メニュー
アマゾン ウェブ サービス
全般的なリファレンス (Version 1.0)

Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API 呼び出しなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。

ARN 形式

次に ARN の例を示します。

<!-- Elastic Beanstalk application version -->
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment

<!-- IAM user name -->
arn:aws:iam::123456789012:user/David

<!-- Amazon RDS instance used for tagging -->
arn:aws:rds:eu-west-1:123456789012:db:mysql-db

<!-- Object in an Amazon S3 bucket -->
arn:aws:s3:::my_corporate_bucket/exampleobject.png

次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。

arn:partition:service:region:account-id:resource
arn:partition:service:region:account-id:resourcetype/resource
arn:partition:service:region:account-id:resourcetype:resource
パーティション

リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは aws です。他のパーティションにリソースがある場合、パーティションは aws-partitionname です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、aws-cn です。

service

AWS 製品 (例: Amazon S3、IAM、Amazon RDS) を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。

リージョン

リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。

アカウント

リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。

resourceresourcetype:resource、または resourcetype/resource

ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。

ARN の例

次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。

一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。

Amazon API Gateway

構文:

arn:aws:apigateway:region::resource-path
arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path

例:

arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/*
arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/*
arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets
arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*

AWS Artifact

構文:

arn:aws:artifact:::report-package/document-type/report-type

例:

arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*
arn:aws:artifact:::report-package/Certifications and Attestations/ISO/*
arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyname/policyfriendlyname
arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

AWS Certificate Manager

構文:

arn:aws:acm:region:account-id:certificate/certificate-id

例:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

AWS CloudFormation

構文:

arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

例:

arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudSearch

構文:

arn:aws:cloudsearch:region:account-id:domain/domainname

例:

arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

構文:

arn:aws:cloudtrail:region:account-id:trail/trailname

例:

arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch Events

構文:

arn:aws:events:region:*:*

例:

arn:aws:events:us-east-1:*:*
arn:aws:events:us-east-1:account-id:*
arn:aws:events:us-east-1:account-id:rule/rule_name

Amazon CloudWatch Logs

構文:

arn:aws:logs:region:*:*

例:

arn:aws:logs:us-east-1:*:*
arn:aws:logs:us-east-1:account-id:*
arn:aws:logs:us-east-1:account-id:log-group:log_group_name
arn:aws:logs:us-east-1:account-id:log-group:log_group_name:*
arn:aws:logs:us-east-1:account-id:log-group:log_group_name_prefix*
arn:aws:logs:us-east-1:account-id:log-group:log_group_name:log-stream:log_stream_name
arn:aws:logs:us-east-1:account-id:log-group:log_group_name:log-stream:log_stream_name_prefix*
arn:aws:logs:us-east-1:account-id:log-group:log_group_name_prefix*:log-stream:log_stream_name_prefix*

AWS CodeBuild

構文:

arn:aws:codebuild:region:account-id:resourcetype/resource

例:

arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project
arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

構文:

arn:aws:codecommit:region:account-id:resource-specifier

例:

arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

構文:

arn:aws:codedeploy:region:account-id:resource-type:resource-specifier
arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

例:

arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App
arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

AWS Config

構文:

arn:aws:config:region:account-id:config-rule/config-rule-name

例:

arn:aws:config:us-east-1:123456789012:config-rule/MyConfigRule

AWS CodePipeline

構文:

arn:aws:codepipeline:region:account-id:resource-specifier

例:

arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS Direct Connect

構文:

arn:aws:directconnect:region:account-id:dxcon/connection-id
arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id

例:

arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048
arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x

Amazon DynamoDB

構文:

arn:aws:dynamodb:region:account-id:table/tablename

例:

arn:aws:dynamodb:us-east-1:123456789012:table/books_table

Amazon EC2 Container Registry (Amazon ECR)

構文:

arn:aws:ecr:region:account-id:repository/repository-name

例:

arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon EC2 Container Service (Amazon ECS)

構文:

arn:aws:ecs:region:account-id:cluster/cluster-name
arn:aws:ecs:region:account-id:container-instance/container-instance-id
arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number
arn:aws:ecs:region:account-id:service/service-name
arn:aws:ecs:region:account-id:task/task-id
arn:aws:ecs:region:account-id:container/container-id

例:

arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster
arn:aws:ecs:us-east-1:123456789012:container-instance/403125b0-555c-4473-86b5-65982db28a6d
arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8
arn:aws:ecs:us-east-1:123456789012:service/sample-webapp
arn:aws:ecs:us-east-1:123456789012:task/1abf0f6d-a411-4033-b8eb-a4eed3ad252a
arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic Compute Cloud (Amazon EC2)

構文:

arn:aws:ec2:region:account-id:customer-gateway/cgw-id
arn:aws:ec2:region:account_id:dedicated-host/host_id
arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id
arn:aws:ec2:region::image/image-id
arn:aws:ec2:region:account-id:instance/instance-id
arn:aws:iam::account:instance-profile/instance-profile-name
arn:aws:ec2:region:account-id:internet-gateway/igw-id
arn:aws:ec2:region:account-id:key-pair/key-pair-name
arn:aws:ec2:region:account-id:network-acl/nacl-id
arn:aws:ec2:region:account-id:network-interface/eni-id
arn:aws:ec2:region:account-id:placement-group/placement-group-name
arn:aws:ec2:region:account-id:route-table/route-table-id
arn:aws:ec2:region:account-id:security-group/security-group-id
arn:aws:ec2:region::snapshot/snapshot-id
arn:aws:ec2:region:account-id:subnet/subnet-id
arn:aws:ec2:region:account-id:volume/volume-id
arn:aws:ec2:region:account-id:vpc/vpc-id
arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id
arn:aws:ec2:region:account-id:vpn-connection/vpn-id
arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

例:

arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678
arn:aws:ec2:us-east-1::image/ami-1a2b3c4d
arn:aws:ec2:us-east-1:123456789012:instance/*
arn:aws:ec2:us-east-1:123456789012:volume/*
arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

AWS Elastic Beanstalk

構文:

arn:aws:elasticbeanstalk:region:account-id:application/applicationname
arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel
arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname
arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname
arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

例:

arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App
arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7
arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic File System

構文:

arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

例:

arn:aws:elasticfilesystem:us-east-1:123456789012:file-system-id/fs12345678

Elastic Load Balancing (Application Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id
arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id
arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee
arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

構文:

arn:aws:elastictranscoder:region:account-id:resource/id

例:

arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

構文:

arn:aws:elasticache:region:account-id:resourcetype:resourcename

例:

arn:aws:elasticache:us-west-2:123456789012:cluster:myCluster
arn:aws:elasticache:us-west-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

構文:

arn:aws:es:region:account-id:domain/domain-name

例:

arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon Glacier

構文:

arn:aws:glacier:region:account-id:vaults/vaultname

例:

arn:aws:glacier:us-east-1:123456789012:vaults/examplevault
arn:aws:glacier:us-east-1:123456789012:vaults/example*
arn:aws:glacier:us-east-1:123456789012:vaults/*

AWS Health / Personal Health Dashboard

構文:

arn:aws:health:region::event/event-id
arn:aws:health:region:account-id:entity/entity-id

例:

arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID
arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management (IAM)

構文:

arn:aws:iam::account-id:root
arn:aws:iam::account-id:user/user-name
arn:aws:iam::account-id:group/group-name
arn:aws:iam::account-id:role/role-name
arn:aws:iam::account-id:policy/policy-name
arn:aws:iam::account-id:instance-profile/instance-profile-name
arn:aws:sts::account-id:federated-user/user-name
arn:aws:sts::account-id:assumed-role/role-name/role-session-name
arn:aws:iam::account-id:mfa/virtual-device-name
arn:aws:iam::account-id:server-certificate/certificate-name
arn:aws:iam::account-id:saml-provider/provider-name
arn:aws:iam::account-id:oidc-provider/provider-name

例:

arn:aws:iam::123456789012:root
arn:aws:iam::123456789012:user/Bob
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob
arn:aws:iam::123456789012:group/Developers
arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers
arn:aws:iam::123456789012:role/S3Access
arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access
arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials
arn:aws:iam::123456789012:instance-profile/Webserver
arn:aws:sts::123456789012:federated-user/Bob
arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary
arn:aws:iam::123456789012:mfa/BobJonesMFA
arn:aws:iam::123456789012:server-certificate/ProdServerCert
arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert
arn:aws:iam::123456789012:saml-provider/ADFSProvider
arn:aws:iam::123456789012:oidc-provider/GoogleProvider

IAM ARN の詳細については、『IAM ユーザーガイド』の「IAM ARN」を参照してください。

AWS IoT

構文:

arn:aws:iot:your-region:account-id:cert/cert-ID
arn:aws:iot:your-region:account-id:policy/policy-name
arn:aws:iot:your-region:account-id:rule/rule-name

例:

arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7
arn:aws:iot:123456789012:policy/MyIoTPolicy
arn:aws:iot:your-region:123456789012:rule/MyIoTRule

AWS Key Management Service (AWS KMS)

構文:

arn:aws:kms:region:account-id:key/key-id
arn:aws:kms:region:account-id:alias/alias

例:

arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Firehose (Firehose)

構文:

arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

例:

arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Streams (Streams)

構文:

arn:aws:kinesis:region:account-id:stream/stream-name

例:

arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name

AWS Lambda (Lambda)

構文:

arn:aws:lambda:region:account-id:function:function-name
arn:aws:lambda:region:account-id:function:function-name:alias-name
arn:aws:lambda:region:account-id:function:function-name:version
arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

例:

arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0
arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Machine Learning (Amazon ML)

構文:

arn:aws:machinelearning:region:account-id:datasource/datasourceID
arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID
arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID
arn:aws:machinelearning:region:account-id:evaluation/evaluationID

例:

arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1
arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel
arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction
arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

Amazon Polly

構文:

arn:aws:polly:region:account-id:lexicon/LexiconName

例:

arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

構文:

arn:aws:redshift:region:account-id:cluster:clustername
arn:aws:redshift:region:account-id:dbuser:clustername/dbusername
arn:aws:redshift:region:account-id:parametergroup:parametergroupname
arn:aws:redshift:region:account-id:securitygroup:securitygroupname
arn:aws:redshift:region:account-id:snapshot:clustername/snapshotname
arn:aws:redshift:region:account-id:subnetgroup:subnetgroupname

例:

arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster
arn:aws:redshift:us-east-1:123456789012:my-cluster/my-dbuser-name
arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group
arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group
arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807
arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10                    

Amazon Relational Database Service (Amazon RDS)

ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon Relational Database Service ユーザーガイド』の「Tagging a DB Instance」を参照してください。

構文:

arn:aws:rds:region:account-id:db:db-instance-name
arn:aws:rds:region:account-id:snapshot:snapshot-name
arn:aws:rds:region:account-id:cluster:db-cluster-name
arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name
arn:aws:rds:region:account-id:og:option-group-name
arn:aws:rds:region:account-id:pg:parameter-group-name
arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name
arn:aws:rds:region:account-id:secgrp:security-group-name
arn:aws:rds:region:account-id:subgrp:subnet-group-name
arn:aws:rds:region:account-id:es:subscription-name

例:

arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1
arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2
arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1
arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7
arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1
arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1
arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3
arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2
arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1
arn:aws:rds:us-east-1:123456789012:es:monitor-events2

Amazon Route 53

構文:

arn:aws:route53:::hostedzone/zoneid
arn:aws:route53:::change/changeid

Amazon Route 53 は ARN のアカウント番号またはリージョンを必要としないことに注意してください。

例:

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2
arn:aws:route53:::change/*

Amazon EC2 Systems Manager (SSM)

構文:

arn:aws:ssm:region:account-id:document/document_name

例:

arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup

Amazon Simple Notification Service (Amazon SNS)

構文:

arn:aws:sns:region:account-id:topicname
arn:aws:sns:region:account-id:topicname:subscriptionid

例:

arn:aws:sns:*:123456789012:my_corporate_topic
arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service (Amazon SQS)

構文:

arn:aws:sqs:region:account-id:queuename

例:

arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service (Amazon S3)

構文:

arn:aws:s3:::bucket_name
arn:aws:s3:::bucket_name/key_name

Note

Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。

例:

arn:aws:s3:::my_corporate_bucket
arn:aws:s3:::my_corporate_bucket/exampleobject.png
arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。

Amazon Simple Workflow Service (Amazon SWF)

構文:

arn:aws:swf:region:account-id:/domain/domain_name

例:

arn:aws:swf:us-east-1:123456789012:/domain/department1
arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

構文:

arn:aws:states:region:account-id:activity:activityName
arn:aws:states:region:account-id:stateMachine:stateMachineName   
arn:aws:states:region:account-id:execution:stateMachineName:executionName

例:

arn:aws:states:us-east-1:123456789012:activity:HelloActivity
arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine
arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

構文:

arn:aws:storagegateway:region:account-id:gateway/gateway-id
arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id
arn:aws:storagegateway:region:account-id:tape/tapebarcode
arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget
arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

例:

arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

Note

各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。

AWS Trusted Advisor

構文:

arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

例:

arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

構文:

arn:aws:waf::account-id:resource-type/resource-id

例:

arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2
arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3
arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480
arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4
arn:aws:waf::123456789012:sqlinjectionset/2be79d6f-2f41-4c9b-8192-d719676873f0
arn:aws:waf::123456789012:changetoken/03ba2197-fc98-4ac0-a67d-5b839762b16b

ARN のパス

一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ (/) を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。

特定の状況では、パスにワイルドカード文字、すなわちアスタリスク (*) を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。

arn:aws:iam::123456789012:user/Development/product_1234/*

同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。

"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"

ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。

次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。

arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。

次のような使い方はできません。

arn:aws:iam::123456789012:u*

AWS サービスの名前空間

AWS IAM ポリシーを作成するとき、または Amazon リソースネーム (ARN) で作業するときには、名前空間を使用して AWS サービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。

次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": [
        "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*",
        "arn:aws:ec2:us-west-2::image/*",
        "arn:aws:ec2:us-west-2:123456789012:instance/*",
        "arn:aws:iam::123456789012:instance-profile/*",
        "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:key-pair/*",
        "arn:aws:ec2:us-west-2:123456789012:network-acl/*",
        "arn:aws:ec2:us-west-2:123456789012:network-interface/*",
        "arn:aws:ec2:us-west-2:123456789012:placement-group/*",
        "arn:aws:ec2:us-west-2:123456789012:route-table/*",
        "arn:aws:ec2:us-west-2:123456789012:security-group/*",
        "arn:aws:ec2:us-west-2::snapshot/*",
        "arn:aws:ec2:us-west-2:123456789012:subnet/*",
        "arn:aws:ec2:us-west-2:123456789012:volume/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example_bucket/marketing/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket*",
      "Resource": "arn:aws:s3:::example_bucket",
      "Condition": {"StringLike": {"s3:prefix": "marketing/*"}}
    }
  ]
}

次の表は、各 AWS サービスの名前空間の一覧です。

サービス名前空間
API ゲートウェイapigateway
Amazon AppStreamappstream
AWS Artifactartifact
Auto Scalingautoscaling
AWS Billing and Cost Managementaws-portal
AWS Certificate Manager (ACM) acm
AWS CloudFormationcloudformation
Amazon CloudFrontcloudfront
AWS CloudHSMcloudhsm
Amazon CloudSearchcloudsearch
AWS CloudTrailcloudtrail
Amazon CloudWatchcloudwatch
Amazon CloudWatch Eventsevents
Amazon CloudWatch Logslogs
AWS CodeBuildcodebuild
AWS CodeCommitcodecommit
AWS CodeDeploycodedeploy
AWS CodePipelinecodepipeline
Amazon Cognito Identitycognito-identity
Amazon Cognito Synccognito-sync
AWS Configconfig
AWS Data Pipelinedatapipeline
AWS Database Migration Service (AWS DMS)dms
AWS Device Farmdevicefarm
AWS Direct Connectdirectconnect
AWS Directory Serviceds
Amazon DynamoDBdynamodb
Amazon Elastic Compute Cloud (Amazon EC2) ec2
Amazon EC2 Container Registry (Amazon ECR) ecr
Amazon EC2 Container Service (Amazon ECS)ecs
Amazon EC2 Systems Manager (SSM)ssm
AWS Elastic Beanstalkelasticbeanstalk
Amazon Elastic File System (Amazon EFS)elasticfilesystem
Elastic Load Balancingelasticloadbalancing
Amazon EMRelasticmapreduce
Amazon Elastic Transcoderelastictranscoder
Amazon ElastiCacheelasticache
Amazon Elasticsearch Service (Amazon ES)es
Amazon GameLiftgamelift
Amazon Glacierglacier
AWS Health / Personal Health Dashboardhealth
AWS Identity and Access Management (IAM)iam
AWS Import/Exportimportexport
Amazon Inspectorinspector
AWS IoTiot
AWS Key Management Service (AWS KMS)kms
Amazon Kinesis Analyticskinesisanalytics
Amazon Kinesis Firehosefirehose
Amazon Kinesis Streamskinesis
AWS Lambdalambda
Amazon Lightsaillightsail
Amazon Machine Learningmachinelearning
AWS Marketplaceaws-marketplace
AWS Marketplace Management Portalaws-marketplace-management
Amazon Mobile Analyticsmobileanalytics
AWS OpsWorksopsworks
AWS OpsWorks for Chef Automateopsworks-cm
Amazon Pollypolly
Amazon Redshiftredshift
Amazon Relational Database Service (Amazon RDS)rds
Amazon Route 53route53
Amazon Route 53 Domainsroute53domains
AWS Security Token Service (AWS STS)sts
AWS Service Catalogservicecatalog
Amazon Simple Email Service (Amazon SES) ses
Amazon Simple Notification Service (Amazon SNS) sns
Amazon Simple Queue Service (Amazon SQS) sqs
Amazon Simple Storage Service (Amazon S3) s3
Amazon Simple Workflow Service (Amazon SWF) swf
Amazon SimpleDBsdb
AWS Step Functionsstates
AWS Storage Gatewaystoragegateway
AWS サポートsupport
AWS Trusted Advisortrustedadvisor
Amazon Virtual Private Cloud (Amazon VPC)ec2
AWS WAFwaf
Amazon WorkMailworkmail
Amazon WorkSpacesworkspaces