コンソールにサインインする
AWS 全般のリファレンス
リファレンスガイド (Version 1.0)

AWS ドキュメント » リファレンスガイド » Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) と AWS サービスの名前空間

Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API コールなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。

ARN 形式

次に ARN の例を示します。

<!-- Elastic Beanstalk application version -->
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment

<!-- IAM user name -->
arn:aws:iam::123456789012:user/David

<!-- Amazon RDS instance used for tagging -->
arn:aws:rds:eu-west-1:123456789012:db:mysql-db

<!-- Object in an Amazon S3 bucket -->
arn:aws:s3:::my_corporate_bucket/exampleobject.png

次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。ARN を使用するには、例で赤の斜体で示されているテキストを自分の情報に置き換えます。 

arn:partition:service:region:account-id:resource
arn:partition:service:region:account-id:resourcetype/resource
arn:partition:service:region:account-id:resourcetype/resource/qualifier
arn:partition:service:region:account-id:resourcetype/resource:qualifier
arn:partition:service:region:account-id:resourcetype:resource
arn:partition:service:region:account-id:resourcetype:resource:qualifier
パーティション

リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは aws です。他のパーティションにリソースがある場合、パーティションは aws-partitionname です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、aws-cn です。

service

AWS 製品(例: Amazon S3、IAM、Amazon RDS)を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。

リージョン

リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。

アカウント

リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012 と指定します。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。

resourceresourcetype:resource、または resourcetype/resource

ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。

ARN の例

次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。ARN を使用するには、例で赤の斜体で示されているテキストを自分の情報に置き換えます。

一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。

サービス

Alexa for Business

構文:

arn:aws:a4b:region:accountid:resourcetype/resource

例:

arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158

Amazon API Gateway

構文:

arn:aws:apigateway:region::resource-path
arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path
arn:aws:execute-api:region:account-id:api-id/stage-name/route-key

例:

arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/*
arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/*
arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets
arn:aws:apigateway:us-east-1::/apis/a123456789012bc3de45678901f23a45/*
arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*
arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$connect
arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$route1

AWS AppSync

構文:

arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-name
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-name
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name

例:

arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription

AWS Artifact

構文:

arn:aws:artifact:::report-package/document-type/report-type

例:

arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*
arn:aws:artifact:::report-package/Certifications and Attestations/ISO/*
arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Amazon Athena

構文:

arn:aws:athena:region:account-id:workgroup/workgroup-name

例:

arn:aws:athena:us-east-1:123456789012:workgroup/my-workgroup-name

Amazon EC2 Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyName/policyfriendlyname
arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

Application Auto Scaling

構文:

arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:resource/service-namespace/resource-id:policyName/policyfriendlyname
arn:aws:autoscaling:region:account-id:scheduledAction:action-id:resource/service-namespace/resource-id:scheduledActionName/actionfriendlyname

例:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:resource/ec2/spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE:policyName/cpu40
arn:aws:autoscaling:us-east-1:123456789012:scheduledAction:38c84579-0f51-4adc-879b-a2cc4EXAMPLE:resource/ec2/spot-fleet-request/sfr-09d694de-4d82-4b48-a4f4-2f38fEXAMPLE:scheduledActionName/my-action

AWS App Mesh

構文:

arn:aws:appmesh:region:account-id:mesh/mesh-name
arn:aws:appmesh:region:account-id:mesh/mesh-name/virtualService/virtual-service-name
arn:aws:appmesh:region:account-id:mesh/mesh-name/virtualNode/virtual-node-name
arn:aws:appmesh:region:account-id:mesh/mesh-name/virtualRouter/virtual-router-name
arn:aws:appmesh:region:account-id:mesh/mesh-name/virtualRouter/virtual-router-name/route/route-name

例:

arn:aws:appmesh:us-east-1:123456789012:mesh/my-mesh
arn:aws:appmesh:us-east-1:123456789012:mesh/my-mesh/virtualService/my-service.default.svc.cluster.local
arn:aws:appmesh:us-east-1:123456789012:mesh/my-mesh/virtualNode/my-virtual-node
arn:aws:appmesh:us-east-1:123456789012:mesh/my-mesh/virtualRouter/my-virtual-router
arn:aws:appmesh:us-east-1:123456789012:mesh/my-mesh/virtualRouter/my-virtual-router/route/my-route

AWS Batch

構文:

arn:aws:batch:region:account-id:compute-environment/name
arn:aws:batch:region:account-id:job-definition/job-name:revision
arn:aws:batch:region:account-id:job-queue/queue-name

例:

arn:aws:batch:us-east-1:123456789012:compute-environment/my-environment
arn:aws:batch:us-east-1:123456789012:job-definition/my-job-definition:1
arn:aws:batch:us-east-1:123456789012:job-queue/my-queue

AWS Certificate Manager

構文:

arn:aws:acm:region:account-id:certificate/certificate-id

例:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

AWS Certificate Manager Private Certificate Authority

構文 (プライベート認証機関):

arn:aws:acm-pca:region:account-id:certificate-authority/ca-id

例:

arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8

AWS Cloud9

構文:

arn:aws:cloud9:region:account-id:environment:environment-id

例:

arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX

Amazon Cloud Directory

構文:

arn:aws:clouddirectory:region:account-id:directory/directoryID

例:

arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

AWS CloudFormation

構文:

arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

例:

arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudFront

構文:

arn:aws:cloudfront::account-id:*

例:

arn:aws:cloudfront::123456789012:*

AWS Cloud Map

構文:

arn:aws:servicediscovery:region:account-id:namespace/namespace-id
arn:aws:servicediscovery:region:account-id:service/service-id

AWS Cloud Map には、ARN のアカウント番号またはリージョンは不要です。

例:

arn:aws:servicediscovery:us-east-1:123456789012:namespace/ns-e1tpmexample0001
arn:aws:servicediscovery:us-east-1:123456789012:service/srv-e4anhexample0004

Amazon CloudSearch

構文:

arn:aws:cloudsearch:region:account-id:domain/domainname

例:

arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

構文:

arn:aws:cloudtrail:region:account-id:trail/trailname

例:

arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch

構文:

arn:aws:cloudwatch:region:account-id:alarm:alarm-name

arn:aws:cloudwatch::account-id:dashboard/dashboard-name

例:

arn:aws:cloudwatch:us-east-1:123456789012:alarm:*
arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName

arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName

Amazon CloudWatch Events

構文:

arn:aws:events:region:*:*

例:

arn:aws:events:us-east-1:*:*
arn:aws:events:us-east-1:123456789012:*
arn:aws:events:us-east-1:123456789012:rule/my-rule

Amazon CloudWatch Logs

構文:

arn:aws:logs:region:*:*

例:

arn:aws:logs:us-east-1:*:*
arn:aws:logs:us-east-1:123456789012:*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream*
arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*

CodeBuild

構文:

arn:aws:codebuild:region:account-id:resourcetype/resource

例:

arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project
arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

構文:

arn:aws:codecommit:region:account-id:resource-specifier

例:

arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

構文:

arn:aws:codedeploy:region:account-id:resource-type:resource-specifier
arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

例:

arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App
arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

Amazon Cognito ユーザープール

構文:

arn:aws:cognito-idp:region:account-id:userpool/user-pool-id

例:

arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito フェデレーテッドアイデンティティ

構文:

arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id

例:

arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito Sync

構文:

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name

例:

arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

AWS Config

構文:

arn:aws:config:region:account-id:config-rule/config-rule-id

例:

arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan

AWS CodePipeline

構文:

arn:aws:codepipeline:region:account-id:resource-specifier

例:

arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS CodeStar

構文:

arn:aws:codestar:region:account-id:project/resource-specifier

例: 

arn:aws:codestar:us-east-1:123456789012:project/my-first-project

AWS DataSync

arn:aws:datasync:region:account-id:agent/agent-id
arn:aws:datasync:region:account-id:location/location-id        
arn:aws:datasync:region:account-id:task/task-id       
arn:aws:datasync:region:account-id:task/task-id/execution/exec-id

例:

arn:aws:datasync:us-east-2:111222333444:agent/agent-0b0addbeef44baca3
arn:aws:datasync:us-east-2:111222333444:location/loc-07db7abfc326c50fb        
arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026   
arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026/execution/exec-04ce9d516d69bd52f

AWS Direct Connect

構文:

arn:aws:directconnect:region:account-id:dxcon/connection-id
arn:aws:directconnect:region:account-id:dxlag/lag-id 
arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id
arn:aws:directconnect:region:account-id:dx-gateway/direct-connect-gateway-id

例:

arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048
arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq
arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x
arn:aws:directconnect:us-east-1:123456789012:dx-gateway/f98379d1-148b-43a1-83dd-4a130e8b7645

AWS Directory Service

構文:

arn:aws:ds:region:account-id:directory/directoryId

例:

arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

Amazon DocumentDB

構文:

arn:aws:rds:region:account-id:db:resource-id
arn:aws:rds:region:account-id:cluster:resource-id
arn:aws:rds:region:account-id:cluster-pg:resource-id
arn:aws:rds:region:account-id:secgrp:resource-id
arn:aws:rds:region:account-id:cluster-snapshot:resource-id
arn:aws:rds:region:account-id:subgrp:resource-id

例:

arn:aws:rds:us-east-1:444455556666:db:sample-instance
arn:aws:rds:us-east-1:444455556666:cluster:sample-cluster
arn:aws:rds:us-east-1:444455556666:cluster-pg:sample-cluster-parameter-group
arn:aws:rds:us-east-1:444455556666:secgrp:sample-security-group
arn:aws:rds:us-east-1:444455556666:cluster-snapshot:sample-snapshot
arn:aws:rds:us-east-1:444455556666:subgrp:sample-subnet-group

強化された読み取りについては、「Amazon DocumentDB Amazon リソースネーム (ARN) を理解する」を参照してください。

Amazon DynamoDB

構文:

arn:aws:dynamodb:region:account-id:table/tablename
arn:aws:dynamodb:region:account-id:table/tablename/stream/label

例:

arn:aws:dynamodb:us-east-1:123456789012:table/books_table
arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291

AWS Elastic Beanstalk

構文:

arn:aws:elasticbeanstalk:region:account-id:application/applicationname
arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel
arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname
arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname
arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

例:

arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App
arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version
arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7
arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic Compute Cloud (Amazon EC2)

構文:

arn:aws:ec2:region:account-id:capacity-reservation/reservation-id
arn:aws:ec2:region:account-id:client-vpn-endpoint/endpoint-id
arn:aws:ec2:region:account-id:customer-gateway/cgw-id
arn:aws:ec2:region:account-id:dedicated-host/host-id
arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id
arn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-id
arn:aws:ec2:region:account-id:eip/eipalloc-id
arn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-id
arn:aws:ec2:region::fpga-image/fpga-image-id
arn:aws:ec2:region::image/image-id
arn:aws:ec2:region:account-id:image/image-id
arn:aws:ec2:region:account-id:instance/instance-id
arn:aws:ec2:region:account-id:internet-gateway/igw-id
arn:aws:ec2:region:account-id:key-pair/key-pair-name	
arn:aws:ec2:region:account-id:launch-template/launch-template-id
arn:aws:ec2:region:account-id:natgateway/natgateway-id
arn:aws:ec2:region:account-id:network-acl/nacl-id
arn:aws:ec2:region:account-id:network-interface/eni-id
arn:aws:ec2:region:account-id:placement-group/placement-group-name
arn:aws:ec2:region:account-id:reserved-instances/reservation-id
arn:aws:ec2:region:account-id:route-table/route-table-id
arn:aws:ec2:region:account-id:security-group/security-group-id
arn:aws:ec2:region:account-id:snapshot/snapshot-id
arn:aws:ec2:region::spot-instance-request/spot-instance-request-id
arn:aws:ec2:region:account-id:subnet/subnet-id
arn:aws:ec2:region:account-id:transit-gateway/tgw-id
arn:aws:ec2:region:account-id:transit-gateway-attachment/tgw-attachment-id
arn:aws:ec2:region:account-id:transit-gateway-route-table/tgw-route-table-id
arn:aws:ec2:region:account-id:volume/volume-id
arn:aws:ec2:region:account-id:vpc/vpc-id
arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id
arn:aws:ec2:region:account-id:vpn-connection/vpn-id
arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

例:

arn:aws:ec2:us-east-1::image/ami-1a2b3c4d
arn:aws:ec2:us-east-1:123456789012:instance/*
arn:aws:ec2:us-east-1:123456789012:volume/*
arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d
arn:aws:ec2:us-east-1:111122223333:vpc/vpc-12345678

Amazon Elastic Container Registry (Amazon ECR)

構文:

arn:aws:ecr:region:account-id:repository/repository-name

例:

arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon Elastic Container Service (Amazon ECS)

構文:

arn:aws:ecs:region:account-id:cluster/cluster-name
arn:aws:ecs:region:account-id:container-instance/cluster-name/container-instance-id
arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number
arn:aws:ecs:region:account-id:service/cluster-name/service-name
arn:aws:ecs:region:account-id:task/cluster-name/task-id
arn:aws:ecs:region:account-id:container/container-id

例:

arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster
arn:aws:ecs:us-east-1:123456789012:container-instance/my-cluster/403125b0-555c-4473-86b5-65982db28a6d
arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8
arn:aws:ecs:us-east-1:123456789012:service/my-cluster/sample-webapp
arn:aws:ecs:us-east-1:123456789012:task/my-cluster/1abf0f6d-a411-4033-b8eb-a4eed3ad252a
arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic Kubernetes Service (Amazon EKS)

構文:

arn:aws:eks:region:account-id:cluster/cluster-name

例:

arn:aws:eks:us-east-1:123456789012:cluster/my-cluster

Amazon Elastic File System

構文:

arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

例:

arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs12345678

Elastic Load Balancing (Application Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id
arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id
arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee
arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Network Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id
arn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-id
arn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-id
arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2
arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee
arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

構文:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

例:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

構文:

arn:aws:elastictranscoder:region:account-id:resource/id

例:

arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

構文:

arn:aws:elasticache:region:account-id:resourcetype:resourcename

例:

arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster
arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

構文:

arn:aws:es:region:account-id:domain/domain-name

例:

arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon EventBridge

構文:

arn:aws:events:region:*:*

例:

arn:aws:events:us-east-1:*:*
arn:aws:events:us-east-1:123456789012:*
arn:aws:events:us-east-1:123456789012:rule/my-rule
arn:aws:events:us-east-1:123456789012:event-bus/event-bus-name

Amazon S3 Glacier

構文:

arn:aws:glacier:region:account-id:vaults/vaultname

例:

arn:aws:glacier:us-east-1:123456789012:vaults/examplevault
arn:aws:glacier:us-east-1:123456789012:vaults/example*
arn:aws:glacier:us-east-1:123456789012:vaults/*

AWS Global Accelerator

構文:

arn:aws:globalaccelerator::account-id:accelerator/accelerator-id

例:

arn:aws:globalaccelerator::123456789012:accelerator/123abc4567e8fa901bc2d3example

AWS Ground Station

構文:

arn:aws:groundstation:region:account-id:config/config-type/config-id
arn:aws:groundstation:region:account-id:contact/contact-id
arn:aws:groundstation:region:account-id:mission-profile/mission-profile-id
arn:aws:groundstation:region:account-id:satellite/satellite-id

例:

arn:aws:groundstation:us-east-2:123456789012:config/DecodeConfig/11111111-2222-3333-4444-555555555555
arn:aws:groundstation:us-east-2:123456789012:contact/11111111-2222-3333-4444-555555555555
arn:aws:groundstation:us-east-2:123456789012:mission-profile/11111111-2222-3333-4444-555555555555
arn:aws:groundstation:us-east-2:123456789012:satellite/11111111-2222-3333-4444-555555555555

Amazon GuardDuty

構文:

arn:aws:guardduty:region:account-id:detector/detector-id
arn:aws:guardduty:region:account-id:detector/detector-id/filter/filter-name
arn:aws:guardduty:region:account-id:detector/detector-id/ipset/ipset-id
arn:aws:guardduty:region:account-id:detector/detector-id/threatintelset/threatintelset-id

例:

arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0
arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0/filter/example-filter
arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0/ipset/0cb0141ab9fbde177613ab9436212e90
arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0/threatintelset/12a34567890bc1de2345f67ab8901234

AWS Health / Personal Health Dashboard

構文:

arn:aws:health:region::event/event-id
arn:aws:health:region:account-id:entity/entity-id

例:

arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID
arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management (IAM)

構文:

arn:aws:iam::account-id:root
arn:aws:iam::account-id:user/user-name
arn:aws:iam::account-id:group/group-name
arn:aws:iam::account-id:role/role-name
arn:aws:iam::account-id:policy/policy-name
arn:aws:iam::account-id:instance-profile/instance-profile-name
arn:aws:sts::account-id:federated-user/user-name
arn:aws:sts::account-id:assumed-role/role-name/role-session-name
arn:aws:iam::account-id:mfa/virtual-device-name
arn:aws:iam::account-id:u2f/u2f-token-id
arn:aws:iam::account-id:server-certificate/certificate-name
arn:aws:iam::account-id:saml-provider/provider-name
arn:aws:iam::account-id:oidc-provider/provider-name

例:

arn:aws:iam::123456789012:root
arn:aws:iam::123456789012:user/JohnDoe
arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/JaneDoe
arn:aws:iam::123456789012:group/Developers
arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers
arn:aws:iam::123456789012:role/S3Access
arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access
arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials
arn:aws:iam::123456789012:instance-profile/Webserver
arn:aws:sts::123456789012:federated-user/JohnDoe
arn:aws:sts::123456789012:assumed-role/Accounting-Role/JaneDoe
arn:aws:iam::123456789012:mfa/JaneDoeMFA
arn:aws:iam::123456789012:u2f/user/JohnDoe/default (U2F security key)
arn:aws:iam::123456789012:server-certificate/ProdServerCert
arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert
arn:aws:iam::123456789012:saml-provider/ADFSProvider
arn:aws:iam::123456789012:oidc-provider/GoogleProvider

IAM ARN の詳細については、IAM ユーザーガイド の「IAM ARNs」を参照してください。

AWS IoT

構文:

arn:aws:iot:your-region:account-id:cert/cert-ID
arn:aws:iot:your-region:account-id:policy/policy-name
arn:aws:iot:your-region:account-id:rule/rule-name
arn:aws:iot:your-region:account-id:client/client-id/rule-name

例:

arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7
arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy
arn:aws:iot:your-region:123456789012:rule/MyIoTRule
arn:aws:iot:your-region:123456789012:client/client101

AWS Key Management Service (AWS KMS)

構文:

arn:aws:kms:region:account-id:key/key-id
arn:aws:kms:region:account-id:alias/alias

例:

arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Data Firehose (Kinesis Data Firehose)

構文:

arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

例:

arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Data Streams (Kinesis Data Streams)

構文:

arn:aws:kinesis:region:account-id:stream/stream-name        
arn:aws:kinesis:region:account-id:stream/stream-name/consumer/consumer-name:consumer-creation-timestamp

例:

arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name
arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name/consumer/example-consumer-name:1525898737

Amazon Kinesis Data Analytics (Kinesis Data Analytics)

構文:

arn:aws:kinesisanalytics:region:account-id:application/application-name

例:

arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name

Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)

構文:

arn:aws:kinesisvideo:region:account-id:application/stream-name/code

例:

arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012

AWS Lambda (Lambda)

構文:

arn:aws:lambda:region:account-id:function:function-name
arn:aws:lambda:region:account-id:function:function-name:version
arn:aws:lambda:region:account-id:function:function-name:alias-name
arn:aws:lambda:region:account-id:event-source-mapping:event-source-mapping-id
arn:aws:lambda:region:account-id:layer:layer-name
arn:aws:lambda:region:account-id:layer:layer-name:version

例:

arn:aws:lambda:us-east-1:123456789012:function:my-function
arn:aws:lambda:us-east-1:123456789012:function:my-function:1
arn:aws:lambda:us-east-1:123456789012:function:my-function:PROD
arn:aws:lambda:us-east-1:123456789012:event-source-mapping:fa123456-14a1-4fd2-9fec-83de64ad683de6d47
arn:aws:lambda:us-east-1:123456789012:layer:my-layer
arn:aws:lambda:us-east-1:123456789012:layer:my-layer:1

Amazon Lightsail

構文:

arn:aws:lightsail:region:account-id:Instance/instance-id
arn:aws:lightsail:region:account-id:RelationalDatabase/relational-database-id
arn:aws:lightsail:region:account-id:Disk/disk-id
arn:aws:lightsail:region:account-id:StaticIp/static-ip-id
arn:aws:lightsail:global:account-id:Domain/domain-id
arn:aws:lightsail:region:account-id:LoadBalancer/load-balancer-id
arn:aws:lightsail:region:account-id:InstanceSnapshot/instance-snapshot-id
arn:aws:lightsail:region:account-id:RelationalDatabaseSnapshot/relational-database-snapshot-id
arn:aws:lightsail:region:account-id:DiskSnapshot/disk-snapshot-id
arn:aws:lightsail:region:account-id:CloudFormationStackRecord/cloud-formation-stack-record-id
arn:aws:lightsail:region:account-id:ExportSnapshotRecord/export-snapshot-record-id
arn:aws:lightsail:region:account-id:KeyPair/key-pair-id
arn:aws:lightsail:region:account-id:LoadBalancerTlsCertificate/load-balancer-tls-certificate-id

例:

arn:aws:lightsail:us-east-1:123456789012:Instance/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:RelationalDatabase/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:Disk/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:StaticIp/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:global:123456789012:Domain/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:LoadBalancer/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:InstanceSnapshot/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:RelationalDatabaseSnapshot/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:DiskSnapshot/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:CloudFormationStackRecord/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:ExportSnapshotRecord/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:KeyPair/1234568-1234-1234-1234-123456789012
arn:aws:lightsail:us-east-1:123456789012:LoadBalancerTlsCertificate/1234568-1234-1234-1234-123456789012

Amazon Macie

構文:

arn:aws:macie:region:account-id:trigger/triggerID
arn:aws:macie:region:account-id:trigger/triggerID/alert/alertID

例:

arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975
arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585
arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585

Amazon Machine Learning (Amazon ML)

構文:

arn:aws:machinelearning:region:account-id:datasource/datasourceID
arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID
arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID
arn:aws:machinelearning:region:account-id:evaluation/evaluationID

例:

arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1
arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel
arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction
arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

Amazon Managed Streaming for Apache Kafka (Amazon MSK)

構文:

arn:aws:kafka:region:account-id:cluster/cluster-name/cluster-id
arn:aws:kafka:region:account-id:configuration/configuration-name/configuration-id

例:

arn:aws:kafka:us-east-1:123456789012:cluster/example-cluster-name/0203456a-abcd-1234-cdef-3be56f8c54ce-2
arn:aws:kafka:us-east-1:123456789012:configuration/example-configuration-name/abcdabcd-1234-abcd-1234-abcd123e8e8e-1

AWS Elemental MediaConnect

構文:

arn:aws:mediaconnect:region:account-id:entitlement:resourceID:resourceName
arn:aws:mediaconnect:region:account-id:flow:resourceID:resourceName
arn:aws:mediaconnect:region:account-id:output:resourceID:resourceName
arn:aws:mediaconnect:region:account-id:source:resourceID:resourceName

例:

arn:aws:mediaconnect:us-east-1:111111111111:entitlement:1-1a2b3c4d5e6f7g8h-123456abcDEF:EntitlementName
arn:aws:mediaconnect:us-east-1:111111111111:flow:1-12345678abcdefgh-654321abcDEF:FlowName
arn:aws:mediaconnect:us-east-1:111111111111:output:1-abcDEFGH12345678-abcDEF123456:OutputName
arn:aws:mediaconnect:us-east-1:111111111111:source:1-abc12345678defgh-ABCdef654321:SourceName

AWS Elemental MediaConvert

構文:

arn:aws:mediaconvert:region:account-id:jobs/jobID
arn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateName
arn:aws:mediaconvert:region:account-id:presets/presetName
arn:aws:mediaconvert:region:account-id:queues/queueName

例:

arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123
arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678
arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p
arn:aws:mediaconvert:us-east-1:111111111111:queues/default

AWS Elemental MediaLive

構文:

arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupID
arn:aws:medialive:region:account-id:input:inputID
arn:aws:medialive:region:account-id:channel:channelID

例:

arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567
arn:aws:medialive:us-east-1:111111111111:input:2345678
arn:aws:medialive:us-east-1:111111111111:channel:3456789

AWS Elemental MediaPackage

構文:

arn:aws:mediapackage:region:account-id:channels/channelID
arn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID

例:

arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m
arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n

AWS Elemental MediaStore

構文:

arn:aws:mediastore:region:account-id:resourceType/resourceID

例:

arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts

AWS Elemental MediaTailor

構文:

arn:aws:mediatailor:region:account-id:playbackConfiguration/Name

例:

arn:aws:mediatailor:us-east-1:111111111111:playbackConfiguration/exampleConfig

AWS Mobile Hub

構文:

arn:aws:mobilehub:region:account-id:project/projectID

例:

arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc

Amazon MQ

構文:

arn:aws:mq:region:account-id:broker:broker-name:broker-id
arn:aws:mq:region:account-id:configuration:configuration-name:configuration-id

例:

arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9

AWS OpsWorks for Chef Automate および AWS OpsWorks for Puppet Enterprise

構文:

arn:aws:opsworks-cm:us-east-1:master-account-id:server/server-name-random-ID-suffix/server-id

例:

arn:aws:opsworks-cm:us-east-1:123456789012:server/TestServer-0123456789/EXAMPLEa-1199-43a6-aa00-8a000EXAMPLE

AWS OpsWorks スタック

構文:

arn:aws:opsworks:us-east-1:master-account-id:stack/stack-id
arn:aws:opsworks:us-east-1:master-account-id:layer/layer-id
arn:aws:opsworks:us-east-1:master-account-id:instance/opsworks-instance-id
arn:aws:opsworks:us-east-1:master-account-id:app/opsworks-app-id

例:

arn:aws:opsworks:us-east-1:123456789012:stack/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE
arn:aws:opsworks:us-east-1:123456789012:layer/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE
arn:aws:opsworks:us-east-1:123456789012:instance/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE
arn:aws:opsworks:us-east-1:123456789012:app/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE

AWS Organizations

構文:

arn:aws:organizations::master-account-id:organization/o-organization-id
arn:aws:organizations::master-account-id:root/o-organization-id/r-root-id
arn:aws:organizations::master-account-id:account/o-organization-id/account-id
arn:aws:organizations::master-account-id:ou/o-organization-id/ou-organizational-unit-id
arn:aws:organizations::master-account-id:policy/o-organization-id/policy-type/p-policy-id
arn:aws:organizations::master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id

例:

arn:aws:organizations::123456789012:organization/o-a1b2c3d4e5example
arn:aws:organizations::123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example
arn:aws:organizations::123456789012:account/o-a1b2c3d4e5/123456789012
arn:aws:organizations::123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example
arn:aws:organizations::123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example
arn:aws:organizations::123456789012:handshake/o-a1b2c3d4e5/invite/h-u2v4w5x8y0example

Amazon Pinpoint

構文:

arn:aws:mobiletargeting:us-east-1:account-id:apps/appId
arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignId
arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId

例:

arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf

Amazon Polly

構文:

arn:aws:polly:region:account-id:lexicon/LexiconName

例:

arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

構文:

arn:aws:redshift:region:account-id:cluster:cluster-name
arn:aws:redshift:region:account-id:dbname:cluster-name/database-name
arn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-name
arn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-name
arn:aws:redshift:region:account-id:parametergroup:parameter-group-name
arn:aws:redshift:region:account-id:securitygroup:security-group-name
arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name
arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name

例:

arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster
arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database
arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user
arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group
arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group
arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group
arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807
arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10

Amazon Relational Database Service (Amazon RDS)

ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon RDS ユーザーガイド』の「Tagging a DB Instance」を参照してください。

構文:

arn:aws:rds:region:account-id:db:db-instance-name
arn:aws:rds:region:account-id:snapshot:snapshot-name
arn:aws:rds:region:account-id:cluster:db-cluster-name
arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name
arn:aws:rds:region:account-id:og:option-group-name
arn:aws:rds:region:account-id:pg:parameter-group-name
arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name
arn:aws:rds:region:account-id:secgrp:security-group-name
arn:aws:rds:region:account-id:subgrp:subnet-group-name
arn:aws:rds:region:account-id:es:subscription-name

例:

arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1
arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2
arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1
arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7
arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1
arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1
arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3
arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2
arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1
arn:aws:rds:us-east-1:123456789012:es:monitor-events2

AWS リソースグループ

AWS リソースグループで利用可能なリソースは、グループのみです。グループには、一意の Amazon リソースネーム (ARN) が関連付けられています。グループは、アカウント内のリージョンで固有のものです。リソースグループの詳細については、『AWS リソースグループユーザーガイド』を参照してください。

構文:

arn:aws:resource-groups:region:account:group/group-name

例:

arn:aws:resource-groups:us-west-2:123456789012:group/MyExampleGroup

AWS RoboMaker

構文:

arn:aws:robomaker:region:account-id:robot-application/robotApplicationName/createdOnEpoch
arn:aws:robomaker:region:account-id:simulation-application/simulationApplicationName/createdOnEpoch
arn:aws:robomaker:region:account-id:simulation-job/simulationJobId
arn:aws:robomaker:region:account-id:deployment-job/deploymentJobId
arn:aws:robomaker:region:account-id:robot/robotName/createdOnEpoch
arn:aws:robomaker:region:account-id:deployment-fleet/fleetName/createdOnEpoch

例:

arn:aws:robomaker:us-east-1:123456789012:robot-application/helloWorldRobotApplication/1546541198985
arn:aws:robomaker:us-east-1:123456789012:simulation-application/helloWorldSimulationApplication/1546541192487
arn:aws:robomaker:us-east-1:123456789012:simulation-job/sim-g8h6tzlmblg7
arn:aws:robomaker:us-east-1:123456789012:deployment-job/deployment-4t9g6rp25zdb
arn:aws:robomaker:us-east-1:123456789012:robot/helloWorldRobot/1546541197111
arn:aws:robomaker:us-east-1:123456789012:deployment-fleet/helloWorldFleet/1546541199833

Amazon Route 53

構文:

arn:aws:route53:::hostedzone/zoneid
arn:aws:route53:::change/change-id
arn:aws:route53::account-id:domain/domain-name
arn:aws:route53resolver:region:account-id:resolver-rule/rule-id
arn:aws:route53resolver:region:account-id:resolver-endpoint/endpoint-id

Amazon Route 53 には、ARN のアカウント番号またはリージョンは不要です。

例:

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2
arn:aws:route53:::change/*
arn:aws:route53::123456789012:domain/example.com
arn:aws:route53resolver:us-west-2:123456789012:resolver-rule/rslvr-rr-5328a0899aexample
arn:aws:route53resolver:us-west-2:123456789012:resolver-endpoint/rslvr-in-60b9fd8fdbexample

Amazon Route 53 自動命名は AWS Cloud Map という別のサービスとしてリリースされました。「AWS Cloud Map」を参照してください。

Amazon SageMaker

構文:

arn:aws:sagemaker:region:account-id:notebook-instance:notebookInstanceName
        arn:aws:sagemaker:region:account-id:notebook-instance-lifecycle-config:notebookInstanceLifecycleConfigName
        arn:aws:sagemaker:region:account-id:training-job:trainingJobName
        arn:aws:sagemaker:region:account-id:model:modelName
        arn:aws:sagemaker:region:account-id:endpoint:endpointName
        arn:aws:sagemaker:region:account-id:endpoint-config:endpointConfigName
        arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job:hyperParameterTuningJobName
        arn:aws:sagemaker:region:account-id:transform-job:transformJobName

例:

arn:aws:sagemaker:us-east-1:123456789012:notebook-instance:my-notebookInstance-1
        arn:aws:sagemaker:us-east-1:123456789012:notebook-instance-lifecycle-config:my-notebookInstanceLifecycleConfig-1
        arn:aws:sagemaker:us-east-1:123456789012:training-job:my-trainingJob-1
        arn:aws:sagemaker:us-east-1:123456789012:model:my-mlModel-1
        arn:aws:sagemaker:us-east-1:123456789012:endpoint:my-endpoint-1
        arn:aws:sagemaker:us-east-1:123456789012:endpoint-config:my-endpointConfig-1
        arn:aws:sagemaker:us-east-1:123456789012:hyper-parameter-tuning-job:my-hp-tuningJob-1
        arn:aws:sagemaker:us-east-1:123456789012:transform-job:my-transformJob-1

AWS Secrets Manager

構文:

arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code

各シークレットは、オプションのパス、ユーザーが指定したシークレットの分かりやすい名前、ダッシュに続き、AWS で生成された 6 文字のランダムコードで構成されます。

例:

arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq
arn:aws:secretsmanager:us-east-1:123456789012:secret:another_secret_name-??????

注記

上記の 2 番目の例は、Secrets Manager によって割り当てられた 6 つのランダムな文字と合わせるために使用されるワイルドカードメカニズムを示しています。詳細については、AWS Secrets Manager ユーザーガイド の「特定のシークレットへのアクセスの制限」を参照してください。

Service Quotas

構文:

arn:aws:servicequotas:region:account_id:servicecode/quotacode

例:

arn:aws:servicequotas:us-east-1:123456789012:servicequotas/L-7AA14F8F
arn:aws:servicequotas:us-east-1:123456789012:elasticbeanstalk/L-1CEABD17

AWS Serverless Application Repository

構文:

arn:aws:serverlessrepo:region:account-id:applications/application-name
arn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version

例:

arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp
arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0

Amazon Simple Email Service (Amazon SES)

Amazon SES では、ARN が最もよく使用されるのは、送信承認のセットアップです。詳細については、Amazon Simple Email Service 開発者ガイドの「Amazon SES での送信承認の使用」を参照してください。

構文:

arn:aws:ses:region:account-id:identity/identity

例:

arn:aws:ses:us-east-1:123456789012:identity/example.com
arn:aws:ses:us-east-1:123456789012:identity/sender@example.net

Amazon Simple Notification Service (Amazon SNS)

構文:

arn:aws:sns:region:account-id:topicname
arn:aws:sns:region:account-id:topicname:subscriptionid

例:

arn:aws:sns:*:123456789012:my_corporate_topic
arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service (Amazon SQS)

構文:

arn:aws:sqs:region:account-id:queuename

例:

arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service (Amazon S3)

構文:

arn:aws:s3:::bucket_name
arn:aws:s3:::bucket_name/key_name

注記

Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。

例:

arn:aws:s3:::my_corporate_bucket
arn:aws:s3:::my_corporate_bucket/exampleobject.png
arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。

Amazon Simple Workflow Service (Amazon SWF)

構文:

arn:aws:swf:region:account-id:/domain/domain_name

例:

arn:aws:swf:us-east-1:123456789012:/domain/department1
arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

構文:

arn:aws:states:region:account-id:activity:activityName
arn:aws:states:region:account-id:stateMachine:stateMachineName   
arn:aws:states:region:account-id:execution:stateMachineName:executionName

例:

arn:aws:states:us-east-1:123456789012:activity:HelloActivity
arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine
arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

構文:

arn:aws:storagegateway:region:account-id:gateway/gateway-id
arn:aws:storagegateway:region:account-id:share/share-id        
arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id        
arn:aws:storagegateway:region:account-id:tape/tapebarcode
arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget
arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

例:

arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B
arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

注記

各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。

AWS Systems Manager

構文:

arn:aws:ssm:region:account-id:document/document_name
arn:aws:ssm:region:account-id:parameter/parameter_name
arn:aws:ssm:region:account-id:patchbaseline/baseline_id
arn:aws:ssm:region:account-id:maintenancewindow/window_id
arn:aws:ssm:region:account-id:automation-execution/execution_id
arn:aws:ssm:region:account-id:automation-Activity/activity_name
arn:aws:ssm:region:account-id:automation-definition/definitionName:version
arn:aws:ssm:region:account-id:managed-instance/instance_id
arn:aws:ssm:region:account-id:managed-instance-inventory/instance_id
arn:aws:ssm:region:account-id:opsitem/opsitem_id

例:

arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup
arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName
arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567
arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567
arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d
arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName
arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1
arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567
arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661
arn:aws:ssm:us-east-1:123456789012:opsitem/oi-33e35052cca2

AWS Transfer for SFTP

構文:

arn:aws:transfer:region:account-id:server/server-id
arn:aws:transfer:region:account-id:user/server-id/username

例:

arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef
arn:aws:transfer:us-east-1:123456789012:user/s-01234567890abcdef/user1

AWS Trusted Advisor

構文:

arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

例:

arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

構文、WAF Global (CloudFront で使用):

arn:aws:waf::account-id:resource-type/resource-id

構文、WAF Regional (Application Load Balancer で使用):

arn:aws:waf-regional:region:account-id:resource-type/resource-id

例:

arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2
arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3
arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480
arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4
arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2
arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3
arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480
arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4

構文:

arn:aws:worklink::account-id:fleet/fleet-name

例:

arn:aws:worklink::123456789012:fleet/FleetName

ARN のパス

一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ(/)を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。

特定の状況では、パスにワイルドカード文字、すなわちアスタリスク(*)を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。 

arn:aws:iam::123456789012:user/Development/product_1234/*

同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。 

"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"

ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。

次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。

arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。

次のような使い方はできません。

arn:aws:iam::123456789012:u*

AWS サービスの名前空間

IAM ポリシーを作成するとき、または Amazon リソースネーム (ARN) で作業するときには、名前空間を使用して AWS サービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。

次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": [
        "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*",
        "arn:aws:ec2:us-west-2::image/*",
        "arn:aws:ec2:us-west-2:123456789012:instance/*",
        "arn:aws:iam::123456789012:instance-profile/*",
        "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*",
        "arn:aws:ec2:us-west-2:123456789012:key-pair/*",
        "arn:aws:ec2:us-west-2:123456789012:network-acl/*",
        "arn:aws:ec2:us-west-2:123456789012:network-interface/*",
        "arn:aws:ec2:us-west-2:123456789012:placement-group/*",
        "arn:aws:ec2:us-west-2:123456789012:route-table/*",
        "arn:aws:ec2:us-west-2:123456789012:security-group/*",
        "arn:aws:ec2:us-west-2::snapshot/*",
        "arn:aws:ec2:us-west-2:123456789012:subnet/*",
        "arn:aws:ec2:us-west-2:123456789012:volume/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc/*",
        "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example_bucket/marketing/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket*",
      "Resource": "arn:aws:s3:::example_bucket",
      "Condition": {"StringLike": {"s3:prefix": "marketing/*"}}
    }
  ]
}

次の表は、各 AWS サービスの名前空間の一覧です。

サービス 名前空間
Alexa for Business a4b
API Gateway apigateway
Application Auto Scaling application-autoscaling
AWS Application Discovery Service discovery
Amazon AppStream appstream
AWS AppSync appsync
AWS Artifact artifact
Amazon Athena athena
Auto Scaling Plans autoscaling-plans
AWS Batch batch
AWS Billing and Cost Management aws-portal
AWS 予算 budgets
AWS Certificate Manager (ACM) acm
AWS Certificate Manager Private Certificate Authority acm-pca
Amazon Chime chime
AWS Cloud9 cloud9
Amazon Cloud Directory clouddirectory
AWS CloudFormation cloudformation
Amazon CloudFront cloudfront
AWS CloudHSM cloudhsm
AWS Cloud Map servicediscovery
Amazon CloudSearch cloudsearch
AWS CloudTrail cloudtrail
Amazon CloudWatch cloudwatch
Amazon CloudWatch Events events
Amazon CloudWatch Logs logs
CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS Code Signing for Amazon FreeRTOS signer
AWS CodeStar codestar
Amazon Cognito ユーザープール cognito-idp
Amazon Cognito フェデレーテッドアイデンティティ cognito-identity
Amazon Cognito Sync cognito-sync
Amazon Comprehend comprehend
AWS Config config
Amazon Connect connect
AWS のコストと使用状況レポート cur
AWS Cost Explorer サービス ce
AWS Data Pipeline datapipeline
AWS Database Migration Service (AWS DMS) dms
AWS Device Farm devicefarm
AWS Direct Connect directconnect
AWS Directory Service ds
Amazon DocumentDB rds
Amazon DynamoDB dynamodb
Amazon DynamoDB Accelerator (DAX) dax
Amazon EC2 Auto Scaling autoscaling
Amazon Elastic Compute Cloud (Amazon EC2) ec2
Amazon Elastic Container Registry (Amazon ECR) ecr
Amazon Elastic Container Service (Amazon ECS) ecs
Amazon Elastic Kubernetes Service (Amazon EKS) eks
AWS Elastic Beanstalk elasticbeanstalk
Amazon Elastic File System (Amazon EFS) elasticfilesystem
Elastic Load Balancing elasticloadbalancing
Amazon EMR elasticmapreduce
Amazon Elastic Transcoder elastictranscoder
Amazon ElastiCache elasticache
Amazon Elasticsearch Service (Amazon ES) es
AWS Firewall Manager fms
Amazon FreeRTOS freertos
Amazon GameLift gamelift
Amazon S3 Glacier glacier
AWS Global Accelerator globalaccelerator
AWS Glue glue
AWS IoT Greengrass greengrass
AWS Ground Station groundstation
Amazon GuardDuty guardduty
AWS Health / Personal Health Dashboard health
AWS Identity and Access Management (IAM) iam
AWS Import/Export importexport
Amazon Inspector inspector
AWS IoT iot
AWS IoT Analytics iotanalytics
AWS IoT 1-Click iot1click
AWS Key Management Service (AWS KMS) kms
Amazon Kinesis Data Analytics kinesisanalytics
Amazon Kinesis Data Firehose firehose
Amazon Kinesis Data Streams kinesis
Amazon Kinesis ビデオストリーム kinesisvideo
AWS Lambda lambda
Amazon Lex lex
Amazon Lightsail lightsail
Amazon Macie macie
Amazon Machine Learning machinelearning
AWS Marketplace aws-marketplace
AWS Marketplace Management Portal aws-marketplace-management
Amazon Mechanical Turk mechanicalturk
Amazon Mechanical Turk Crowd crowd
AWS Elemental MediaConnect mediaconnect
AWS Elemental MediaConvert mediaconvert
AWS Elemental MediaLive medialive
AWS Elemental MediaPackage mediapackage
AWS Elemental MediaStore mediastore
AWS Elemental MediaTailor mediatailor
Amazon Message Delivery Service ec2message
AWS Migration Hub mgh
Amazon Mobile Analytics mobileanalytics
AWS Mobile Hub mobilehub
Amazon MQ mq
AWS OpsWorks opsworks
AWS OpsWorks for Chef Automate または AWS OpsWorks for Puppet Enterprise opsworks-cm
AWS Organizations organizations
Amazon Personalize personalize
Amazon Pinpoint mobiletargeting
Amazon Polly polly
AWS 料金表 pricing
Amazon QuickSight quicksight
Amazon Redshift redshift
Amazon Rekognition rekognition
Amazon Relational Database Service (Amazon RDS) rds
AWS リソースグループ resource-groups
Amazon リソースグループのタグ付け API tag
Amazon Route 53 route53
Amazon Route 53 Domains route53domains
Amazon Route 53 リゾルバー route53resolver
Amazon SageMaker sagemaker
AWS Secrets Manager secretsmanager
AWS Security Token Service (AWS STS) sts
AWS Serverless Application Repository serverlessrepo
AWS Service Catalog servicecatalog
AWS Shield shield
AWS Shield アドバンスド shield
AWS SFTP transfer
Amazon Simple Email Service (Amazon SES) ses
Amazon Simple Notification Service (Amazon SNS) sns
Amazon Simple Queue Service (Amazon SQS) sqs
Amazon Simple Storage Service (Amazon S3) s3
Amazon Simple Workflow Service (Amazon SWF) swf
Amazon SimpleDB sdb
AWS シングルサインオン sso
AWS Snowball snowball
AWS Step Functions states
AWS Storage Gateway storagegateway
Amazon Sumerian sumerian
AWS サポート support
AWS Systems Manager ssm
Amazon Textract textract
Amazon Transcribe transcribe
Amazon Translate translate
AWS Trusted Advisor trustedadvisor
Amazon Virtual Private Cloud (Amazon VPC) ec2
AWS WAF waf
AWS WAF リージョン別 waf-regional
Amazon WorkDocs workdocs
Amazon WorkLink worklink
Amazon WorkMail workmail
Amazon WorkSpaces workspaces
Amazon WorkSpaces Application Manager wam
AWS X-Ray xray