Amazon リソースネーム (ARN) と AWS サービスの名前空間
Amazon リソースネーム (ARN) は、AWS リソースを一意に識別します。IAM ポリシー、Amazon Relational Database Service (Amazon RDS) タグ、API コールなど、明らかに全 AWS に渡るリソースを指定する必要がある場合、ARN が必要です。
コンテンツ
ARN 形式
次に ARN の例を示します。
<!-- Elastic Beanstalk application version --> arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment <!-- IAM user name --> arn:aws:iam::123456789012:user/David <!-- Amazon RDS instance used for tagging --> arn:aws:rds:eu-west-1:123456789012:db:mysql-db <!-- Object in an Amazon S3 bucket --> arn:aws:s3:::my_corporate_bucket/exampleobject.png
次は ARN の一般的な形式です; 使用する特定のコンポーネントと値は AWS サービスによって異なります。
arn:partition:service:region:account-id:resourcearn:partition:service:region:account-id:resourcetype/resourcearn:partition:service:region:account-id:resourcetype/resource/qualifierarn:partition:service:region:account-id:resourcetype/resource:qualifierarn:partition:service:region:account-id:resourcetype:resourcearn:partition:service:region:account-id:resourcetype:resource:qualifier
パーティション-
リソースが置かれているパーティションです。標準の AWS リージョンの場合、パーティションは
awsです。他のパーティションにリソースがある場合、パーティションはaws-です。たとえば、中国 (北京) リージョンにあるリソースのパーティションは、partitionnameaws-cnです。 service-
AWS 製品(例: Amazon S3、IAM、Amazon RDS)を識別するサービス名前空間。名前空間のリストは、「AWS サービスの名前空間」を参照してください。
リージョン-
リソースが置かれているリージョン。一部のリソースの ARN はリージョンを必要としないので、この要素は省略されることに注意してください。
アカウント-
リソースを所有しておりハイフンがない AWS アカウントの ID。たとえば、123456789012 と指定します。一部のリソースの ARN はアカウント番号を必要としないので、この要素は省略されることに注意してください。
resource、resourcetype:resource、またはresourcetype/resource-
ARN のこの部分のコンテンツは、サービスによって異なります。リソースタイプの指標 (例: IAM ユーザー、Amazon RDS データベース) が含まれることがよくあり、それにスラッシュ (
/) またはコロン (:)、リソース名自体が続きます。一部のサービスでは、リソース名のパスを指定できます (「ARN のパス」を参照)。
ARN の例
次のセクションでは、さまざまなサービスでの ARN の構文と例を示します。特定の AWS サービスでの ARN の使用の詳細については、そのサービスのドキュメントを参照してください。
一部のサービスでは IAM リソースレベルのアクセス許可をサポートしています。詳細については、「IAM と連携する AWS サービス」を参照してください。
Alexa for Business
構文:
arn:aws:a4b:region:accountid:resourcetype/resource
例:
arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158
Amazon API Gateway
構文:
arn:aws:apigateway:region::resource-patharn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path
例:
arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/*
AWS AppSync
構文:
arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-namearn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-namearn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name
例:
arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription
AWS Artifact
構文:
arn:aws:artifact:::report-package/document-type/report-type
例:
arn:aws:artifact:::report-package/Certifications and Attestations/SOC/* arn:aws:artifact:::report-package/Certifications and Attestations/ISO/* arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*
Amazon EC2 Auto Scaling
構文:
arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyName/policyfriendlynamearn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname
例:
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy
アプリケーションの Auto Scaling
構文:
arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:resource/service-namespace/resource-id:policyName/policyfriendlynamearn:aws:autoscaling:region:account-id:scheduledAction:action-id:resource/service-namespace/resource-id:scheduledActionName/actionfriendlyname
例:
arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:resource/ec2/spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE:policyName/cpu40 arn:aws:autoscaling:us-east-1:123456789012:scheduledAction:38c84579-0f51-4adc-879b-a2cc4EXAMPLE:resource/ec2/spot-fleet-request/sfr-09d694de-4d82-4b48-a4f4-2f38fEXAMPLE:scheduledActionName/my-action
AWS Batch
構文:
arn:aws:batch:region:account-id:compute-environment/namearn:aws:batch:region:account-id:job-definition/job-name:revisionarn:aws:batch:region:account-id:job-queue/queue-name
例:
arn:aws:batch:us-east-1:123456789012:compute-environment/my-environment arn:aws:batch:us-east-1:123456789012:job-definition/my-job-definition:1 arn:aws:batch:us-east-1:123456789012:job-queue/my-queue
AWS Certificate Manager
構文:
arn:aws:acm:region:account-id:certificate/certificate-id
例:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
AWS Certificate Manager Private Certificate Authority
構文 (プライベート認証機関):
arn:aws:acm-pca:region:account-id:certificate-authority/ca-id
例:
arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
構文 (プライベート証明書):
arn:aws:acm-pca:region:account-id:certificate-authority/ca-id/certificate/certificate-id
例:
arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8
AWS Cloud9
構文:
arn:aws:cloud9:region:account-id:environment:environment-id
例:
arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX
Amazon Cloud Directory
構文:
arn:aws:clouddirectory:region:account-id:directory/directoryID
例:
arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI
AWS CloudFormation
構文:
arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier
例:
arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
Amazon CloudFront
構文:
arn:aws:cloudfront::account-id:*
例:
arn:aws:cloudfront::123456789012:*
Amazon CloudSearch
構文:
arn:aws:cloudsearch:region:account-id:domain/domainname
例:
arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies
AWS CloudTrail
構文:
arn:aws:cloudtrail:region:account-id:trail/trailname
例:
arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname
Amazon CloudWatch
構文:
arn:aws:cloudwatch:region:account-id:alarm:alarm-name
arn:aws:cloudwatch::account-id:dashboard/dashboard-name
例:
arn:aws:cloudwatch:us-east-1:123456789012:alarm:* arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName
Amazon CloudWatch Events
構文:
arn:aws:events:region:*:*
例:
arn:aws:events:us-east-1:*:* arn:aws:events:us-east-1:123456789012:* arn:aws:events:us-east-1:123456789012:rule/my-rule
Amazon CloudWatch Logs
構文:
arn:aws:logs:region:*:*
例:
arn:aws:logs:us-east-1:*:* arn:aws:logs:us-east-1:123456789012:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*
AWS CodeBuild
構文:
arn:aws:codebuild:region:account-id:resourcetype/resource
例:
arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad
AWS CodeCommit
構文:
arn:aws:codecommit:region:account-id:resource-specifier
例:
arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo
AWS CodeDeploy
構文:
arn:aws:codedeploy:region:account-id:resource-type:resource-specifierarn:aws:codedeploy:region:account-id:resource-type/resource-specifier
例:
arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*
Amazon Cognito ユーザープール
構文:
arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
例:
arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
Amazon Cognito フェデレーテッドアイデンティティ
構文:
arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id
例:
arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
Amazon Cognito Sync
構文:
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name
例:
arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678
AWS Config
構文:
arn:aws:config:region:account-id:config-rule/config-rule-id
例:
arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan
AWS CodePipeline
構文:
arn:aws:codepipeline:region:account-id:resource-specifier
例:
arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline
AWS CodeStar
構文:
arn:aws:codestar:region:account-id:resource-specifier
例:
arn:aws:codestar:us-east-1:123456789012:my-first-project
AWS Direct Connect
構文:
arn:aws:directconnect:region:account-id:dxcon/connection-idarn:aws:directconnect:region:account-id:dxlag/lag-idarn:aws:directconnect:region:account-id:dxvif/virtual-interface-id
例:
arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048 arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x
AWS Directory Service
構文:
arn:aws:ds:region:account-id:directory/directoryId
例:
arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI
Amazon DynamoDB
構文:
arn:aws:dynamodb:region:account-id:table/tablenamearn:aws:dynamodb:region:account-id:table/tablename/stream/label
例:
arn:aws:dynamodb:us-east-1:123456789012:table/books_table arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291
AWS Elastic Beanstalk
構文:
arn:aws:elasticbeanstalk:region:account-id:application/applicationnamearn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabelarn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentnamearn:aws:elasticbeanstalk:region::solutionstack/solutionstacknamearn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename
例:
arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7 arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template
Amazon Elastic Compute Cloud (Amazon EC2)
構文:
arn:aws:ec2:region:account-id:customer-gateway/cgw-idarn:aws:ec2:region:account-id:dedicated-host/host_idarn:aws:ec2:region:account-id:dhcp-options/dhcp-options-idarn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-idarn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-idarn:aws:ec2:region::image/image-idarn:aws:ec2:region:account-id:instance/instance-idarn:aws:iam::account:instance-profile/instance-profile-namearn:aws:ec2:region:account-id:internet-gateway/igw-idarn:aws:ec2:region:account-id:key-pair/key-pair-namearn:aws:ec2:region:account-id:launch-template/launch-template-idarn:aws:ec2:region:account-id:natgateway/natgateway-idarn:aws:ec2:region:account-id:network-acl/nacl-idarn:aws:ec2:region:account-id:network-interface/eni-idarn:aws:ec2:region:account-id:placement-group/placement-group-namearn:aws:ec2:region:account-id:reserved-instances/reservation-idarn:aws:ec2:region:account-id:route-table/route-table-idarn:aws:ec2:region:account-id:security-group/security-group-idarn:aws:ec2:region::snapshot/snapshot-idarn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-idarn:aws:ec2:region:account-id:subnet/subnet-idarn:aws:ec2:region:account-id:volume/volume-idarn:aws:ec2:region:account-id:vpc/vpc-idarn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-idarn:aws:ec2:region:account-id:vpn-connection/vpn-idarn:aws:ec2:region:account-id:vpn-gateway/vgw-id
例:
arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678 arn:aws:ec2:us-east-1::image/ami-1a2b3c4d arn:aws:ec2:us-east-1:123456789012:instance/* arn:aws:ec2:us-east-1:123456789012:volume/* arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d
Amazon Elastic Container Registry (Amazon ECR)
構文:
arn:aws:ecr:region:account-id:repository/repository-name
例:
arn:aws:ecr:us-east-1:123456789012:repository/my-repository
Amazon Elastic Container Service (Amazon ECS)
構文:
arn:aws:ecs:region:account-id:cluster/cluster-namearn:aws:ecs:region:account-id:container-instance/cluster-name/container-instance-idarn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-numberarn:aws:ecs:region:account-id:service/cluster-name/service-namearn:aws:ecs:region:account-id:task/cluster-name/task-idarn:aws:ecs:region:account-id:container/container-id
例:
arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster arn:aws:ecs:us-east-1:123456789012:container-instance/my-cluster/403125b0-555c-4473-86b5-65982db28a6d arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8 arn:aws:ecs:us-east-1:123456789012:service/my-cluster/sample-webapp arn:aws:ecs:us-east-1:123456789012:task/my-cluster/1abf0f6d-a411-4033-b8eb-a4eed3ad252a arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a
Amazon Elastic Container Service for Kubernetes (Amazon EKS)
構文:
arn:aws:eks:region:account-id:cluster/cluster-name
例:
arn:aws:eks:us-east-1:123456789012:cluster/my-cluster
Amazon Elastic File System
構文:
arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id
例:
arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs12345678
Elastic Load Balancing (Application Load Balancer)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-idarn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-idarn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-idarn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067
Elastic Load Balancing (ネットワークロードバランサー)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-idarn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-idarn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-idarn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067
Elastic Load Balancing (Classic Load Balancer)
構文:
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name
例:
arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer
Amazon Elastic Transcoder
構文:
arn:aws:elastictranscoder:region:account-id:resource/id
例:
arn:aws:elastictranscoder:us-east-1:123456789012:preset/*
Amazon ElastiCache
構文:
arn:aws:elasticache:region:account-id:resourcetype:resourcename
例:
arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot
Amazon Elasticsearch Service
構文:
arn:aws:es:region:account-id:domain/domain-name
例:
arn:aws:es:us-east-1:123456789012:domain/streaming-logs
Amazon S3 Glacier
構文:
arn:aws:glacier:region:account-id:vaults/vaultname
例:
arn:aws:glacier:us-east-1:123456789012:vaults/examplevault arn:aws:glacier:us-east-1:123456789012:vaults/example* arn:aws:glacier:us-east-1:123456789012:vaults/*
Amazon GuardDuty
構文:
arn:aws:guardduty:region:account-id:detector/detector-id
arn:aws:guardduty:region:account-id:ipset/ipset-id
arn:aws:guardduty:region:account-id:threatintelset/threatintelset-id
例:
arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0
arn:aws:guardduty:us-east-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90
arn:aws:guardduty:us-east-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234
AWS Health / Personal Health Dashboard
構文:
arn:aws:health:region::event/event-idarn:aws:health:region:account-id:entity/entity-id
例:
arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K
AWS Identity and Access Management (IAM)
構文:
arn:aws:iam::account-id:root arn:aws:iam::account-id:user/user-namearn:aws:iam::account-id:group/group-namearn:aws:iam::account-id:role/role-namearn:aws:iam::account-id:policy/policy-namearn:aws:iam::account-id:instance-profile/instance-profile-namearn:aws:sts::account-id:federated-user/user-namearn:aws:sts::account-id:assumed-role/role-name/role-session-namearn:aws:iam::account-id:mfa/virtual-device-namearn:aws:iam::account-id:server-certificate/certificate-namearn:aws:iam::account-id:saml-provider/provider-namearn:aws:iam::account-id:oidc-provider/provider-name
例:
arn:aws:iam::123456789012:root arn:aws:iam::123456789012:user/Bob arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob arn:aws:iam::123456789012:group/Developers arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws:iam::123456789012:role/S3Access arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access arn:aws:iam::123456789012:policy/UsersManageOwnCredentials arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials arn:aws:iam::123456789012:instance-profile/Webserver arn:aws:sts::123456789012:federated-user/Bob arn:aws:sts::123456789012:assumed-role/Accounting-Role/Mary arn:aws:iam::123456789012:mfa/BobJonesMFA arn:aws:iam::123456789012:server-certificate/ProdServerCert arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert arn:aws:iam::123456789012:saml-provider/ADFSProvider arn:aws:iam::123456789012:oidc-provider/GoogleProvider
IAM ARN の詳細については、IAM ユーザーガイド の「IAM ARNs」を参照してください。
AWS IoT
構文:
arn:aws:iot:your-region:account-id:cert/cert-IDarn:aws:iot:your-region:account-id:policy/policy-namearn:aws:iot:your-region:account-id:rule/rule-namearn:aws:iot:your-region:account-id:client/client-id/rule-name
例:
arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7 arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy arn:aws:iot:your-region:123456789012:rule/MyIoTRule arn:aws:iot:your-region:123456789012:client/client101
AWS Key Management Service (AWS KMS)
構文:
arn:aws:kms:region:account-id:key/key-idarn:aws:kms:region:account-id:alias/alias
例:
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 arn:aws:kms:us-east-1:123456789012:alias/example-alias
Amazon Kinesis Data Firehose (Kinesis Data Firehose)
構文:
arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name
例:
arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name
Amazon Kinesis Data Streams (Kinesis Data Streams)
構文:
arn:aws:kinesis:region:account-id:stream/stream-namearn:aws:kinesis:region:account-id:stream/stream-name/consumer/consumer-name:consumer-creation-timestamp
例:
arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name/consumer/example-consumer-name:1525898737
Amazon Kinesis Data Analytics (Kinesis Data Analytics)
構文:
arn:aws:kinesisanalytics:region:account-id:application/application-name
例:
arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name
Amazon Kinesis 動画ストリーム (Kinesis 動画ストリーム)
構文:
arn:aws:kinesisvideo:region:account-id:application/stream-name/code
例:
arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012
AWS Lambda (Lambda)
構文:
arn:aws:lambda:region:account-id:function:function-namearn:aws:lambda:region:account-id:function:function-name:alias-namearn:aws:lambda:region:account-id:function:function-name:versionarn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id
例:
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your aliasarn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0 arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn
Amazon Macie
構文:
arn:aws:macie:region:account-id:trigger/triggerIDarn:aws:macie:region:account-id:trigger/triggerID/alert/alertID
例:
arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975 arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585 arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585
Amazon Machine Learning (Amazon ML)
構文:
arn:aws:machinelearning:region:account-id:datasource/datasourceIDarn:aws:machinelearning:region:account-id:mlmodel/mlmodelIDarn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlIDarn:aws:machinelearning:region:account-id:evaluation/evaluationID
例:
arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1 arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation
MediaConvert
構文:
arn:aws:mediaconvert:region:account-id:jobs/jobIDarn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateIDarn:aws:mediaconvert:region:account-id:presets/presetIDarn:aws:mediaconvert:region:account-id:queues/queueID
例:
arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123 arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678 arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p arn:aws:mediaconvert:us-east-1:111111111111:queues/default
MediaLive
構文:
arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupIDarn:aws:medialive:region:account-id:input:inputIDarn:aws:medialive:region:account-id:channel:channelID
例:
arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567 arn:aws:medialive:us-east-1:111111111111:input:2345678 arn:aws:medialive:us-east-1:111111111111:channel:3456789
MediaPackage
構文:
arn:aws:mediapackage:region:account-id:channels/channelIDarn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID
例:
arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n
MediaStore
構文:
arn:aws:mediastore:region:account-id:resourceType/resourceID
例:
arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts
MediaTailor
構文:
arn:aws:mediatailor:region:account-id:configurations/configurationID
例:
arn:aws:mediatailor:us-east-1:111111111111:configurations/2c3456de789012f34ghijk5m678n901o
AWS Mobile Hub
構文:
arn:aws:mobilehub:region:account-id:project/projectID
例:
arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc
Amazon MQ
構文:
arn:aws:mq:region:account-id:broker:broker-name:broker-idarn:aws:mq:region:account-id:configuration:configuration-name:configuration-id
例:
arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
AWS Organizations
構文:
arn:aws:organizations::master-account-id:organization/o-organization-idarn:aws:organizations::master-account-id:root/o-organization-id/r-root-idarn:aws:organizations::master-account-id:account/o-organization-id/account-idarn:aws:organizations::master-account-id:ou/o-organization-id/ou-organizational-unit-idarn:aws:organizations::master-account-id:policy/o-organization-id/policy-type/p-policy-idarn:aws:organizations::master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id
例:
arn:aws:organizations::123456789012:organization/o-a1b2c3d4e5example arn:aws:organizations::123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example arn:aws:organizations::123456789012:account/o-a1b2c3d4e5/123456789012 arn:aws:organizations::123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example arn:aws:organizations::123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example arn:aws:organizations::123456789012:handshake/o-a1b2c3d4e5/invite/h-u2v4w5x8y0example
Amazon Pinpoint
構文:
arn:aws:mobiletargeting:us-east-1:account-id:apps/appIdarn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignIdarn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId
例:
arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7 arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf
Amazon Polly
構文:
arn:aws:polly:region:account-id:lexicon/LexiconName
例:
arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon
Amazon Redshift
構文:
arn:aws:redshift:region:account-id:cluster:cluster-namearn:aws:redshift:region:account-id:dbname:cluster-name/database-namearn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-namearn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-namearn:aws:redshift:region:account-id:parametergroup:parameter-group-namearn:aws:redshift:region:account-id:securitygroup:security-group-namearn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-namearn:aws:redshift:region:account-id:subnetgroup:subnet-group-name
例:
arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807 arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10
Amazon Relational Database Service (Amazon RDS)
ARN は、DB インスタンスのタグと共にのみ Amazon RDS で使用されます。詳細については、『Amazon RDS ユーザーガイド』の「Tagging a DB Instance」を参照してください。
構文:
arn:aws:rds:region:account-id:db:db-instance-namearn:aws:rds:region:account-id:snapshot:snapshot-namearn:aws:rds:region:account-id:cluster:db-cluster-namearn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-namearn:aws:rds:region:account-id:og:option-group-namearn:aws:rds:region:account-id:pg:parameter-group-namearn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-namearn:aws:rds:region:account-id:secgrp:security-group-namearn:aws:rds:region:account-id:subgrp:subnet-group-namearn:aws:rds:region:account-id:es:subscription-name
例:
arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1 arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2 arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1 arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7 arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1 arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1 arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3 arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2 arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1 arn:aws:rds:us-east-1:123456789012:es:monitor-events2
AWS リソースグループ
AWS リソースグループで利用可能なリソースは、グループのみです。グループには、一意の Amazon リソースネーム (ARN) が関連付けられています。グループは、アカウント内のリージョンで固有のものです。リソースグループの詳細については、『AWS リソースグループユーザーガイド』を参照してください。
構文:
arn:aws:resource-groups:region:account:group/group-name
例:
arn:aws:resource-groups:us-west-2:123456789012:group/MyExampleGroup
Amazon Route 53
構文:
arn:aws:route53:::hostedzone/zoneidarn:aws:route53:::change/change-idarn:aws:route53::account-id:domain/domain-namearn:aws:route53resolver:region:account-id:resolver-rule/rule-id, arn:aws:route53resolver:region:account-id:resolver-endpoint/endpoint-id, arn:aws:servicediscovery:region:account-id:namespace/namespace-idarn:aws:servicediscovery:region:account-id:service/service-id
Amazon Route 53 には、ARN のアカウント番号またはリージョンは不要です。
例:
arn:aws:route53:::hostedzone/Z148QEXAMPLE8V arn:aws:route53:::change/C2RDJ5EXAMPLE2 arn:aws:route53:::change/* arn:aws:route53::123456789012:domain/example.com arn:aws:route53resolver:us-west-2:123456789012:resolver-rule/rslvr-rr-5328a0899aexample arn:aws:route53resolver:us-west-2:123456789012:resolver-endpoint/rslvr-in-60b9fd8fdbexample
Amazon SageMaker
構文:
arn:aws:sagemaker:region:account-id:notebook-instance:notebookInstanceNamearn:aws:sagemaker:region:account-id:notebook-instance-lifecycle-config:notebookInstanceLifecycleConfigNamearn:aws:sagemaker:region:account-id:training-job:trainingJobNamearn:aws:sagemaker:region:account-id:model:modelNamearn:aws:sagemaker:region:account-id:endpoint:endpointNamearn:aws:sagemaker:region:account-id:endpoint-config:endpointConfigNamearn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job:hyperParameterTuningJobNamearn:aws:sagemaker:region:account-id:transform-job:transformJobName
例:
arn:aws:sagemaker:us-east-1:123456789012:notebook-instance:my-notebookInstance-1 arn:aws:sagemaker:us-east-1:123456789012:notebook-instance-lifecycle-config:my-notebookInstanceLifecycleConfig-1 arn:aws:sagemaker:us-east-1:123456789012:training-job:my-trainingJob-1 arn:aws:sagemaker:us-east-1:123456789012:model:my-mlModel-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint:my-endpoint-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint-config:my-endpointConfig-1 arn:aws:sagemaker:us-east-1:123456789012:hyper-parameter-tuning-job:my-hp-tuningJob-1 arn:aws:sagemaker:us-east-1:123456789012:transform-job:my-transformJob-1
AWS Secrets Manager
構文:
arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code
各シークレットは、オプションのパス、ユーザーが指定したシークレットの分かりやすい名前、ダッシュに続き、AWS で生成された 6 文字のランダムコードで構成されます。
例:
arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq
AWS Serverless Application Repository
構文:
arn:aws:serverlessrepo:region:account-id:applications/application-namearn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version
例:
arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0
Amazon Simple Email Service (Amazon SES)
Amazon SES では、ARN が最もよく使用されるのは、送信承認のセットアップです。詳細については、Amazon Simple Email Service 開発者ガイドの「Amazon SES での送信承認の使用」を参照してください。
構文:
arn:aws:ses:region:account-id:identity/identity
例:
arn:aws:ses:us-east-1:123456789012:identity/example.com arn:aws:ses:us-east-1:123456789012:identity/sender@example.net
Amazon Simple Notification Service (Amazon SNS)
構文:
arn:aws:sns:region:account-id:topicnamearn:aws:sns:region:account-id:topicname:subscriptionid
例:
arn:aws:sns:*:123456789012:my_corporate_topic arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce
Amazon Simple Queue Service (Amazon SQS)
構文:
arn:aws:sqs:region:account-id:queuename
例:
arn:aws:sqs:us-east-1:123456789012:queue1
Amazon Simple Storage Service (Amazon S3)
構文:
arn:aws:s3:::bucket_namearn:aws:s3:::bucket_name/key_name
注記
Amazon S3 には、ARN のアカウント番号またはリージョンは不要です。ポリシーの ARN を指定する場合は、ARN の相対 ID の部分にワイルドカード「*」文字を使用できます。
例:
arn:aws:s3:::my_corporate_bucket arn:aws:s3:::my_corporate_bucket/exampleobject.png arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*
詳細については、『Amazon Simple Storage Service 開発者ガイド』の「ポリシーでのリソースの指定」を参照してください。
Amazon Simple Workflow Service (Amazon SWF)
構文:
arn:aws:swf:region:account-id:/domain/domain_name
例:
arn:aws:swf:us-east-1:123456789012:/domain/department1 arn:aws:swf:*:123456789012:/domain/*
AWS Step Functions
構文:
arn:aws:states:region:account-id:activity:activityNamearn:aws:states:region:account-id:stateMachine:stateMachineNamearn:aws:states:region:account-id:execution:stateMachineName:executionName
例:
arn:aws:states:us-east-1:123456789012:activity:HelloActivity arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution
AWS Storage Gateway
構文:
arn:aws:storagegateway:region:account-id:gateway/gateway-idarn:aws:storagegateway:region:account-id:share/share-idarn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-idarn:aws:storagegateway:region:account-id:tape/tapebarcodearn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItargetarn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice
例:
arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572 arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010
注記
各 AWS Storage Gateway リソースには、ワイルドカード (*) を指定できます。
AWS Systems Manager
構文:
arn:aws:ssm:region:account-id:document/document_namearn:aws:ssm:region:account-id:parameter/parameter_namearn:aws:ssm:region:account-id:patchbaseline/baseline_idarn:aws:ssm:region:account-id:maintenancewindow/window_idarn:aws:ssm:region:account-id:automation-execution/execution_idarn:aws:ssm:region:account-id:automation-Activity/activity_namearn:aws:ssm:region:account-id:automation-definition/definitionName:versionarn:aws:ssm:region:account-id:managed-instance/instance_idarn:aws:ssm:region:account-id:managed-instance-inventory/instance_id
例:
arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567 arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567 arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1 arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567 arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661
AWS Trusted Advisor
構文:
arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid
例:
arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP
AWS WAF
構文、WAF Global (CloudFront で使用):
arn:aws:waf::account-id:resource-type/resource-id
構文、WAF Regional (Application Load Balancer で使用):
arn:aws:waf-regional::account-id:resource-type/resource-id
例:
arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4 arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4
ARN のパス
一部のサービスでは、リソース名のパスを指定することができます。たとえば Amazon S3 では、リソース ID はスラッシュ(/)を挿入してパスを作成することができるオブジェクト名です。同様に、IAM ユーザー名とグループ名にはパスを含めることができます。
特定の状況では、パスにワイルドカード文字、すなわちアスタリスク(*)を含めることができます。たとえば、IAM ポリシーを記述していて、Resource 要素に、パス product_1234 を持つすべての IAM ユーザーを指定する場合、次のようにワイルドカードを使用することができます。
arn:aws:iam::123456789012:user/Development/product_1234/*
同様に、IAM ポリシーの Resource 要素では、次の例に示すように、ARN の最後で全ユーザーを意味する user/* や全グループを意味する group/* を指定できます。
"Resource":"arn:aws:iam::123456789012:user/*" "Resource":"arn:aws:iam::123456789012:group/*"
ワイルドカードを使用して、リソースベースのポリシーまたはロール信頼ポリシーで Principal 要素のすべてのユーザーを指定することはできません。グループは、どのポリシーでもプリンシパルとしてサポートされていません。
次の例は、リソース名にパスが含まれる Amazon S3 バケットの ARN を示しています。
arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*
IAM ARN の用語「user」など、リソースタイプを指定する ARN の一部では、ワイルドカードを使用することはできません。
次のような使い方はできません。
arn:aws:iam::123456789012:u* |
AWS サービスの名前空間
IAM ポリシーを作成するとき、または Amazon リソースネーム (ARN) で作業するときには、名前空間を使用して AWS サービスを識別します。たとえば、Amazon S3 の名前空間は s3、Amazon EC2 の名前空間は ec2 です。アクションとリソースを識別するときに名前空間を使用します。
次の例は、Action 要素の値、および Resource 要素と Condition 要素内の値が名前空間を使用してアクションとリソースのサービスを識別する IAM ポリシーを示しています。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": [ "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*", "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*", "arn:aws:ec2:us-west-2::image/*", "arn:aws:ec2:us-west-2:123456789012:instance/*", "arn:aws:iam::123456789012:instance-profile/*", "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*", "arn:aws:ec2:us-west-2:123456789012:key-pair/*", "arn:aws:ec2:us-west-2:123456789012:network-acl/*", "arn:aws:ec2:us-west-2:123456789012:network-interface/*", "arn:aws:ec2:us-west-2:123456789012:placement-group/*", "arn:aws:ec2:us-west-2:123456789012:route-table/*", "arn:aws:ec2:us-west-2:123456789012:security-group/*", "arn:aws:ec2:us-west-2::snapshot/*", "arn:aws:ec2:us-west-2:123456789012:subnet/*", "arn:aws:ec2:us-west-2:123456789012:volume/*", "arn:aws:ec2:us-west-2:123456789012:vpc/*", "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example_bucket/marketing/*" }, { "Effect": "Allow", "Action": "s3:ListBucket*", "Resource": "arn:aws:s3:::example_bucket", "Condition": {"StringLike": {"s3:prefix": "marketing/*"}} } ] }
次の表は、各 AWS サービスの名前空間の一覧です。
| サービス | 名前空間 |
|---|---|
| Alexa for Business | a4b |
| API Gateway | apigateway |
| AWS Application Discovery Service | discovery |
| Amazon AppStream | appstream |
| AWS AppSync | appsync |
| AWS Artifact | artifact |
| Amazon Athena | athena |
| Amazon EC2 Auto Scaling | autoscaling |
| AWS Batch | batch |
| AWS Billing and Cost Management | aws-portal |
| AWS Budgets | budgets |
| AWS Certificate Manager (ACM) | acm |
| Amazon Chime | chime |
| AWS Cloud9 | cloud9 |
| Amazon Cloud Directory | clouddirectory |
| AWS CloudFormation | cloudformation |
| Amazon CloudFront | cloudfront |
| AWS CloudHSM | cloudhsm |
| Amazon CloudSearch | cloudsearch |
| AWS CloudTrail | cloudtrail |
| Amazon CloudWatch | cloudwatch |
| Amazon CloudWatch Events | events |
| Amazon CloudWatch Logs | logs |
| AWS CodeBuild | codebuild |
| AWS CodeCommit | codecommit |
| AWS CodeDeploy | codedeploy |
| AWS CodePipeline | codepipeline |
| AWS CodeStar | codestar |
| Amazon Cognito ユーザープール | cognito-idp |
| Amazon Cognito フェデレーテッドアイデンティティ | cognito-identity |
| Amazon Cognito Sync | cognito-sync |
| Amazon Comprehend | comprehend |
| AWS Config | config |
| Amazon Connect | connect |
| AWS Data Pipeline | datapipeline |
| AWS Database Migration Service (AWS DMS) | dms |
| AWS Device Farm | devicefarm |
| AWS Direct Connect | directconnect |
| AWS Directory Service | ds |
| Amazon DynamoDB | dynamodb |
| Amazon Elastic Compute Cloud (Amazon EC2) | ec2 |
| Amazon Elastic Container Registry (Amazon ECR) | ecr |
| Amazon Elastic Container Service (Amazon ECS) | ecs |
| Amazon Elastic Container Service for Kubernetes (Amazon EKS) | eks |
| AWS Elastic Beanstalk | elasticbeanstalk |
| Amazon Elastic File System (Amazon EFS) | elasticfilesystem |
| Elastic Load Balancing | elasticloadbalancing |
| Amazon EMR | elasticmapreduce |
| Amazon Elastic Transcoder | elastictranscoder |
| Amazon ElastiCache | elasticache |
| Amazon Elasticsearch Service (Amazon ES) | es |
| AWS Firewall Manager | fms |
| Amazon FreeRTOS | freertos |
| Amazon GameLift | gamelift |
| Amazon S3 Glacier | glacier |
| AWS Glue | glue |
| AWS IoT Greengrass | greengrass |
| Amazon GuardDuty | guardduty |
| AWS Health / Personal Health Dashboard | health |
| AWS Identity and Access Management (IAM) | iam |
| AWS Import/Export | importexport |
| Amazon Inspector | inspector |
| AWS IoT | iot |
| AWS Key Management Service (AWS KMS) | kms |
| Amazon Kinesis Data Analytics | kinesisanalytics |
| Amazon Kinesis Data Firehose | firehose |
| Amazon Kinesis Data Streams | kinesis |
| Amazon Kinesis ビデオストリーム | kinesisvideo |
| AWS Lambda | lambda |
| Amazon Lex | lex |
| Amazon Lightsail | lightsail |
| Amazon Macie | macie |
| Amazon Machine Learning | machinelearning |
| AWS Marketplace | aws-marketplace |
| AWS Marketplace Management Portal | aws-marketplace-management |
| AWS Elemental MediaConvert | mediaconvert |
| AWS Elemental MediaLive | medialive |
| AWS Elemental MediaPackage | mediapackage |
| AWS Elemental MediaStore | mediastore |
| AWS Elemental MediaTailor | mediatailor |
| AWS Migration Hub | mgh |
| Amazon Mobile Analytics | mobileanalytics |
| AWS Mobile Hub | mobilehub |
| Amazon MQ | mq |
| AWS OpsWorks | opsworks |
| AWS OpsWorks for Chef Automate | opsworks-cm |
| AWS Organizations | organizations |
| Amazon Pinpoint | mobiletargeting |
| Amazon Polly | polly |
| Amazon QuickSight | quicksight |
| Amazon Redshift | redshift |
| Amazon Rekognition | rekognition |
| Amazon Relational Database Service (Amazon RDS) | rds |
| AWS リソースグループ | resource-groups |
| Amazon Route 53 | route53 |
| Amazon Route 53 Auto Naming | servicediscovery |
| Amazon Route 53 Domains | route53domains |
| Amazon Route 53 リゾルバー | route53resolver |
| Amazon SageMaker | sagemaker |
| AWS Secrets Manager | secretsmanager |
| AWS Security Token Service (AWS STS) | sts |
| AWS Serverless Application Repository | serverlessrepo |
| AWS Service Catalog | servicecatalog |
| AWS Shield | shield |
| AWS Shield アドバンスド | DDoSProtection |
| Amazon Simple Email Service (Amazon SES) | ses |
| Amazon Simple Notification Service (Amazon SNS) | sns |
| Amazon Simple Queue Service (Amazon SQS) | sqs |
| Amazon Simple Storage Service (Amazon S3) | s3 |
| Amazon Simple Workflow Service (Amazon SWF) | swf |
| Amazon SimpleDB | sdb |
| AWS Step Functions | states |
| AWS Storage Gateway | storagegateway |
| Amazon Sumerian | sumerian |
| AWS サポート | support |
| AWS Systems Manager | ssm |
| Amazon Transcribe | transcribe |
| Amazon Translate | translate |
| AWS Trusted Advisor | trustedadvisor |
| Amazon Virtual Private Cloud (Amazon VPC) | ec2 |
| AWS WAF | waf |
| Amazon WorkDocs | workdocs |
| Amazon WorkMail | workmail |
| Amazon WorkSpaces | workspaces |
| AWS X-Ray | xray |
