health / Personal Health Dashboard | health |
| AWS Identity and Access Management (IAM) | iam |
| AWS Import/Export | importexport |
| Amazon Inspector | inspector |
| AWS IoT | iot |
| AWS IoT Analytics | iotanalytics |
| AWS IoT 1-Click | iot1click |
| AWS Key Management Service (AWS KMS) | kms |
| Amazon Kinesis Data Analytics | kinesisanalytics |
| Amazon Kinesis Data Firehose | firehose |
| Amazon Kinesis Data Streams | kinesis |
| Amazon Kinesis ビデオストリーム | kinesisvideo |
| AWS Lambda | lambda |
| Amazon Lex | lex |
| Amazon Lightsail | lightsail |
| Amazon Macie | macie |
| Amazon Machine Learning | machinelearning |
| AWS Marketplace | aws-marketplace |
| AWS Marketplace Management Portal | aws-marketplace-management |
| Amazon Mechanical Turk | mechanicalturk |
| Amazon Mechanical Turk Crowd | crowd |
| AWS Elemental MediaConnect | mediaconnect |
| AWS Elemental MediaConvert | mediaconvert |
| AWS Elemental MediaLive | medialive |
| AWS Elemental MediaPackage | mediapackage |
| AWS Elemental MediaStore | mediastore |
| AWS Elemental MediaTailor | mediatailor |
| Amazon Message Delivery Service | ec2message |
| AWS Migration Hub | mgh |
| Amazon Mobile Analytics | mobileanalytics |
| AWS Mobile Hub | mobilehub |
| Amazon MQ | mq |
| AWS OpsWorks | opsworks |
| AWS OpsWorks for Chef Automate または AWS OpsWorks for Puppet Enterprise | opsworks-cm |
| AWS Organizations | organizations |
| Amazon Personalize | personalize |
| Amazon Pinpoint | mobiletargeting |
| Amazon Polly | polly |
| AWS 料金表 | pricing |
| Amazon QuickSight | quicksight |
| Amazon Redshift | redshift |
| Amazon Rekognition | rekognition |
| Amazon Relational Database Service (Amazon RDS) | rds |
| AWS リソースグループ | resource-groups |
| Amazon リソースグループのタグ付け API | tag |
| Amazon Route 53 | route53 |
| Amazon Route 53 Domains | route53domains |
| Amazon Route 53 リゾルバー | route53resolver |
| Amazon SageMaker | sagemaker |
| AWS Secrets Manager | secretsmanager |
| AWS Security Token Service (AWS STS) | sts |
| AWS Serverless Application Repository | serverlessrepo |
| AWS Service Catalog | servicecatalog |
| AWS Shield | shield |
| AWS Shield アドバンスド | shield |
| AWS SFTP | transfer |
| Amazon Simple Email Service (Amazon SES) | ses |
| Amazon Simple Notification Service (Amazon SNS) | sns |
| Amazon Simple Queue Service (Amazon SQS) | sqs |
| Amazon Simple Storage Service (Amazon S3) | s3 |
| Amazon Simple Workflow Service (Amazon SWF) | swf |
| Amazon SimpleDB | sdb |
| AWS シングルサインオン | sso |
| AWS Snowball | snowball |
| AWS Step Functions | states |
| AWS Storage Gateway | storagegateway |
| Amazon Sumerian | sumerian |
| AWS サポート | support |
| AWS Systems Manager | ssm |
| Amazon Textract | textract |
| Amazon Transcribe | transcribe |
| Amazon Translate | translate |
| AWS Trusted Advisor | trustedadvisor |
| Amazon Virtual Private Cloud (Amazon VPC) | ec2 |
| AWS WAF | waf |
| AWS WAF リージョン別 | waf-regional |
| Amazon WorkDocs | workdocs |
| Amazon WorkMail | workmail |
| Amazon WorkSpaces | workspaces |
| Amazon WorkSpaces Application Manager | wam |
| AWS X-Ray | xray |
