アマゾン ウェブ サービス
全般的なリファレンス (Version 1.0)

Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API コールなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。

ARN 形式

次に ARN の例を示します。

<!-- Elastic Beanstalk application version --> arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment <!-- IAM user name --> arn:aws:iam::123456789012:user/David <!-- Amazon RDS instance used for tagging --> arn:aws:rds:eu-west-1:123456789012:db:mysql-db <!-- Object in an Amazon S3 bucket --> arn:aws:s3:::my_corporate_bucket/exampleobject.png

次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。

arn:partition:service:region:account-id:resource arn:partition:service:region:account-id:resourcetype/resource arn:partition:service:region:account-id:resourcetype/resource/qualifier arn:partition:service:region:account-id:resourcetype/resource:qualifier arn:partition:service:region:account-id:resourcetype:resource arn:partition:service:region:account-id:resourcetype:resource:qualifier
パーティション

リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは aws です。他のパーティションにリソースがある場合、パーティションは aws-partitionname です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、aws-cn です。

service

AWS 製品(例: Amazon S3、IAM、Amazon RDS)を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。

リージョン

リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。

アカウント

リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012 と指定します。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。

resourceresourcetype:resource、または resourcetype/resource

ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。

ARN の例

次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。

一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。

Alexa for Business

構文:

arn:aws:a4b:region:accountid:resourcetype/resource

例:

arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158

Amazon API Gateway

構文:

arn:aws:apigateway:region::resource-path arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path

例:

arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*

AWS AppSync

構文:

arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-name arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-name arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name

例:

arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription

AWS Artifact

構文:

arn:aws:artifact:::report-package/document-type/report-type

例:

arn:aws:artifact:::report-package/Certifications and Attestations/SOC/* arn:aws:artifact:::report-package/Certifications and Attestations/ISO/* arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Amazon EC2 Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyName/policyfriendlyname arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

アプリケーションの Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:resource/service-namespace/resource-id:policyName/policyfriendlyname arn:aws:autoscaling:region:account-id:scheduledAction:action-id:resource/service-namespace/resource-id:scheduledActionName/actionfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:resource/ec2/spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE:policyName/cpu40 arn:aws:autoscaling:us-east-1:123456789012:scheduledAction:38c84579-0f51-4adc-879b-a2cc4EXAMPLE:resource/ec2/spot-fleet-request/sfr-09d694de-4d82-4b48-a4f4-2f38fEXAMPLE:scheduledActionName/my-action

AWS Batch

構文:

arn:aws:batch:region:account-id:compute-environment/name arn:aws:batch:region:account-id:job-definition/job-name:revision arn:aws:batch:region:account-id:job-queue/queue-name

例:

arn:aws:batch:us-east-1:123456789012:compute-environment/my-environment arn:aws:batch:us-east-1:123456789012:job-definition/my-job-definition:1 arn:aws:batch:us-east-1:123456789012:job-queue/my-queue

AWS Certificate Manager

構文:

arn:aws:acm:region:account-id:certificate/certificate-id

例:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

AWS Certificate Manager Private Certificate Authority

構文 (プライベート認証機関):

arn:aws:acm-pca:region:account-id:certificate-authority/ca-id

例:

arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012

構文 (プライベート証明書):

arn:aws:acm-pca:region:account-id:certificate-authority/ca-id/certificate/certificate-id

例:

arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8

AWS Cloud9

構文:

arn:aws:cloud9:region:account-id:environment:environment-id

例:

arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX

Amazon Cloud Directory

構文:

arn:aws:clouddirectory:region:account-id:directory/directoryID

例:

arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

AWS CloudFormation

構文:

arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

例:

arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudFront

構文:

arn:aws:cloudfront::account-id:*

例:

arn:aws:cloudfront::123456789012:*

Amazon CloudSearch

構文:

arn:aws:cloudsearch:region:account-id:domain/domainname

例:

arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

構文:

arn:aws:cloudtrail:region:account-id:trail/trailname

例:

arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch

構文:

arn:aws:cloudwatch:region:account-id:alarm:alarm-name
arn:aws:cloudwatch::account-id:dashboard/dashboard-name

例:

arn:aws:cloudwatch:us-east-1:123456789012:alarm:* arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName

Amazon CloudWatch Events

構文:

arn:aws:events:region:*:*

例:

arn:aws:events:us-east-1:*:* arn:aws:events:us-east-1:123456789012:* arn:aws:events:us-east-1:123456789012:rule/my-rule

Amazon CloudWatch Logs

構文:

arn:aws:logs:region:*:*

例:

arn:aws:logs:us-east-1:*:* arn:aws:logs:us-east-1:123456789012:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*

AWS CodeBuild

構文:

arn:aws:codebuild:region:account-id:resourcetype/resource

例:

arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

構文:

arn:aws:codecommit:region:account-id:resource-specifier

例:

arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

構文:

arn:aws:codedeploy:region:account-id:resource-type:resource-specifier arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

例:

arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

Amazon Cognito ユーザープール

構文:

arn:aws:cognito-idp:region:account-id:userpool/user-pool-id

例:

arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito フェデレーテッドアイデンティティ

構文:

arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id

例:

arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito Sync

構文:

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name

例:

arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

AWS Config

構文:

arn:aws:config:region:account-id:config-rule/config-rule-id

例:

arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan

AWS CodePipeline

構文:

arn:aws:codepipeline:region:account-id:resource-specifier

例:

arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS CodeStar

構文:

arn:aws:codestar:region:account-id:resource-specifier

例:

arn:aws:codestar:us-east-1:123456789012:my-first-project

AWS Direct Connect

構文:

arn:aws:directconnect:region:account-id:dxcon/connection-id arn:aws:directconnect:region:account-id:dxlag/lag-id arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id

例:

arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048 arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x

AWS Directory Service

構文:

arn:aws:ds:region:account-id:directory/directoryId

例:

arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

Amazon DynamoDB

構文:

arn:aws:dynamodb:region:account-id:table/tablename arn:aws:dynamodb:region:account-id:table/tablename/stream/label

例:

arn:aws:dynamodb:us-east-1:123456789012:table/books_table arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291

AWS Elastic Beanstalk

構文:

arn:aws:elasticbeanstalk:region:account-id:application/applicationname arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

例:

arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7 arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic Compute Cloud (Amazon EC2)

構文:

arn:aws:ec2:region:account-id:customer-gateway/cgw-id arn:aws:ec2:region:account-id:dedicated-host/host_id arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id arn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-id arn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-id arn:aws:ec2:region::image/image-id arn:aws:ec2:region:account-id:instance/instance-id arn:aws:iam::account:instance-profile/instance-profile-name arn:aws:ec2:region:account-id:internet-gateway/igw-id arn:aws:ec2:region:account-id:key-pair/key-pair-name arn:aws:ec2:region:account-id:launch-template/launch-template-id arn:aws:ec2:region:account-id:natgateway/natgateway-id arn:aws:ec2:region:account-id:network-acl/nacl-id arn:aws:ec2:region:account-id:network-interface/eni-id arn:aws:ec2:region:account-id:placement-group/placement-group-name arn:aws:ec2:region:account-id:reserved-instances/reservation-id arn:aws:ec2:region:account-id:route-table/route-table-id arn:aws:ec2:region:account-id:security-group/security-group-id arn:aws:ec2:region::snapshot/snapshot-id arn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-id arn:aws:ec2:region:account-id:subnet/subnet-id arn:aws:ec2:region:account-id:volume/volume-id arn:aws:ec2:region:account-id:vpc/vpc-id arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id arn:aws:ec2:region:account-id:vpn-connection/vpn-id arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

例:

arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678 arn:aws:ec2:us-east-1::image/ami-1a2b3c4d arn:aws:ec2:us-east-1:123456789012:instance/* arn:aws:ec2:us-east-1:123456789012:volume/* arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

Amazon Elastic Container Registry (Amazon ECR)

構文:

arn:aws:ecr:region:account-id:repository/repository-name

例:

arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon Elastic Container Service (Amazon ECS)

構文:

arn:aws:ecs:region:account-id:cluster/cluster-name arn:aws:ecs:region:account-id:container-instance/cluster-name/container-instance-id arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number arn:aws:ecs:region:account-id:service/cluster-name/service-name arn:aws:ecs:region:account-id:task/cluster-name/task-id arn:aws:ecs:region:account-id:container/container-id

例:

arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster arn:aws:ecs:us-east-1:123456789012:container-instance/my-cluster/403125b0-555c-4473-86b5-65982db28a6d arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8 arn:aws:ecs:us-east-1:123456789012:service/my-cluster/sample-webapp arn:aws:ecs:us-east-1:123456789012:task/my-cluster/1abf0f6d-a411-4033-b8eb-a4eed3ad252a arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic Container Service for Kubernetes (Amazon EKS)

構文:

arn:aws:eks:region:account-id:cluster/cluster-name

例:

arn:aws:eks:us-east-1:123456789012:cluster/my-cluster

Amazon Elastic File System

構文:

arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

例:

arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs12345678

Elastic Load Balancing (Application Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (ネットワークロードバランサー)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id arn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-id arn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-id arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

構文:

arn:aws:elastictranscoder:region:account-id:resource/id

例:

arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

構文:

arn:aws:elasticache:region:account-id:resourcetype:resourcename

例:

arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

構文:

arn:aws:es:region:account-id:domain/domain-name

例:

arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon S3 Glacier

構文:

arn:aws:glacier:region:account-id:vaults/vaultname

例:

arn:aws:glacier:us-east-1:123456789012:vaults/examplevault arn:aws:glacier:us-east-1:123456789012:vaults/example* arn:aws:glacier:us-east-1:123456789012:vaults/*

Amazon GuardDuty

構文:

arn:aws:guardduty:region:account-id:detector/detector-id
arn:aws:guardduty:region:account-id:ipset/ipset-id
arn:aws:guardduty:region:account-id:threatintelset/threatintelset-id

例:

arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0
arn:aws:guardduty:us-east-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90
arn:aws:guardduty:us-east-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234

AWS Health / Personal Health Dashboard

構文:

arn:aws:health:region::event/event-id arn:aws:health:region:account-id:entity/entity-id

例:

arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management (IAM)

構文:

arn:aws:iam::account-id:root arn:aws:iam::account-id:user/user-name arn:aws:iam::account-id:group/group-name arn:aws:iam::account-id:role/role-name arn:aws:iam::account-id:policy/policy-name arn:aws:iam::account-id:instance-profile/instance-profile-name arn:aws:sts::account-id:federated-user/user-name arn:aws:sts::account-id:assumed-role/role-name/role-session-name arn:aws:iam::account-id:mfa/virtual-device-name arn:aws:iam::account-id:server-certificate/certificate-name arn:aws:iam::account-id:saml-provider/provider-name arn:aws:iam::account-id:oidc-provider/provider-name

例:

arn:aws:iam::123456789012:root arn:aws:iam::123456789012:user/Bob arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob arn:aws:iam::123456789012:group/Developers arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws:iam::123456789012:role/S3Access arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access arn:aws:iam::123456789012:policy/UsersManageOwnCredentials arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials arn:aws:iam::123456789012:instance-profile/Webserver arn:aws:sts::123456789012:federated-user/Bob arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary arn:aws:iam::123456789012:mfa/BobJonesMFA arn:aws:iam::123456789012:server-certificate/ProdServerCert arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert arn:aws:iam::123456789012:saml-provider/ADFSProvider arn:aws:iam::123456789012:oidc-provider/GoogleProvider

IAM ARN の詳細については、IAM ユーザーガイド の「IAM ARNs」を参照してください。

AWS IoT

構文:

arn:aws:iot:your-region:account-id:cert/cert-ID arn:aws:iot:your-region:account-id:policy/policy-name arn:aws:iot:your-region:account-id:rule/rule-name arn:aws:iot:your-region:account-id:client/client-id/rule-name

例:

arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7 arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy arn:aws:iot:your-region:123456789012:rule/MyIoTRule arn:aws:iot:your-region:123456789012:client/client101

AWS Key Management Service (AWS KMS)

構文:

arn:aws:kms:region:account-id:key/key-id arn:aws:kms:region:account-id:alias/alias

例:

arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Data Firehose (Kinesis Data Firehose)

構文:

arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

例:

arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Data Streams (Kinesis Data Streams)

構文:

arn:aws:kinesis:region:account-id:stream/stream-name arn:aws:kinesis:region:account-id:stream/stream-name/consumer/consumer-name:consumer-creation-timestamp

例:

arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name/consumer/example-consumer-name:1525898737

Amazon Kinesis Data Analytics (Kinesis Data Analytics)

構文:

arn:aws:kinesisanalytics:region:account-id:application/application-name

例:

arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name

Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)

構文:

arn:aws:kinesisvideo:region:account-id:application/stream-name/code

例:

arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012

AWS Lambda (Lambda)

構文:

arn:aws:lambda:region:account-id:function:function-name arn:aws:lambda:region:account-id:function:function-name:alias-name arn:aws:lambda:region:account-id:function:function-name:version arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

例:

arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0 arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Macie

構文:

arn:aws:macie:region:account-id:trigger/triggerID arn:aws:macie:region:account-id:trigger/triggerID/alert/alertID

例:

arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975 arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585 arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585

Amazon Machine Learning (Amazon ML)

構文:

arn:aws:machinelearning:region:account-id:datasource/datasourceID arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID arn:aws:machinelearning:region:account-id:evaluation/evaluationID

例:

arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1 arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

MediaConvert

構文:

arn:aws:mediaconvert:region:account-id:jobs/jobID arn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateID arn:aws:mediaconvert:region:account-id:presets/presetID arn:aws:mediaconvert:region:account-id:queues/queueID

例:

arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123 arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678 arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p arn:aws:mediaconvert:us-east-1:111111111111:queues/default

MediaLive

構文:

arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupID arn:aws:medialive:region:account-id:input:inputID arn:aws:medialive:region:account-id:channel:channelID

例:

arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567 arn:aws:medialive:us-east-1:111111111111:input:2345678 arn:aws:medialive:us-east-1:111111111111:channel:3456789

MediaPackage

構文:

arn:aws:mediapackage:region:account-id:channels/channelID arn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID

例:

arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n

MediaStore

構文:

arn:aws:mediastore:region:account-id:resourceType/resourceID

例:

arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts

MediaTailor

構文:

arn:aws:mediatailor:region:account-id:configurations/configurationID

例:

arn:aws:mediatailor:us-east-1:111111111111:configurations/2c3456de789012f34ghijk5m678n901o

AWS Mobile Hub

構文:

arn:aws:mobilehub:region:account-id:project/projectID

例:

arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc

Amazon MQ

構文:

arn:aws:mq:region:account-id:broker:broker-name:broker-id arn:aws:mq:region:account-id:configuration:configuration-name:configuration-id

例:

arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9

AWS Organizations

構文:

arn:aws:organizations::master-account-id:organization/o-organization-id arn:aws:organizations::master-account-id:root/o-organization-id/r-root-id arn:aws:organizations::master-account-id:account/o-organization-id/account-id arn:aws:organizations::master-account-id:ou/o-organization-id/ou-organizational-unit-id arn:aws:organizations::master-account-id:policy/o-organization-id/policy-type/p-policy-id arn:aws:organizations::master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id

例:

arn:aws:organizations::123456789012:organization/o-a1b2c3d4e5example arn:aws:organizations::123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example arn:aws:organizations::123456789012:account/o-a1b2c3d4e5/123456789012 arn:aws:organizations::123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example arn:aws:organizations::123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example arn:aws:organizations::123456789012:handshake/o-a1b2c3d4e5/invite/h-u2v4w5x8y0example

Amazon Pinpoint

構文:

arn:aws:mobiletargeting:us-east-1:account-id:apps/appId arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignId arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId

例:

arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7 arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf

Amazon Polly

構文:

arn:aws:polly:region:account-id:lexicon/LexiconName

例:

arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

構文:

arn:aws:redshift:region:account-id:cluster:cluster-name arn:aws:redshift:region:account-id:dbname:cluster-name/database-name arn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-name arn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-name arn:aws:redshift:region:account-id:parametergroup:parameter-group-name arn:aws:redshift:region:account-id:securitygroup:security-group-name arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name

例:

arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807 arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10

Amazon Relational Database Service (Amazon RDS)

ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon RDS ユーザーガイド』の「Tagging a DB Instance」を参照してください。

構文:

arn:aws:rds:region:account-id:db:db-instance-name arn:aws:rds:region:account-id:snapshot:snapshot-name arn:aws:rds:region:account-id:cluster:db-cluster-name arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name arn:aws:rds:region:account-id:og:option-group-name arn:aws:rds:region:account-id:pg:parameter-group-name arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name arn:aws:rds:region:account-id:secgrp:security-group-name arn:aws:rds:region:account-id:subgrp:subnet-group-name arn:aws:rds:region:account-id:es:subscription-name

例:

arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1 arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2 arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1 arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7 arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1 arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1 arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3 arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2 arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1 arn:aws:rds:us-east-1:123456789012:es:monitor-events2

AWS リソースグループ

AWS リソースグループで利用可能なリソースは、グループのみです。グループには、一意の Amazon リソースネーム (ARN) が関連付けられています。グループは、アカウント内のリージョンで固有のものです。リソースグループの詳細については、『AWS リソースグループユーザーガイド』を参照してください。

構文:

arn:aws:resource-groups:region:account:group/group-name

例:

arn:aws:resource-groups:us-west-2:123456789012:group/MyExampleGroup

Amazon Route 53

構文:

arn:aws:route53:::hostedzone/zoneid arn:aws:route53:::change/change-id arn:aws:route53::account-id:domain/domain-name arn:aws:route53resolver:region:account-id:resolver-rule/rule-id, arn:aws:route53resolver:region:account-id:resolver-endpoint/endpoint-id, arn:aws:servicediscovery:region:account-id:namespace/namespace-id arn:aws:servicediscovery:region:account-id:service/service-id

Amazon Route 53 には、ARN のアカウント番号またはリージョンは不要です。

例:

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V arn:aws:route53:::change/C2RDJ5EXAMPLE2 arn:aws:route53:::change/* arn:aws:route53::123456789012:domain/example.com arn:aws:route53resolver:us-west-2:123456789012:resolver-rule/rslvr-rr-5328a0899aexample arn:aws:route53resolver:us-west-2:123456789012:resolver-endpoint/rslvr-in-60b9fd8fdbexample

Amazon SageMaker

構文:

arn:aws:sagemaker:region:account-id:notebook-instance:notebookInstanceName arn:aws:sagemaker:region:account-id:notebook-instance-lifecycle-config:notebookInstanceLifecycleConfigName arn:aws:sagemaker:region:account-id:training-job:trainingJobName arn:aws:sagemaker:region:account-id:model:modelName arn:aws:sagemaker:region:account-id:endpoint:endpointName arn:aws:sagemaker:region:account-id:endpoint-config:endpointConfigName arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job:hyperParameterTuningJobName arn:aws:sagemaker:region:account-id:transform-job:transformJobName

例:

arn:aws:sagemaker:us-east-1:123456789012:notebook-instance:my-notebookInstance-1 arn:aws:sagemaker:us-east-1:123456789012:notebook-instance-lifecycle-config:my-notebookInstanceLifecycleConfig-1 arn:aws:sagemaker:us-east-1:123456789012:training-job:my-trainingJob-1 arn:aws:sagemaker:us-east-1:123456789012:model:my-mlModel-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint:my-endpoint-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint-config:my-endpointConfig-1 arn:aws:sagemaker:us-east-1:123456789012:hyper-parameter-tuning-job:my-hp-tuningJob-1 arn:aws:sagemaker:us-east-1:123456789012:transform-job:my-transformJob-1

AWS Secrets Manager

構文:

arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code

各シークレットは、オプションのパス、ユーザーが指定したシークレットの分かりやすい名前、ダッシュに続き、AWS で生成された 6 文字のランダムコードで構成されます。

例:

arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq

AWS Serverless Application Repository

構文:

arn:aws:serverlessrepo:region:account-id:applications/application-name arn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version

例:

arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0

Amazon Simple Email Service (Amazon SES)

Amazon SES では、ARN が最もよく使用されるのは、送信承認のセットアップです。詳細については、Amazon Simple Email Service 開発者ガイドの「Amazon SES での送信承認の使用」を参照してください。

構文:

arn:aws:ses:region:account-id:identity/identity

例:

arn:aws:ses:us-east-1:123456789012:identity/example.com arn:aws:ses:us-east-1:123456789012:identity/sender@example.net

Amazon Simple Notification Service (Amazon SNS)

構文:

arn:aws:sns:region:account-id:topicname arn:aws:sns:region:account-id:topicname:subscriptionid

例:

arn:aws:sns:*:123456789012:my_corporate_topic arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service (Amazon SQS)

構文:

arn:aws:sqs:region:account-id:queuename

例:

arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service (Amazon S3)

構文:

arn:aws:s3:::bucket_name arn:aws:s3:::bucket_name/key_name

注記

Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。

例:

arn:aws:s3:::my_corporate_bucket arn:aws:s3:::my_corporate_bucket/exampleobject.png arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。

Amazon Simple Workflow Service (Amazon SWF)

構文:

arn:aws:swf:region:account-id:/domain/domain_name

例:

arn:aws:swf:us-east-1:123456789012:/domain/department1 arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

構文:

arn:aws:states:region:account-id:activity:activityName arn:aws:states:region:account-id:stateMachine:stateMachineName arn:aws:states:region:account-id:execution:stateMachineName:executionName

例:

arn:aws:states:us-east-1:123456789012:activity:HelloActivity arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

構文:

arn:aws:storagegateway:region:account-id:gateway/gateway-id arn:aws:storagegateway:region:account-id:share/share-id arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:region:account-id:tape/tapebarcode arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

例:

arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572 arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

注記

各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。

AWS Systems Manager

構文:

arn:aws:ssm:region:account-id:document/document_name arn:aws:ssm:region:account-id:parameter/parameter_name arn:aws:ssm:region:account-id:patchbaseline/baseline_id arn:aws:ssm:region:account-id:maintenancewindow/window_id arn:aws:ssm:region:account-id:automation-execution/execution_id arn:aws:ssm:region:account-id:automation-Activity/activity_name arn:aws:ssm:region:account-id:automation-definition/definitionName:version arn:aws:ssm:region:account-id:managed-instance/instance_id arn:aws:ssm:region:account-id:managed-instance-inventory/instance_id

例:

arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567 arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567 arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1 arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567 arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661

AWS Trusted Advisor

構文:

arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

例:

arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

構文、WAF Global (CloudFront で使用):

arn:aws:waf::account-id:resource-type/resource-id

構文、WAF Regional (Application Load Balancer で使用):

arn:aws:waf-regional::account-id:resource-type/resource-id

例:

arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4 arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4

ARN のパス

一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ(/)を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。

特定の状況では、パスにワイルドカード文字、すなわちアスタリスク(*)を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。

arn:aws:iam::123456789012:user/Development/product_1234/*

同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。

"Resource":"arn:aws:iam::123456789012:user/*" "Resource":"arn:aws:iam::123456789012:group/*"

ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。

次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。

arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。

次のような使い方はできません。

arn:aws:iam::123456789012:u*

AWS サービスの名前空間

IAM ポリシーを作成するとき、または Amazon リソースネーム (ARN) で作業するときには、名前空間を使用して AWS サービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。

次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": [ "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*", "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*", "arn:aws:ec2:us-west-2::image/*", "arn:aws:ec2:us-west-2:123456789012:instance/*", "arn:aws:iam::123456789012:instance-profile/*", "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*", "arn:aws:ec2:us-west-2:123456789012:key-pair/*", "arn:aws:ec2:us-west-2:123456789012:network-acl/*", "arn:aws:ec2:us-west-2:123456789012:network-interface/*", "arn:aws:ec2:us-west-2:123456789012:placement-group/*", "arn:aws:ec2:us-west-2:123456789012:route-table/*", "arn:aws:ec2:us-west-2:123456789012:security-group/*", "arn:aws:ec2:us-west-2::snapshot/*", "arn:aws:ec2:us-west-2:123456789012:subnet/*", "arn:aws:ec2:us-west-2:123456789012:volume/*", "arn:aws:ec2:us-west-2:123456789012:vpc/*", "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example_bucket/marketing/*" }, { "Effect": "Allow", "Action": "s3:ListBucket*", "Resource": "arn:aws:s3:::example_bucket", "Condition": {"StringLike": {"s3:prefix": "marketing/*"}} } ] }

次の表は、各 AWS サービスの名前空間の一覧です。

サービス 名前空間
Alexa for Business a4b
API Gateway apigateway
AWS Application Discovery Service discovery
Amazon AppStream appstream
AWS AppSync appsync
AWS Artifact artifact
Amazon Athena athena
Amazon EC2 Auto Scaling autoscaling
AWS Batch batch
AWS Billing and Cost Management aws-portal
AWS Budgets budgets
AWS Certificate Manager (ACM) acm
Amazon Chime chime
AWS Cloud9 cloud9
Amazon Cloud Directory clouddirectory
AWS CloudFormation cloudformation
Amazon CloudFront cloudfront
AWS CloudHSM cloudhsm
Amazon CloudSearch cloudsearch
AWS CloudTrail cloudtrail
Amazon CloudWatch cloudwatch
Amazon CloudWatch Events events
Amazon CloudWatch Logs logs
AWS CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS CodeStar codestar
Amazon Cognito ユーザープール cognito-idp
Amazon Cognito フェデレーテッドアイデンティティ cognito-identity
Amazon Cognito Sync cognito-sync
Amazon Comprehend comprehend
AWS Config config
Amazon Connect connect
AWS Data Pipeline datapipeline
AWS Database Migration Service (AWS DMS) dms
AWS Device Farm devicefarm
AWS Direct Connect directconnect
AWS Directory Service ds
Amazon DynamoDB dynamodb
Amazon Elastic Compute Cloud (Amazon EC2) ec2
Amazon Elastic Container Registry (Amazon ECR) ecr
Amazon Elastic Container Service (Amazon ECS) ecs
Amazon Elastic Container Service for Kubernetes (Amazon EKS) eks
AWS Elastic Beanstalk elasticbeanstalk
Amazon Elastic File System (Amazon EFS) elasticfilesystem
Elastic Load Balancing elasticloadbalancing
Amazon EMR elasticmapreduce
Amazon Elastic Transcoder elastictranscoder
Amazon ElastiCache elasticache
Amazon Elasticsearch Service (Amazon ES) es
AWS Firewall Manager fms
Amazon FreeRTOS freertos
Amazon GameLift gamelift
Amazon S3 Glacier glacier
AWS Glue glue
AWS IoT Greengrass greengrass
Amazon GuardDuty guardduty
AWS Health / Personal Health Dashboard health
AWS Identity and Access Management (IAM) iam
AWS Import/Export importexport
Amazon Inspector inspector
AWS IoT iot
AWS Key Management Service (AWS KMS) kms
Amazon Kinesis Data Analytics kinesisanalytics
Amazon Kinesis Data Firehose firehose
Amazon Kinesis Data Streams kinesis
Amazon Kinesis ビデオストリーム kinesisvideo
AWS Lambda lambda
Amazon Lex lex
Amazon Lightsail lightsail
Amazon Macie macie
Amazon Machine Learning machinelearning
AWS Marketplace aws-marketplace
AWS Marketplace Management Portal aws-marketplace-management
AWS Elemental MediaConvert mediaconvert
AWS Elemental MediaLive medialive
AWS Elemental MediaPackage mediapackage
AWS Elemental MediaStore mediastore
AWS Elemental MediaTailor mediatailor
AWS Migration Hub mgh
Amazon Mobile Analytics mobileanalytics
AWS Mobile Hub mobilehub
Amazon MQ mq
AWS OpsWorks opsworks
AWS OpsWorks for Chef Automate opsworks-cm
AWS Organizations organizations
Amazon Pinpoint mobiletargeting
Amazon Polly polly
Amazon QuickSight quicksight
Amazon Redshift redshift
Amazon Rekognition rekognition
Amazon Relational Database Service (Amazon RDS) rds
AWS リソースグループ resource-groups
Amazon Route 53 route53
Amazon Route 53 Auto Naming servicediscovery
Amazon Route 53 Domains route53domains
Amazon Route 53 リゾルバー route53resolver
Amazon SageMaker sagemaker
AWS Secrets Manager secretsmanager
AWS Security Token Service (AWS STS) sts
AWS Serverless Application Repository serverlessrepo
AWS Service Catalog servicecatalog
AWS Shield shield
AWS Shield アドバンスド DDoSProtection
Amazon Simple Email Service (Amazon SES) ses
Amazon Simple Notification Service (Amazon SNS) sns
Amazon Simple Queue Service (Amazon SQS) sqs
Amazon Simple Storage Service (Amazon S3) s3
Amazon Simple Workflow Service (Amazon SWF) swf
Amazon SimpleDB sdb
AWS Step Functions states
AWS Storage Gateway storagegateway
Amazon Sumerian sumerian
AWS サポート support
AWS Systems Manager ssm
Amazon Transcribe transcribe
Amazon Translate translate
AWS Trusted Advisor trustedadvisor
Amazon Virtual Private Cloud (Amazon VPC) ec2
AWS WAF waf
Amazon WorkDocs workdocs
Amazon WorkMail workmail
Amazon WorkSpaces workspaces
AWS X-Ray xray