AWS ドキュメント » 全般的なリファレンス » Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API 呼び出しなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。

ARN 形式

次に ARN の例を示します。

<!-- Elastic Beanstalk application version -->
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment

<!-- IAM user name -->
arn:aws:iam::123456789012:user/David

<!-- Amazon RDS instance used for tagging -->
arn:aws:rds:eu-west-1:123456789012:db:mysql-db

<!-- Object in an Amazon S3 bucket -->
arn:aws:s3:::my_corporate_bucket/exampleobject.png

次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。

arn:partition:service:region:account-id:resource
arn:partition:service:region:account-id:resourcetype/resource
arn:partition:service:region:account-id:resourcetype:resource

パーティション

リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは aws です。他のパーティションにリソースがある場合、パーティションは aws-partitionname です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、aws-cn です。

service

AWS 製品 (例: Amazon S3、IAM、Amazon RDS) を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。

リージョン

リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。

アカウント

リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。

resource、resourcetype:resource、または resourcetype/resource

ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。

ARN の例

次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。

一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。

サービス

• Alexa for Business
• Amazon API Gateway
• AWS AppSync
• AWS Artifact
• Amazon EC2 Auto Scaling
• AWS Certificate Manager
• AWS Certificate Manager Private Certificate Authority
• AWS Cloud9
• Amazon Cloud Directory
• AWS CloudFormation
• Amazon CloudFront
• Amazon CloudSearch
• AWS CloudTrail
• Amazon CloudWatch
• Amazon CloudWatch Events
• Amazon CloudWatch Logs
• AWS CodeBuild
• AWS CodeCommit
• AWS CodeDeploy
• Amazon Cognito ユーザープール
• Amazon Cognito フェデレーテッドアイデンティティ
• Amazon Cognito Sync
• AWS Config
• AWS CodePipeline
• AWS CodeStar
• AWS Direct Connect
• AWS Directory Service
• Amazon DynamoDB
• AWS Elastic Beanstalk
• Amazon Elastic Compute Cloud (Amazon EC2)
• Amazon Elastic Container Registry (Amazon ECR)
• Amazon Elastic Container Service (Amazon ECS)
• Amazon Elastic File System
• Elastic Load Balancing (Application Load Balancer)
• Elastic Load Balancing (ネットワークロードバランサー)
• Elastic Load Balancing (Classic Load Balancer)
• Amazon Elastic Transcoder
• Amazon ElastiCache
• Amazon Elasticsearch Service
• Amazon Glacier
• Amazon GuardDuty
• AWS Health / Personal Health Dashboard
• AWS Identity and Access Management (IAM)
• AWS IoT
• AWS Key Management Service (AWS KMS)
• Amazon Kinesis Data Firehose (Kinesis Data Firehose)
• Amazon Kinesis Data Streams (Kinesis Data Streams)
• Amazon Kinesis Data Analytics (Kinesis Data Analytics)
• Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)
• AWS Lambda (Lambda)
• Amazon Macie
• Amazon Machine Learning (Amazon ML)
• AWS Elemental MediaConvert
• AWS Elemental MediaLive
• AWS Elemental MediaPackage
• AWS Elemental MediaStore
• AWS Elemental MediaTailor
• AWS Mobile Hub
• Amazon MQ
• AWS Organizations
• Amazon Pinpoint
• Amazon Polly
• Amazon Redshift
• Amazon Relational Database Service (Amazon RDS)
• Amazon Route 53
• AWS Secrets Manager
• AWS Serverless Application Repository
• Amazon Simple Email Service (Amazon SES)
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Simple Storage Service (Amazon S3)
• Amazon Simple Workflow Service (Amazon SWF)
• AWS Step Functions
• AWS Storage Gateway
• AWS Systems Manager
• AWS Trusted Advisor
• AWS WAF

Alexa for Business

構文:

arn:aws:a4b:region:accountid:resourcetype/resource

例:

arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158

Amazon API Gateway

構文:

arn:aws:apigateway:region::resource-path
arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path

例:

arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/*
arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/*
arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets
arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*

AWS AppSync

構文:

arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-name
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-name
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name

例:

arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription

AWS Artifact

構文:

arn:aws:artifact:::report-package/document-type/report-type

例:

arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*
arn:aws:artifact:::report-package/Certifications and Attestations/ISO/*
arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Amazon EC2 Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyname/policyfriendlyname
arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

AWS Certificate Manager

構文:

arn:aws:acm:region:account-id:certificate/certificate-id

例:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

AWS Certificate Manager Private Certificate Authority

構文 (プライベート認証機関):

arn:aws:acm:region:account-id:certificate-authority/ca-id

例:

arn:aws:acm:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012

構文 (プライベート証明書):

arn:aws:acm:region:account-id:certificate-authority/ca-id/certificate/certificate-id

例:

arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8

AWS Cloud9

構文:

arn:aws:cloud9:region:account-id:environment:environment-id

例:

arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX

Amazon Cloud Directory

構文:

arn:aws:clouddirectory:region:account-id:directory/directoryID

例:

arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

AWS CloudFormation

構文:

arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier

arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

例:

arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudFront

構文:

arn:aws:cloudfront::account-id:*

例:

arn:aws:cloudfront::123456789012:*

Amazon CloudSearch

構文:

arn:aws:cloudsearch:region:account-id:domain/domainname

例:

arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

構文:

arn:aws:cloudtrail:region:account-id:trail/trailname

例:

arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch

構文:

arn:aws:cloudwatch:region:account-id:alarm:alarm-name

arn:aws:cloudwatch::account-id:dashboard/dashboard-name

例:

arn:aws:cloudwatch:us-east-1:123456789012:alarm:*
arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName

arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName

Amazon CloudWatch Events

構文:

arn:aws:events:region:*:*

例:

arn:aws:events:us-east-1:*:*
arn:aws:events:us-east-1:123456789012:*
arn:aws:events:us-east-1:123456789012:rule/my-rule

Amazon CloudWatch Logs

構文:

arn:aws:logs:region:*:*

例:

arn:aws:logs:us-east-1:*:*
arn:aws:logs:us-east-1:123456789012:*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*

AWS CodeBuild

構文:

arn:aws:codebuild:region:account-id:resourcetype/resource

例:

arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project
arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

構文:

arn:aws:codecommit:region:account-id:resource-specifier

例:

arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

構文:

arn:aws:codedeploy:region:account-id:resource-type:resource-specifier
arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

例:

arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App
arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

Amazon Cognito ユーザープール

構文:

arn:aws:cognito-idp:region:account-id:userpool/user-pool-id

例:

arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito フェデレーテッドアイデンティティ

構文:

arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id

例:

arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito Sync

構文:

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name

例:

arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

AWS Config

構文:

arn:aws:config:region:account-id:config-rule/config-rule-id

例:

arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan 

AWS CodePipeline

構文:

arn:aws:codepipeline:region:account-id:resource-specifier

例:

arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS CodeStar

構文:

arn:aws:codestar:region:account-id:resource-specifier

例:

arn:aws:codestar:us-east-1:123456789012:my-first-project

AWS Direct Connect

構文:

arn:aws:directconnect:region:account-id:dxcon/connection-id
arn:aws:directconnect:region:account-id:dxlag/lag-id 
arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id

例:

arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048
arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq
arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x

AWS Directory Service

構文:

arn:aws:ds:region:account-id:directory/directoryId

例:

arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

Amazon DynamoDB

構文:

arn:aws:dynamodb:region:account-id:table/tablename
arn:aws:dynamodb:region:account-id:table/tablename/stream/label

例:

arn:aws:dynamodb:us-east-1:123456789012:table/books_table
arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291

AWS Elastic Beanstalk

構文:

arn:aws:elasticbeanstalk:region:account-id:application/applicationname
arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel
arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname
arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname
arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

例:

arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App
arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7
arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic Compute Cloud (Amazon EC2)

構文:

arn:aws:ec2:region:account-id:customer-gateway/cgw-id
arn:aws:ec2:region:account-id:dedicated-host/host_id
arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id
arn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-id
arn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-id
arn:aws:ec2:region::image/image-id
arn:aws:ec2:region:account-id:instance/instance-id
arn:aws:iam::account:instance-profile/instance-profile-name
arn:aws:ec2:region:account-id:internet-gateway/igw-id
arn:aws:ec2:region:account-id:key-pair/key-pair-name	
arn:aws:ec2:region:account-id:launch-template/launch-template-id
arn:aws:ec2:region:account-id:natgateway/natgateway-id
arn:aws:ec2:region:account-id:network-acl/nacl-id
arn:aws:ec2:region:account-id:network-interface/eni-id
arn:aws:ec2:region:account-id:placement-group/placement-group-name
arn:aws:ec2:region:account-id:reserved-instances/reservation-id
arn:aws:ec2:region:account-id:route-table/route-table-id
arn:aws:ec2:region:account-id:security-group/security-group-id
arn:aws:ec2:region::snapshot/snapshot-id
arn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-id
arn:aws:ec2:region:account-id:subnet/subnet-id
arn:aws:ec2:region:account-id:volume/volume-id
arn:aws:ec2:region:account-id:vpc/vpc-id
arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id
arn:aws:ec2:region:account-id:vpn-connection/vpn-id
arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

例:

arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678
arn:aws:ec2:us-east-1::image/ami-1a2b3c4d
arn:aws:ec2:us-east-1:123456789012:instance/*
arn:aws:ec2:us-east-1:123456789012:volume/*
arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

Amazon Elastic Container Registry (Amazon ECR)

構文:

arn:aws:ecr:region:account-id:repository/repository-name

例:

arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon Elastic Container Service (Amazon ECS)

構文:

arn:aws:ecs:region:account-id:cluster/cluster-name
arn:aws:ecs:region:account-id:container-instance/container-instance-id
arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number
arn:aws:ecs:region:account-id:service/service-name
arn:aws:ecs:region:account-id:task/task-id
arn:aws:ecs:region:account-id:container/container-id

例:

arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster
arn:aws:ecs:us-east-1:123456789012:container-instance/403125b0-555c-4473-86b5-65982db28a6d
arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8
arn:aws:ecs:us-east-1:123456789012:service/sample-webapp
arn:aws:ecs:us-east-1:123456789012:task/1abf0f6d-a411-4033-b8eb-a4eed3ad252a
arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic File System

構文:

arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

例:

arn:aws:elasticfilesystem:us-east-1:123456789012:file-system-id/fs12345678

Elastic Load Balancing (Application Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id
arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id
arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee
arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (ネットワークロードバランサー)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id
arn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-id
arn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-id
arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee
arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

構文:

arn:aws:elastictranscoder:region:account-id:resource/id

例:

arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

構文:

arn:aws:elasticache:region:account-id:resourcetype:resourcename

例:

arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster
arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

構文:

arn:aws:es:region:account-id:domain/domain-name

例:

arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon Glacier

構文:

arn:aws:glacier:region:account-id:vaults/vaultname

例:

arn:aws:glacier:us-east-1:123456789012:vaults/examplevault
arn:aws:glacier:us-east-1:123456789012:vaults/example*
arn:aws:glacier:us-east-1:123456789012:vaults/*

Amazon GuardDuty

構文:

arn:aws:guardduty:region:account-id:detector/detector-id

arn:aws:guardduty:region:account-id:ipset/ipset-id

arn:aws:guardduty:region:account-id:threatintelset/threatintelset-id

例:

arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0

arn:aws:guardduty:us-east-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90

arn:aws:guardduty:us-east-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234

AWS Health / Personal Health Dashboard

構文:

arn:aws:health:region::event/event-id
arn:aws:health:region:account-id:entity/entity-id

例:

arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID
arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management (IAM)

構文:

arn:aws:iam::account-id:root
arn:aws:iam::account-id:user/user-name
arn:aws:iam::account-id:group/group-name
arn:aws:iam::account-id:role/role-name
arn:aws:iam::account-id:policy/policy-name
arn:aws:iam::account-id:instance-profile/instance-profile-name
arn:aws:sts::account-id:federated-user/user-name
arn:aws:sts::account-id:assumed-role/role-name/role-session-name
arn:aws:iam::account-id:mfa/virtual-device-name
arn:aws:iam::account-id:server-certificate/certificate-name
arn:aws:iam::account-id:saml-provider/provider-name
arn:aws:iam::account-id:oidc-provider/provider-name

例:

arn:aws:iam::123456789012:root
arn:aws:iam::123456789012:user/Bob
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob
arn:aws:iam::123456789012:group/Developers
arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers
arn:aws:iam::123456789012:role/S3Access
arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access
arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials
arn:aws:iam::123456789012:instance-profile/Webserver
arn:aws:sts::123456789012:federated-user/Bob
arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary
arn:aws:iam::123456789012:mfa/BobJonesMFA
arn:aws:iam::123456789012:server-certificate/ProdServerCert
arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert
arn:aws:iam::123456789012:saml-provider/ADFSProvider
arn:aws:iam::123456789012:oidc-provider/GoogleProvider

IAM ARN の詳細については、『IAM ユーザーガイド』の「IAM ARN」を参照してください。

AWS IoT

構文:

arn:aws:iot:your-region:account-id:cert/cert-ID
arn:aws:iot:your-region:account-id:policy/policy-name
arn:aws:iot:your-region:account-id:rule/rule-name
arn:aws:iot:your-region:account-id:client/client-id/rule-name

例:

arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7
arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy
arn:aws:iot:your-region:123456789012:rule/MyIoTRule
arn:aws:iot:your-region:123456789012:client/client101

AWS Key Management Service (AWS KMS)

構文:

arn:aws:kms:region:account-id:key/key-id
arn:aws:kms:region:account-id:alias/alias

例:

arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Data Firehose (Kinesis Data Firehose)

構文:

arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

例:

arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Data Streams (Kinesis Data Streams)

構文:

arn:aws:kinesis:region:account-id:stream/stream-name

例:

arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name

Amazon Kinesis Data Analytics (Kinesis Data Analytics)

構文:

arn:aws:kinesisanalytics:region:account-id:application/application-name

例:

arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name

Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)

構文:

arn:aws:kinesisvideo:region:account-id:application/stream-name/code

例:

arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012

AWS Lambda (Lambda)

構文:

arn:aws:lambda:region:account-id:function:function-name
arn:aws:lambda:region:account-id:function:function-name:alias-name
arn:aws:lambda:region:account-id:function:function-name:version
arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

例:

arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0
arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Macie

構文:

arn:aws:macie:region:account-id:trigger/triggerID
arn:aws:macie:region:account-id:trigger/triggerID/alert/alertID

例:

arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975
arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585
arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585

Amazon Machine Learning (Amazon ML)

構文:

arn:aws:machinelearning:region:account-id:datasource/datasourceID
arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID
arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID
arn:aws:machinelearning:region:account-id:evaluation/evaluationID

例:

arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1
arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel
arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction
arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

AWS Elemental MediaConvert

構文:

arn:aws:mediaconvert:region:account-id:jobs/jobID
arn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateID
arn:aws:mediaconvert:region:account-id:presets/presetID
arn:aws:mediaconvert:region:account-id:queues/queueID

例:

arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123
arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678
arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p
arn:aws:mediaconvert:us-east-1:111111111111:queues/default

AWS Elemental MediaLive

構文:

arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupID
arn:aws:medialive:region:account-id:input:inputID
arn:aws:medialive:region:account-id:channel:channelID

例:

arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567
arn:aws:medialive:us-east-1:111111111111:input:2345678
arn:aws:medialive:us-east-1:111111111111:channel:3456789

AWS Elemental MediaPackage

構文:

arn:aws:mediapackage:region:account-id:channels/channelID
arn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID

例:

arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m
arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n

AWS Elemental MediaStore

構文:

arn:aws:mediastore:region:account-id:resourceType/resourceID

例:

arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts

AWS Elemental MediaTailor

構文:

arn:aws:mediatailor:region:account-id:configurations/configurationID

例:

arn:aws:mediatailor:us-east-1:111111111111:configurations/2c3456de789012f34ghijk5m678n901o

AWS Mobile Hub

構文:

arn:aws:mobilehub:region:account-id:project/projectID

例:

arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc

Amazon MQ

構文:

arn:aws:mq:region:account-id:broker:broker-name:broker-id
arn:aws:mq:region:account-id:configuration:configuration-name:configuration-id

例:

arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9

AWS Organizations

構文:

arn:aws:organizations:region:master-account-id:organization/o-organization-id
arn:aws:organizations:region:master-account-id:root/o-organization-id/r-root-id
arn:aws:organizations:region:master-account-id:account/o-organization-id/account-id
arn:aws:organizations:region:master-account-id:ou/o-organization-id/r-root-id/ou-organizational-unit-id
arn:aws:organizations:region:master-account-id:policy/o-organization-id/policy-type/p-policy-id
arn:aws:organizations:region:master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id

例:

arn:aws:organizations:us-east-1:123456789012:organization/o-a1b2c3d4e5example
arn:aws:organizations:us-east-1:123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example
arn:aws:organizations:us-east-1:123456789012:account/o-a1b2c3d4e5/123456789012
arn:aws:organizations:us-east-1:123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example
arn:aws:organizations:us-east-1:123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example
arn:aws:organizations:us-east-1:123456789012:handshake/o-a1b2c3d4e5/h-u2v4w5x8y0example

Amazon Pinpoint

構文:

arn:aws:mobiletargeting:us-east-1:account-id:apps/appId
arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignId
arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId

例:

arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf

Amazon Polly

構文:

arn:aws:polly:region:account-id:lexicon/LexiconName

例:

arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

構文:

arn:aws:redshift:region:account-id:cluster:cluster-name
arn:aws:redshift:region:account-id:dbname:cluster-name/database-name
arn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-name
arn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-name
arn:aws:redshift:region:account-id:parametergroup:parameter-group-name
arn:aws:redshift:region:account-id:securitygroup:security-group-name
arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name
arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name

例:

arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster
arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database
arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user
arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group
arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group
arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group
arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807
arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10                    

Amazon Relational Database Service (Amazon RDS)

ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon Relational Database Service ユーザーガイド』の「Tagging a DB Instance」を参照してください。

構文:

arn:aws:rds:region:account-id:db:db-instance-name
arn:aws:rds:region:account-id:snapshot:snapshot-name
arn:aws:rds:region:account-id:cluster:db-cluster-name
arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name
arn:aws:rds:region:account-id:og:option-group-name
arn:aws:rds:region:account-id:pg:parameter-group-name
arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name
arn:aws:rds:region:account-id:secgrp:security-group-name
arn:aws:rds:region:account-id:subgrp:subnet-group-name
arn:aws:rds:region:account-id:es:subscription-name

例:

arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1
arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2
arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1
arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7
arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1
arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1
arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3
arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2
arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1
arn:aws:rds:us-east-1:123456789012:es:monitor-events2

Amazon Route 53

構文:

arn:aws:route53:::hostedzone/zoneid
arn:aws:route53:::change/change-id
arn:aws:route53::account-id:domain/domain-name
arn:aws:servicediscovery:region:account-id:namespace/namespace-id
arn:aws:servicediscovery:region:account-id:service/service-id

Amazon Route 53 には、ARN のアカウント番号またはリージョンは不要です。

例:

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2
arn:aws:route53:::change/*
arn:aws:route53::123456789012:domain:example.com

AWS Secrets Manager

構文:

arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code

各シークレットは、オプションのパス、ユーザーが指定したシークレットの分かりやすい名前、ダッシュに続き、AWS で生成された 6 文字のランダムコードで構成されます。

例:

arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq

AWS Serverless Application Repository

構文:

arn:aws:serverlessrepo:region:account-id:applications/application-name
arn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version

例:

arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp
arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0

Amazon Simple Email Service (Amazon SES)

Amazon SES では、ARN が最もよく使用されるのは、送信承認のセットアップです。詳細については、Amazon Simple Email Service 開発者ガイド の「Amazon SES での送信承認の使用」を参照してください。

構文:

arn:aws:ses:region:account-id:identity/identity

例:

arn:aws:ses:us-east-1:123456789012:identity/example.com
arn:aws:ses:us-east-1:123456789012:identity/sender@example.net

Amazon Simple Notification Service (Amazon SNS)

構文:

arn:aws:sns:region:account-id:topicname
arn:aws:sns:region:account-id:topicname:subscriptionid

例:

arn:aws:sns:*:123456789012:my_corporate_topic
arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service (Amazon SQS)

構文:

arn:aws:sqs:region:account-id:queuename

例:

arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service (Amazon S3)

構文:

arn:aws:s3:::bucket_name
arn:aws:s3:::bucket_name/key_name

注記

Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。

例:

arn:aws:s3:::my_corporate_bucket
arn:aws:s3:::my_corporate_bucket/exampleobject.png
arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。

Amazon Simple Workflow Service (Amazon SWF)

構文:

arn:aws:swf:region:account-id:/domain/domain_name

例:

arn:aws:swf:us-east-1:123456789012:/domain/department1
arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

構文:

arn:aws:states:region:account-id:activity:activityName
arn:aws:states:region:account-id:stateMachine:stateMachineName   
arn:aws:states:region:account-id:execution:stateMachineName:executionName

例:

arn:aws:states:us-east-1:123456789012:activity:HelloActivity
arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine
arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

構文:

arn:aws:storagegateway:region:account-id:gateway/gateway-id
arn:aws:storagegateway:region:account-id:share/share-id        
arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id        
arn:aws:storagegateway:region:account-id:tape/tapebarcode
arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget
arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

例:

arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B
arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

注記

各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。

AWS Systems Manager

構文:

arn:aws:ssm:region:account-id:document/document_name
arn:aws:ssm:region:account-id:parameter/parameter_name
arn:aws:ssm:region:account-id:patchbaseline/baseline_id
arn:aws:ssm:region:account-id:maintenancewindow/window_id
arn:aws:ssm:region:account-id:automation-execution/execution_id
arn:aws:ssm:region:account-id:automation-Activity/activity_name
arn:aws:ssm:region:account-id:automation-definition/definitionName:version
arn:aws:ssm:region:account-id:managed-instance/instance_id
arn:aws:ssm:region:account-id:managed-instance-inventory/instance_id

例:

arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup
arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName
arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567
arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567
arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d
arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName
arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1
arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567
arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661

AWS Trusted Advisor

構文:

arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

例:

arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

構文、WAF Global (CloudFront で使用):

arn:aws:waf::account-id:resource-type/resource-id

構文、WAF Regional (Application Load Balancer で使用):

arn:aws:waf-regional::account-id:resource-type/resource-id

例:

arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2
arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2
arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3
arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3
arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480
arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480
arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4
arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4

ARN のパス

一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ (/) を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。

特定の状況では、パスにワイルドカード文字、すなわちアスタリスク (*) を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。

arn:aws:iam::123456789012:user/Development/product_1234/*

同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。

"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"

ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。

次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。

arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。

次のような使い方はできません。

arn:aws:iam::123456789012:u*

AWS サービスの名前空間

IAM ポリシーを作成する場合や Amazon リソースネーム (ARN) を使用する場合は、名前空間を使用して AWS のサービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。

次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": [
        "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*",
        "arn:aws:ec2:us-west-2::image/*",
        "arn:aws:ec2:us-west-2:123456789012:instance/*",
        "arn:aws:iam::123456789012:instance-profile/*",
        "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:key-pair/*",
        "arn:aws:ec2:us-west-2:123456789012:network-acl/*",
        "arn:aws:ec2:us-west-2:123456789012:network-interface/*",
        "arn:aws:ec2:us-west-2:123456789012:placement-group/*",
        "arn:aws:ec2:us-west-2:123456789012:route-table/*",
        "arn:aws:ec2:us-west-2:123456789012:security-group/*",
        "arn:aws:ec2:us-west-2::snapshot/*",
        "arn:aws:ec2:us-west-2:123456789012:subnet/*",
        "arn:aws:ec2:us-west-2:123456789012:volume/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example_bucket/marketing/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket*",
      "Resource": "arn:aws:s3:::example_bucket",
      "Condition": {"StringLike": {"s3:prefix": "marketing/*"}}
    }
  ]
}

次の表は、各 AWS サービスの名前空間の一覧です。

サービス	名前空間
API Gateway	apigateway
Amazon AppStream	appstream
AWS AppSync	appsync
AWS Artifact	artifact
Amazon EC2 Auto Scaling	autoscaling
AWS Billing and Cost Management	aws-portal
AWS Certificate Manager (ACM)	acm
AWS Cloud9	cloud9
Amazon Cloud Directory	clouddirectory
AWS CloudFormation	cloudformation
Amazon CloudFront	cloudfront
AWS CloudHSM	cloudhsm
Amazon CloudSearch	cloudsearch
AWS CloudTrail	cloudtrail
Amazon CloudWatch	cloudwatch
Amazon CloudWatch Events	events
Amazon CloudWatch Logs	logs
AWS CodeBuild	codebuild
AWS CodeCommit	codecommit
AWS CodeDeploy	codedeploy
AWS CodePipeline	codepipeline
AWS CodeStar	codestar
Amazon Cognito ユーザープール	cognito-idp
Amazon Cognito フェデレーテッドアイデンティティ	cognito-identity
Amazon Cognito Sync	cognito-sync
AWS Config	config
AWS Data Pipeline	datapipeline
AWS Database Migration Service (AWS DMS)	dms
AWS Device Farm	devicefarm
AWS Direct Connect	directconnect
AWS Directory Service	ds
Amazon DynamoDB	dynamodb
Amazon Elastic Compute Cloud (Amazon EC2)	ec2
Amazon Elastic Container Registry (Amazon ECR)	ecr
Amazon Elastic Container Service (Amazon ECS)	ecs
Amazon EC2 Systems Manager (SSM)	ssm
AWS Elastic Beanstalk	elasticbeanstalk
Amazon Elastic File System (Amazon EFS)	elasticfilesystem
Elastic Load Balancing	elasticloadbalancing
Amazon EMR	elasticmapreduce
Amazon Elastic Transcoder	elastictranscoder
Amazon ElastiCache	elasticache
Amazon Elasticsearch Service (Amazon ES)	es
AWS Firewall Manager	fms
Amazon GameLift	gamelift
Amazon Glacier	glacier
AWS Glue	glue
Amazon GuardDuty	guardduty
AWS Health / Personal Health Dashboard	health
AWS Identity and Access Management (IAM)	iam
AWS Import/Export	importexport
Amazon Inspector	inspector
AWS IoT	iot
AWS Key Management Service (AWS KMS)	kms
Amazon Kinesis Data Analytics	kinesisanalytics
Amazon Kinesis Data Firehose	firehose
Amazon Kinesis Data Streams	kinesis
AWS Lambda	lambda
Amazon Lightsail	lightsail
Amazon Macie	macie
Amazon Machine Learning	machinelearning
AWS Marketplace	aws-marketplace
AWS Marketplace Management Portal	aws-marketplace-management
AWS Elemental MediaConvert	mediaconvert
AWS Elemental MediaLive	medialive
AWS Elemental MediaPackage	mediapackage
AWS Elemental MediaStore	mediastore
AWS Elemental MediaTailor	mediatailor
Amazon Mobile Analytics	mobileanalytics
AWS Mobile Hub	mobilehub
Amazon MQ Service (Amazon MQ)	mq
AWS OpsWorks	opsworks
AWS OpsWorks for Chef Automate	opsworks-cm
AWS Organizations	organizations
Amazon Pinpoint	mobiletargeting
Amazon Polly	polly
Amazon Redshift	redshift
Amazon Relational Database Service (Amazon RDS)	rds
Amazon Route 53	route53
Amazon Route 53 Auto Naming	servicediscovery
Amazon Route 53 Domains	route53domains
AWS Secrets Manager	secretsmanager
AWS Security Token Service (AWS STS)	sts
AWS Serverless Application Repository	serverlessrepo
AWS Service Catalog	servicecatalog
AWS Shield アドバンスド	DDoSProtection
Amazon Simple Email Service (Amazon SES)	ses
Amazon Simple Notification Service (Amazon SNS)	sns
Amazon Simple Queue Service (Amazon SQS)	sqs
Amazon Simple Storage Service (Amazon S3)	s3
Amazon Simple Workflow Service (Amazon SWF)	swf
Amazon SimpleDB	sdb
AWS Step Functions	states
AWS Storage Gateway	storagegateway
AWS サポート	support
AWS Trusted Advisor	trustedadvisor
Amazon Virtual Private Cloud (Amazon VPC)	ec2
AWS WAF	waf
Amazon WorkDocs	workdocs
Amazon WorkMail	workmail
Amazon WorkSpaces	workspaces