Amazon Web Services
Referência geral (Versão 1.0)

Nomes de recurso da Amazon (ARNs) e Namespaces da AWS Services

Nomes de recurso da Amazon (ARNs) identificam apenas recursos da AWS. Nós exigimos um ARN quando você precisar especificar um recurso sem ambiguidade em toda a AWS como, por exemplo, políticas do IAM, tags do Amazon Relational Database Service (Amazon RDS) e chamadas de API.

Formato de Nome de região da Amazon (ARN)

Aqui estão alguns exemplos de ARNs:

<!-- Elastic Beanstalk application version --> arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment <!-- IAM user name --> arn:aws:iam::123456789012:user/David <!-- Amazon RDS instance used for tagging --> arn:aws:rds:eu-west-1:123456789012:db:mysql-db <!-- Object in an Amazon S3 bucket --> arn:aws:s3:::my_corporate_bucket/exampleobject.png

A seguir estão os formatos gerais para ARNs; os componentes e valores específicos usados dependem do serviço da AWS. Para usar um ARN, substitua o texto em vermelho e itálico no exemplo por suas próprias informações.

arn:partition:service:region:account-id:resource arn:partition:service:region:account-id:resourcetype/resource arn:partition:service:region:account-id:resourcetype/resource/qualifier arn:partition:service:region:account-id:resourcetype/resource:qualifier arn:partition:service:region:account-id:resourcetype:resource arn:partition:service:region:account-id:resourcetype:resource:qualifier
partição

A partição na qual o recurso está. Para regiões padrão da AWS a partição é aws. Se você tem recursos em outras partições, a partição é aws-partitionname. Por exemplo, a partição de recursos na região China (Pequim) é aws-cn.

serviço

O namespace de serviço que identifica o produto da AWS (por exemplo, Amazon S3, IAM ou Amazon RDS). Para obter uma lista de namespaces, consulte Namespaces de serviços da AWS.

região

A região na qual o recurso reside. Observe que os ARNs para alguns recursos não exigem uma região, de modo que este componente pode ser omitido.

conta

O ID da conta da AWS que possui o recurso, sem hífens. Por exemplo, 123456789012. Observe que, para alguns recursos, o ARNs não exige um número de conta, de modo que este componente pode ser omitido.

recurso, resourcetype:recursoou resourcetype/recurso

O conteúdo dessa parte do ARN varia de acordo com o serviço. Normalmente, ele inclui um indicador do tipo de recurso, por exemplo, um usuário do IAM ou banco de dados do Amazon RDS, seguidos por uma barra (/) ou dois pontos (:) e, depois, o nome do próprio recurso. Alguns serviços permitem caminhos para nomes dos recursos, como descrito em Caminhos em ARNs.

Exemplo de ARNs

As seções a seguir oferecem sintaxe e exemplos de ARNs para diferentes serviços. Para obter mais informações sobre a utilização de ARNs em um serviço específico da AWS consulte a documentação desse serviço. Para usar um ARN, substitua o texto em vermelho e itálico no exemplo por suas próprias informações.

Alguns serviços oferecem suporte a permissões do IAM em nível de recurso. Para obter mais informações, consulte Serviços da AWS que trabalham com o IAM.

Alexa for Business

Sintaxe:

arn:aws:a4b:region:accountid:resourcetype/resource

Exemplo:

arn:aws:a4b:us-east-1:123456789012:room/7315ffdf0eeb874dc4ab8a546e8b70ec/5f90e5d608b6baa9c88db56654aef158

Amazon API Gateway

Sintaxe:

arn:aws:apigateway:region::resource-path arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path arn:aws:execute-api:region:account-id:api-id/stage-name/route-key

Exemplos:

arn:aws:apigateway:us-east-1::/restapis/a123456789012bc3de45678901f23a45/* arn:aws:apigateway:us-east-1::a123456789012bc3de45678901f23a45:/test/mydemoresource/* arn:aws:apigateway:*::a123456789012bc3de45678901f23a45:/*/petstorewalkthrough/pets arn:aws:apigateway:us-east-1::/apis/a123456789012bc3de45678901f23a45/* arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/GET/mydemoresource/* arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$connect arn:aws:execute-api:us-east-1:123456789012:qsxrty/test/$route1

AWS AppSync

Sintaxe:

arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Query/fields/field-name arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Mutation/fields/field-name arn:aws:appsync:your-region:account-id:apis/AppSyncEndpointName/types/Subscription/fields/field-name

Exemplos:

arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/posts arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Mutation/fields/addPost arn:aws:appsync:us-west-2:123456789012:apis/AppSyncEndpointName/types/Query/fields/my-subscription

AWS Artifact

Sintaxe:

arn:aws:artifact:::report-package/document-type/report-type

Exemplos:

arn:aws:artifact:::report-package/Certifications and Attestations/SOC/* arn:aws:artifact:::report-package/Certifications and Attestations/ISO/* arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*

Amazon EC2 Auto Scaling

Sintaxe:

arn:aws:autoscaling:region:account-id:scalingPolicy:policyid:autoScalingGroupName/groupfriendlyname:policyName/policyfriendlyname arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname

Exemplo:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:autoScalingGroupName/my-test-asg1:policyName/my-scaleout-policy

Aplicativo Auto Scaling

Sintaxe:

arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:resource/service-namespace/resource-id:policyName/policyfriendlyname arn:aws:autoscaling:region:account-id:scheduledAction:action-id:resource/service-namespace/resource-id:scheduledActionName/actionfriendlyname

Exemplo:

arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:c7a27f55-d35e-4153-b044-8ca9155fc467:resource/ec2/spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE:policyName/cpu40 arn:aws:autoscaling:us-east-1:123456789012:scheduledAction:38c84579-0f51-4adc-879b-a2cc4EXAMPLE:resource/ec2/spot-fleet-request/sfr-09d694de-4d82-4b48-a4f4-2f38fEXAMPLE:scheduledActionName/my-action

AWS Batch

Sintaxe:

arn:aws:batch:region:account-id:compute-environment/name arn:aws:batch:region:account-id:job-definition/job-name:revision arn:aws:batch:region:account-id:job-queue/queue-name

Exemplo:

arn:aws:batch:us-east-1:123456789012:compute-environment/my-environment arn:aws:batch:us-east-1:123456789012:job-definition/my-job-definition:1 arn:aws:batch:us-east-1:123456789012:job-queue/my-queue

AWS Certificate Manager

Sintaxe:

arn:aws:acm:region:account-id:certificate/certificate-id

Exemplo:

arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

Autoridade de certificação privada do AWS Certificate Manager

Sintaxe (autoridade de certificação privada):

arn:aws:acm-pca:region:account-id:certificate-authority/ca-id

Exemplo:

arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/e8cbd2bedb122329f97706bcfec990f8

AWS Cloud9

Sintaxe:

arn:aws:cloud9:region:account-id:environment:environment-id

Exemplo:

arn:aws:cloud9:us-west-2:123456789012:environment:81e900317347585a0601e04c8d52eaEX

Amazon Cloud Directory

Sintaxe:

arn:aws:clouddirectory:region:account-id:directory/directoryID

Exemplo:

arn:aws:clouddirectory:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

AWS CloudFormation

Sintaxe:

arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
arn:aws:cloudformation:region:account-id:changeSet/changesetname/additionalidentifier

Exemplos:

arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/abc9dbf0-43c2-11e3-a6e8-50fa526be49c
arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyProductionChangeSet/abc9dbf0-43c2-11e3-a6e8-50fa526be49c

Amazon CloudFront

Sintaxe:

arn:aws:cloudfront::account-id:*

Exemplo:

arn:aws:cloudfront::123456789012:*

AWS Cloud Map

Sintaxe:

arn:aws:servicediscovery:region:account-id:namespace/namespace-id arn:aws:servicediscovery:region:account-id:service/service-id

O AWS Cloud Map não exige um número de conta ou região nos ARNs.

Exemplos:

arn:aws:servicediscovery:us-east-1:123456789012:namespace/ns-e1tpmexample0001 arn:aws:servicediscovery:us-east-1:123456789012:service/srv-e4anhexample0004

Amazon CloudSearch

Sintaxe:

arn:aws:cloudsearch:region:account-id:domain/domainname

Exemplo:

arn:aws:cloudsearch:us-east-1:123456789012:domain/imdb-movies

AWS CloudTrail

Sintaxe:

arn:aws:cloudtrail:region:account-id:trail/trailname

Exemplo:

arn:aws:cloudtrail:us-east-1:123456789012:trail/mytrailname

Amazon CloudWatch

Sintaxe:

arn:aws:cloudwatch:region:account-id:alarm:alarm-name
arn:aws:cloudwatch::account-id:dashboard/dashboard-name

Exemplos:

arn:aws:cloudwatch:us-east-1:123456789012:alarm:* arn:aws:cloudwatch:us-east-1:123456789012:alarm:MyAlarmName arn:aws:cloudwatch::123456789012:dashboard/MyDashboardName

Eventos do Amazon CloudWatch

Sintaxe:

arn:aws:events:region:*:*

Exemplos:

arn:aws:events:us-east-1:*:* arn:aws:events:us-east-1:123456789012:* arn:aws:events:us-east-1:123456789012:rule/my-rule

Amazon CloudWatch Logs

Sintaxe:

arn:aws:logs:region:*:*

Exemplos:

arn:aws:logs:us-east-1:*:* arn:aws:logs:us-east-1:123456789012:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream arn:aws:logs:us-east-1:123456789012:log-group:my-log-group:log-stream:my-log-stream* arn:aws:logs:us-east-1:123456789012:log-group:my-log-group*:log-stream:my-log-stream*

CodeBuild

Sintaxe:

arn:aws:codebuild:region:account-id:resourcetype/resource

Exemplos:

arn:aws:codebuild:us-east-1:123456789012:project/my-demo-project arn:aws:codebuild:us-east-1:123456789012:build/my-demo-project:7b7416ae-89b4-46cc-8236-61129df660ad

AWS CodeCommit

Sintaxe:

arn:aws:codecommit:region:account-id:resource-specifier

Exemplo:

arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo

AWS CodeDeploy

Sintaxe:

arn:aws:codedeploy:region:account-id:resource-type:resource-specifier arn:aws:codedeploy:region:account-id:resource-type/resource-specifier

Exemplo:

arn:aws:codedeploy:us-east-1:123456789012:application:WordPress_App arn:aws:codedeploy:us-east-1:123456789012:instance/AssetTag*

Seus Grupos de Usuários do Amazon Cognito

Sintaxe:

arn:aws:cognito-idp:region:account-id:userpool/user-pool-id

Exemplo:

arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Identidades federadas do Amazon Cognito

Sintaxe:

arn:aws:cognito-identity:region:account-id:identitypool/identity-pool-id

Exemplo:

arn:aws:cognito-identity:us-east-1:123456789012:/identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

Amazon Cognito Sync

Sintaxe:

arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id
arn:aws:cognito-sync:region:account-id:identitypool/identity-pool-id/identity/identity-id/dataset/dataset-name

Exemplo:

arn:aws:cognito-sync:us-east-1:123456789012:identitypool/us-east-1:1a1a1a1a-ffff-1111-9999-12345678

AWS Config

Sintaxe:

arn:aws:config:region:account-id:config-rule/config-rule-id

Exemplo:

arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan

AWS CodePipeline

Sintaxe:

arn:aws:codepipeline:region:account-id:resource-specifier

Exemplo:

arn:aws:codepipeline:us-east-1:123456789012:MyDemoPipeline

AWS CodeStar

Sintaxe:

arn:aws:codestar:region:account-id:project/resource-specifier

Exemplo:

arn:aws:codestar:us-east-1:123456789012:project/my-first-project

AWS DataSync

arn:aws:datasync:region:account-id:agent/agent-id arn:aws:datasync:region:account-id:location/location-id arn:aws:datasync:region:account-id:task/task-id arn:aws:datasync:region:account-id:task/task-id/execution/exec-id

Exemplos:

arn:aws:datasync:us-east-2:111222333444:agent/agent-0b0addbeef44baca3 arn:aws:datasync:us-east-2:111222333444:location/loc-07db7abfc326c50fb arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026 arn:aws:datasync:us-east-2:111222333444:task/task-08de6e6697796f026/execution/exec-04ce9d516d69bd52f

AWS Direct Connect

Sintaxe:

arn:aws:directconnect:region:account-id:dxcon/connection-id arn:aws:directconnect:region:account-id:dxlag/lag-id arn:aws:directconnect:region:account-id:dxvif/virtual-interface-id

Exemplos:

arn:aws:directconnect:us-east-1:123456789012:dxcon/dxcon-fgase048 arn:aws:directconnect:us-east-1:123456789012:dxlag/dxlag-ffy7zraq arn:aws:directconnect:us-east-1:123456789012:dxvif/dxvif-fgrb110x

AWS Directory Service

Sintaxe:

arn:aws:ds:region:account-id:directory/directoryId

Exemplo:

arn:aws:ds:us-west-2:123456789012:directory/ARIqk1HD-UjdtmcIrJHEvPI

Amazon DynamoDB

Sintaxe:

arn:aws:dynamodb:region:account-id:table/tablename arn:aws:dynamodb:region:account-id:table/tablename/stream/label

Exemplo:

arn:aws:dynamodb:us-east-1:123456789012:table/books_table arn:aws:dynamodb:us-east-1:123456789012:table/books_table/stream/2015-05-11T21:21:33.291

AWS Elastic Beanstalk

Sintaxe:

arn:aws:elasticbeanstalk:region:account-id:application/applicationname arn:aws:elasticbeanstalk:region:account-id:applicationversion/applicationname/versionlabel arn:aws:elasticbeanstalk:region:account-id:environment/applicationname/environmentname arn:aws:elasticbeanstalk:region::solutionstack/solutionstackname arn:aws:elasticbeanstalk:region:account-id:configurationtemplate/applicationname/templatename

Exemplos:

arn:aws:elasticbeanstalk:us-east-1:123456789012:application/My App arn:aws:elasticbeanstalk:us-east-1:123456789012:applicationversion/My App/My Version arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment arn:aws:elasticbeanstalk:us-east-1::solutionstack/32bit Amazon Linux running Tomcat 7 arn:aws:elasticbeanstalk:us-east-1:123456789012:configurationtemplate/My App/My Template

Amazon Elastic Compute Cloud (Amazon EC2)

Sintaxe:

arn:aws:ec2:region:account-id:customer-gateway/cgw-id arn:aws:ec2:region:account-id:dedicated-host/host-id arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id arn:aws:ec2:region:account-id:egress-only-internet-gateway/eigw-id arn:aws:ec2:region:account-id:elastic-gpu/elastic-gpu-id arn:aws:ec2:region::image/image-id arn:aws:ec2:region:account-id:instance/instance-id arn:aws:ec2:region:account-id:internet-gateway/igw-id arn:aws:ec2:region:account-id:key-pair/key-pair-name arn:aws:ec2:region:account-id:launch-template/launch-template-id arn:aws:ec2:region:account-id:natgateway/natgateway-id arn:aws:ec2:region:account-id:network-acl/nacl-id arn:aws:ec2:region:account-id:network-interface/eni-id arn:aws:ec2:region:account-id:placement-group/placement-group-name arn:aws:ec2:region:account-id:reserved-instances/reservation-id arn:aws:ec2:region:account-id:route-table/route-table-id arn:aws:ec2:region:account-id:security-group/security-group-id arn:aws:ec2:region::snapshot/snapshot-id arn:aws:ec2:region:account-id:spot-instances-request/spot-instance-request-id arn:aws:ec2:region:account-id:subnet/subnet-id arn:aws:ec2:region:account-id:transit-gateway/tgw-id arn:aws:ec2:region:account-id:volume/volume-id arn:aws:ec2:region:account-id:vpc/vpc-id arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id arn:aws:ec2:region:account-id:vpn-connection/vpn-id arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

Exemplos:

arn:aws:ec2:us-east-1:123456789012:dedicated-host/h-12345678 arn:aws:ec2:us-east-1::image/ami-1a2b3c4d arn:aws:ec2:us-east-1:123456789012:instance/* arn:aws:ec2:us-east-1:123456789012:volume/* arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d

Amazon Elastic Container Registry (Amazon ECR)

Sintaxe:

arn:aws:ecr:region:account-id:repository/repository-name

Exemplo:

arn:aws:ecr:us-east-1:123456789012:repository/my-repository

Amazon Elastic Container Service (Amazon ECS)

Sintaxe:

arn:aws:ecs:region:account-id:cluster/cluster-name arn:aws:ecs:region:account-id:container-instance/cluster-name/container-instance-id arn:aws:ecs:region:account-id:task-definition/task-definition-family-name:task-definition-revision-number arn:aws:ecs:region:account-id:service/cluster-name/service-name arn:aws:ecs:region:account-id:task/cluster-name/task-id arn:aws:ecs:region:account-id:container/container-id

Exemplos:

arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster arn:aws:ecs:us-east-1:123456789012:container-instance/my-cluster/403125b0-555c-4473-86b5-65982db28a6d arn:aws:ecs:us-east-1:123456789012:task-definition/hello_world:8 arn:aws:ecs:us-east-1:123456789012:service/my-cluster/sample-webapp arn:aws:ecs:us-east-1:123456789012:task/my-cluster/1abf0f6d-a411-4033-b8eb-a4eed3ad252a arn:aws:ecs:us-east-1:123456789012:container/476e7c41-17f2-4c17-9d14-412566202c8a

Amazon Elastic Container Service for Kubernetes (Amazon EKS)

Sintaxe:

arn:aws:eks:region:account-id:cluster/cluster-name

Exemplos:

arn:aws:eks:us-east-1:123456789012:cluster/my-cluster

Amazon Elastic File System

Sintaxe:

arn:aws:elasticfilesystem:region:account-id:file-system/file-system-id

Exemplo:

arn:aws:elasticfilesystem:us-east-1:123456789012:file-system/fs12345678

Elastic Load Balancing (Balanceador de carga de aplicações)

Sintaxe:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id arn:aws:elasticloadbalancing:region:account-id:listener/app/load-balancer-name/load-balancer-id/listener-id arn:aws:elasticloadbalancing:region:account-id:listener-rule/app/load-balancer-name/load-balancer-id/listener-id/rule-id arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

Exemplos:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Load balancer de rede)

Sintaxe:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id arn:aws:elasticloadbalancing:region:account-id:listener/net/load-balancer-name/load-balancer-id/listener-id arn:aws:elasticloadbalancing:region:account-id:listener-rule/net/load-balancer-name/load-balancer-id/listener-id/rule-id arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id

Exemplos:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/my-load-balancer/50dc6c495c0c9188 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 arn:aws:elasticloadbalancing:us-east-1:123456789012:listener-rule/net/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2/9683b2d02a6cabee arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/73e2d6bc24d8a067

Elastic Load Balancing (Classic Load Balancer)

Sintaxe:

arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name

Exemplo:

arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/my-load-balancer

Amazon Elastic Transcoder

Sintaxe:

arn:aws:elastictranscoder:region:account-id:resource/id

Exemplo:

arn:aws:elastictranscoder:us-east-1:123456789012:preset/*

Amazon ElastiCache

Sintaxe:

arn:aws:elasticache:region:account-id:resourcetype:resourcename

Exemplos:

arn:aws:elasticache:us-east-2:123456789012:cluster:myCluster arn:aws:elasticache:us-east-2:123456789012:snapshot:mySnapshot

Amazon Elasticsearch Service

Sintaxe:

arn:aws:es:region:account-id:domain/domain-name

Exemplo:

arn:aws:es:us-east-1:123456789012:domain/streaming-logs

Amazon S3 Glacier

Sintaxe:

arn:aws:glacier:region:account-id:vaults/vaultname

Exemplos:

arn:aws:glacier:us-east-1:123456789012:vaults/examplevault arn:aws:glacier:us-east-1:123456789012:vaults/example* arn:aws:glacier:us-east-1:123456789012:vaults/*

AWS Global Accelerator

Sintaxe:

arn:aws:globalaccelerator::account-id:accelerator/accelerator-id

Exemplo:

arn:aws:globalaccelerator::123456789012:accelerator/123abc4567e8fa901bc2d3example

Amazon GuardDuty

Sintaxe:

arn:aws:guardduty:region:account-id:detector/detector-id
arn:aws:guardduty:region:account-id:ipset/ipset-id
arn:aws:guardduty:region:account-id:threatintelset/threatintelset-id

Exemplos:

arn:aws:guardduty:us-east-1:123456789012:detector/12abc34d567e8fa901bc2d34e56789f0
arn:aws:guardduty:us-east-1:123456789012:ipset/0cb0141ab9fbde177613ab9436212e90
arn:aws:guardduty:us-east-1:123456789012:threatintelset/12a34567890bc1de2345f67ab8901234

AWS Health/Personal Health Dashboard

Sintaxe:

arn:aws:health:region::event/event-id arn:aws:health:region:account-id:entity/entity-id

Exemplos:

arn:aws:health:us-east-1::event/AWS_EC2_EXAMPLE_ID arn:aws:health:us-east-1:123456789012:entity/AVh5GGT7ul1arKr1sE1K

AWS Identity and Access Management (IAM)

Sintaxe:

arn:aws:iam::account-id:root arn:aws:iam::account-id:user/user-name arn:aws:iam::account-id:group/group-name arn:aws:iam::account-id:role/role-name arn:aws:iam::account-id:policy/policy-name arn:aws:iam::account-id:instance-profile/instance-profile-name arn:aws:sts::account-id:federated-user/user-name arn:aws:sts::account-id:assumed-role/role-name/role-session-name arn:aws:iam::account-id:mfa/virtual-device-name arn:aws:iam::account-id:u2f/u2f-token-id arn:aws:iam::account-id:server-certificate/certificate-name arn:aws:iam::account-id:saml-provider/provider-name arn:aws:iam::account-id:oidc-provider/provider-name

Exemplos:

arn:aws:iam::123456789012:root arn:aws:iam::123456789012:user/JohnDoe arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/JaneDoe arn:aws:iam::123456789012:group/Developers arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers arn:aws:iam::123456789012:role/S3Access arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access arn:aws:iam::123456789012:policy/UsersManageOwnCredentials arn:aws:iam::123456789012:policy/division_abc/subdivision_xyz/UsersManageOwnCredentials arn:aws:iam::123456789012:instance-profile/Webserver arn:aws:sts::123456789012:federated-user/JohnDoe arn:aws:sts::123456789012:assumed-role/Accounting-Role/JaneDoe arn:aws:iam::123456789012:mfa/JaneDoeMFA arn:aws:iam::123456789012:u2f/user/JohnDoe/default (U2F security key) arn:aws:iam::123456789012:server-certificate/ProdServerCert arn:aws:iam::123456789012:server-certificate/division_abc/subdivision_xyz/ProdServerCert arn:aws:iam::123456789012:saml-provider/ADFSProvider arn:aws:iam::123456789012:oidc-provider/GoogleProvider

Para obter mais informações sobre ARNs do IAM, consulte ARNs do IAM no Guia do usuário do IAM.

AWS IoT

Sintaxe:

arn:aws:iot:your-region:account-id:cert/cert-ID arn:aws:iot:your-region:account-id:policy/policy-name arn:aws:iot:your-region:account-id:rule/rule-name arn:aws:iot:your-region:account-id:client/client-id/rule-name

Exemplos:

arn:aws:iot:your-region:123456789012:cert/123a456b789c123d456e789f123a456b789c123d456e789f123a456b789c123c456d7 arn:aws:iot:your-region:123456789012:policy/MyIoTPolicy arn:aws:iot:your-region:123456789012:rule/MyIoTRule arn:aws:iot:your-region:123456789012:client/client101

AWS Key Management Service (AWS KMS)

Sintaxe:

arn:aws:kms:region:account-id:key/key-id arn:aws:kms:region:account-id:alias/alias

Exemplos:

arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 arn:aws:kms:us-east-1:123456789012:alias/example-alias

Amazon Kinesis Data Firehose (Kinesis Data Firehose)

Sintaxe:

arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name

Exemplo:

arn:aws:firehose:us-east-1:123456789012:deliverystream/example-stream-name

Amazon Kinesis Data Streams (Kinesis Data Streams)

Sintaxe:

arn:aws:kinesis:region:account-id:stream/stream-name arn:aws:kinesis:region:account-id:stream/stream-name/consumer/consumer-name:consumer-creation-timestamp

Exemplo:

arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name arn:aws:kinesis:us-east-1:123456789012:stream/example-stream-name/consumer/example-consumer-name:1525898737

Amazon Kinesis Data Analytics (Kinesis Data Analytics)

Sintaxe:

arn:aws:kinesisanalytics:region:account-id:application/application-name

Exemplo:

arn:aws:kinesisanalytics:us-east-1:123456789012:application/example-application-name

Streamings de vídeos do Amazon Kinesis (Streamings de vídeos do Kinesis)

Sintaxe:

arn:aws:kinesisvideo:region:account-id:application/stream-name/code

Exemplo:

arn:aws:kinesisvideo:us-east-1:123456789012:stream/example-stream-name/0123456789012

AWS Lambda (Lambda)

Sintaxe:

arn:aws:lambda:region:account-id:function:function-name arn:aws:lambda:region:account-id:function:function-name:alias-name arn:aws:lambda:region:account-id:function:function-name:version arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

Exemplos:

arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0 arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn

Amazon Macie

Sintaxe:

arn:aws:macie:region:account-id:trigger/triggerID arn:aws:macie:region:account-id:trigger/triggerID/alert/alertID

Exemplos:

arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975 arn:aws:macie:us-east-1:123456789012:trigger/example61b3df36bff1dafaf1aa304b0ef1a975/alert/example8780e9ca227f98dae37665c3fd22b585 arn:aws:macie:us-east-1:123456789012:trigger/behavioral/alert/example8780e9ca227f98dae37665c3fd22b585

Amazon Machine Learning (Amazon ML)

Sintaxe:

arn:aws:machinelearning:region:account-id:datasource/datasourceID arn:aws:machinelearning:region:account-id:mlmodel/mlmodelID arn:aws:machinelearning:region:account-id:batchprediction/batchpredictionlID arn:aws:machinelearning:region:account-id:evaluation/evaluationID

Exemplos:

arn:aws:machinelearning:us-east-1:123456789012:datasource/my-datasource-1 arn:aws:machinelearning:us-east-1:123456789012:mlmodel/my-mlmodel arn:aws:machinelearning:us-east-1:123456789012:batchprediction/my-batchprediction arn:aws:machinelearning:us-east-1:123456789012:evaluation/my-evaluation

MediaConnect

Sintaxe:

arn:aws:mediaconnect:region:account-id:entitlement:resourceID:resourceName arn:aws:mediaconnect:region:account-id:flow:resourceID:resourceName arn:aws:mediaconnect:region:account-id:output:resourceID:resourceName arn:aws:mediaconnect:region:account-id:source:resourceID:resourceName

Exemplos:

arn:aws:mediaconnect:us-east-1:111111111111:entitlement:1-1a2b3c4d5e6f7g8h-123456abcDEF:EntitlementName arn:aws:mediaconnect:us-east-1:111111111111:flow:1-12345678abcdefgh-654321abcDEF:FlowName arn:aws:mediaconnect:us-east-1:111111111111:output:1-abcDEFGH12345678-abcDEF123456:OutputName arn:aws:mediaconnect:us-east-1:111111111111:source:1-abc12345678defgh-ABCdef654321:SourceName

MediaConvert

Sintaxe:

arn:aws:mediaconvert:region:account-id:jobs/jobID arn:aws:mediaconvert:region:account-id:jobTemplates/jobTemplateID arn:aws:mediaconvert:region:account-id:presets/presetID arn:aws:mediaconvert:region:account-id:queues/queueID

Exemplos:

arn:aws:mediaconvert:us-east-1:111111111111:jobs/0123456789012-abc123 arn:aws:mediaconvert:us-east-1:111111111111:jobTemplates/2345678 arn:aws:mediaconvert:us-east-1:111111111111:presets/System-169_WIFI_1080p arn:aws:mediaconvert:us-east-1:111111111111:queues/default

MediaLive

Sintaxe:

arn:aws:medialive:region:account-id:inputSecurityGroup:inputSecurityGroupID arn:aws:medialive:region:account-id:input:inputID arn:aws:medialive:region:account-id:channel:channelID

Exemplos:

arn:aws:medialive:us-east-1:111111111111:inputSecurityGroup:1234567 arn:aws:medialive:us-east-1:111111111111:input:2345678 arn:aws:medialive:us-east-1:111111111111:channel:3456789

MediaPackage

Sintaxe:

arn:aws:mediapackage:region:account-id:channels/channelID arn:aws:mediapackage:region:account-id:origin_endpoints/originEndpointID

Exemplos:

arn:aws:mediapackage:eu-west-1:111122223333:channels/0a1234bc567890d12efghi3j456k789m arn:aws:mediapackage:eu-west-1:111122223333:origin_endpoints/1b2345cd678901e34fghij4k567m890n

MediaStore

Sintaxe:

arn:aws:mediastore:region:account-id:resourceType/resourceID

Exemplos:

arn:aws:mediastore:us-east-1:111111111111:container/ExampleName/example-folder/folder-segment.ts

MediaTailor

Sintaxe:

arn:aws:mediatailor:region:account-id:configurations/configurationID

Exemplos:

arn:aws:mediatailor:us-east-1:111111111111:configurations/2c3456de789012f34ghijk5m678n901o

AWS Mobile Hub

Sintaxe:

arn:aws:mobilehub:region:account-id:project/projectID

Exemplos:

arn:aws:mobilehub:us-east-1:123456789012:project/a01234567-b012345678-123c-d013456789abc

Amazon MQ

Sintaxe:

arn:aws:mq:region:account-id:broker:broker-name:broker-id arn:aws:mq:region:account-id:configuration:configuration-name:configuration-id

Exemplos:

arn:aws:mq:us-east-1:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 arn:aws:mq:us-east-1:123456789012:configuration:MyConfiguration:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9

AWS OpsWorks for Chef Automate e AWS OpsWorks for Puppet Enterprise

Sintaxe:

arn:aws:opsworks-cm:us-east-1:master-account-id:server/server-name-random-ID-suffix/server-id

Exemplo:

arn:aws:opsworks-cm:us-east-1:123456789012:server/TestServer-0123456789/EXAMPLEa-1199-43a6-aa00-8a000EXAMPLE

AWS OpsWorks Stacks

Sintaxe:

arn:aws:opsworks:us-east-1:master-account-id:stack/stack-id arn:aws:opsworks:us-east-1:master-account-id:layer/layer-id arn:aws:opsworks:us-east-1:master-account-id:instance/opsworks-instance-id arn:aws:opsworks:us-east-1:master-account-id:app/opsworks-app-id

Exemplo:

arn:aws:opsworks:us-east-1:123456789012:stack/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:layer/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:instance/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE arn:aws:opsworks:us-east-1:123456789012:app/EXAMPLEe-aa21-4z92-a110-a4a44EXAMPLE

AWS Organizations

Sintaxe:

arn:aws:organizations::master-account-id:organization/o-organization-id arn:aws:organizations::master-account-id:root/o-organization-id/r-root-id arn:aws:organizations::master-account-id:account/o-organization-id/account-id arn:aws:organizations::master-account-id:ou/o-organization-id/ou-organizational-unit-id arn:aws:organizations::master-account-id:policy/o-organization-id/policy-type/p-policy-id arn:aws:organizations::master-account-id:handshake/o-organization-id/handshake-type/h-handshake-id

Exemplo:

arn:aws:organizations::123456789012:organization/o-a1b2c3d4e5example arn:aws:organizations::123456789012:root/o-a1b2c3d4e5/r-f6g7h8i9j0example arn:aws:organizations::123456789012:account/o-a1b2c3d4e5/123456789012 arn:aws:organizations::123456789012:ou/o-a1b2c3d4e5/ou-1a2b3c-k9l8m7n6o5example arn:aws:organizations::123456789012:policy/o-a1b2c3d4e5/service_control_policy/p-p4q3r2s1t0example arn:aws:organizations::123456789012:handshake/o-a1b2c3d4e5/invite/h-u2v4w5x8y0example

Amazon Pinpoint

Sintaxe:

arn:aws:mobiletargeting:us-east-1:account-id:apps/appId arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/campaigns/campaignId arn:aws:mobiletargeting:us-east-1:account-id:apps/appId/segments/segmentId

Exemplos:

arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/campaigns/8c95f63b24089f85819443be7c92d7 arn:aws:mobiletargeting:us-east-1:123456789012:apps/0d72ff0905e7f8b2b879fe7744d4952a9b/segments/6cdc025ba495672bb0aea4983afebf

Amazon Polly

Sintaxe:

arn:aws:polly:region:account-id:lexicon/LexiconName

Exemplo:

arn:aws:polly:us-east-1:123456789012:lexicon/myLexicon

Amazon Redshift

Sintaxe:

arn:aws:redshift:region:account-id:cluster:cluster-name arn:aws:redshift:region:account-id:dbname:cluster-name/database-name arn:aws:redshift:region:account-id:dbuser:cluster-name/database-user-name arn:aws:redshift:region:account-id:dbgroup:cluster-name/database-group-name arn:aws:redshift:region:account-id:parametergroup:parameter-group-name arn:aws:redshift:region:account-id:securitygroup:security-group-name arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name

Exemplos:

arn:aws:redshift:us-east-1:123456789012:cluster:my-cluster arn:aws:redshift:us-east-1:123456789012:dbname:my-cluster/my-database arn:aws:redshift:us-east-1:123456789012:dbuser:my-cluster/my-database-user arn:aws:redshift:us-east-1:123456789012:dbgroup:my-cluster/my-database-group arn:aws:redshift:us-east-1:123456789012:parametergroup:my-parameter-group arn:aws:redshift:us-east-1:123456789012:securitygroup:my-public-group arn:aws:redshift:us-east-1:123456789012:snapshot:my-cluster/my-snapshot20130807 arn:aws:redshift:us-east-1:123456789012:subnetgroup:my-subnet-10

Amazon Relational Database Service (Amazon RDS)

Os ARNs são usados no Amazon RDS apenas com tags para instâncias de bancos de dados. Para obter mais informações, consulte Marcação de uma instância de banco de dados no Guia do usuário da Amazon RDS.

Sintaxe:

arn:aws:rds:region:account-id:db:db-instance-name arn:aws:rds:region:account-id:snapshot:snapshot-name arn:aws:rds:region:account-id:cluster:db-cluster-name arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name arn:aws:rds:region:account-id:og:option-group-name arn:aws:rds:region:account-id:pg:parameter-group-name arn:aws:rds:region:account-id:cluster-pg:cluster-parameter-group-name arn:aws:rds:region:account-id:secgrp:security-group-name arn:aws:rds:region:account-id:subgrp:subnet-group-name arn:aws:rds:region:account-id:es:subscription-name

Exemplos:

arn:aws:rds:us-east-1:123456789012:db:mysql-db-instance1 arn:aws:rds:us-east-1:123456789012:snapshot:my-snapshot2 arn:aws:rds:us-east-1:123456789012:cluster:my-cluster1 arn:aws:rds:us-east-1:123456789012:cluster-snapshot:cluster1-snapshot7 arn:aws:rds:us-east-1:123456789012:og:mysql-option-group1 arn:aws:rds:us-east-1:123456789012:pg:mysql-repl-pg1 arn:aws:rds:us-east-1:123456789012:cluster-pg:aurora-pg3 arn:aws:rds:us-east-1:123456789012:secgrp:dev-secgrp2 arn:aws:rds:us-east-1:123456789012:subgrp:prod-subgrp1 arn:aws:rds:us-east-1:123456789012:es:monitor-events2

AWS Resource Groups

No AWS Resource Groups, o único recurso disponível é um grupo. Os grupos têm um nome de recurso da Amazon (ARN) exclusivo associado a eles. Os grupos são específicos de cada região, dentro de contas. Para obter mais informações sobre grupos de recursos, consulte o Guia do usuário do AWS Resource Groups.

Sintaxe:

arn:aws:resource-groups:region:account:group/group-name

Exemplo:

arn:aws:resource-groups:us-west-2:123456789012:group/MyExampleGroup

AWS RoboMaker

Sintaxe:

arn:aws:robomaker:region:account-id:robot-application/robotApplicationName/createdOnEpoch arn:aws:robomaker:region:account-id:simulation-application/simulationApplicationName/createdOnEpoch arn:aws:robomaker:region:account-id:simulation-job/simulationJobId arn:aws:robomaker:region:account-id:deployment-job/deploymentJobId arn:aws:robomaker:region:account-id:robot/robotName/createdOnEpoch arn:aws:robomaker:region:account-id:deployment-fleet/fleetName/createdOnEpoch

Exemplos:

arn:aws:robomaker:us-east-1:123456789012:robot-application/helloWorldRobotApplication/1546541198985 arn:aws:robomaker:us-east-1:123456789012:simulation-application/helloWorldSimulationApplication/1546541192487 arn:aws:robomaker:us-east-1:123456789012:simulation-job/sim-g8h6tzlmblg7 arn:aws:robomaker:us-east-1:123456789012:deployment-job/deployment-4t9g6rp25zdb arn:aws:robomaker:us-east-1:123456789012:robot/helloWorldRobot/1546541197111 arn:aws:robomaker:us-east-1:123456789012:deployment-fleet/helloWorldFleet/1546541199833

Amazon Route 53

Sintaxe:

arn:aws:route53:::hostedzone/zoneid arn:aws:route53:::change/change-id arn:aws:route53::account-id:domain/domain-name arn:aws:route53resolver:region:account-id:resolver-rule/rule-id arn:aws:route53resolver:region:account-id:resolver-endpoint/endpoint-id

O Amazon Route 53 não exige um número de conta ou região nos ARNs.

Exemplos:

arn:aws:route53:::hostedzone/Z148QEXAMPLE8V arn:aws:route53:::change/C2RDJ5EXAMPLE2 arn:aws:route53:::change/* arn:aws:route53::123456789012:domain/example.com arn:aws:route53resolver:us-west-2:123456789012:resolver-rule/rslvr-rr-5328a0899aexample arn:aws:route53resolver:us-west-2:123456789012:resolver-endpoint/rslvr-in-60b9fd8fdbexample

a nomeação automática Amazon Route 53 foi lançada como um serviço separado, o AWS Cloud Map. Consulte AWS Cloud Map.

Amazon SageMaker

Sintaxe:

arn:aws:sagemaker:region:account-id:notebook-instance:notebookInstanceName arn:aws:sagemaker:region:account-id:notebook-instance-lifecycle-config:notebookInstanceLifecycleConfigName arn:aws:sagemaker:region:account-id:training-job:trainingJobName arn:aws:sagemaker:region:account-id:model:modelName arn:aws:sagemaker:region:account-id:endpoint:endpointName arn:aws:sagemaker:region:account-id:endpoint-config:endpointConfigName arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job:hyperParameterTuningJobName arn:aws:sagemaker:region:account-id:transform-job:transformJobName

Exemplos:

arn:aws:sagemaker:us-east-1:123456789012:notebook-instance:my-notebookInstance-1 arn:aws:sagemaker:us-east-1:123456789012:notebook-instance-lifecycle-config:my-notebookInstanceLifecycleConfig-1 arn:aws:sagemaker:us-east-1:123456789012:training-job:my-trainingJob-1 arn:aws:sagemaker:us-east-1:123456789012:model:my-mlModel-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint:my-endpoint-1 arn:aws:sagemaker:us-east-1:123456789012:endpoint-config:my-endpointConfig-1 arn:aws:sagemaker:us-east-1:123456789012:hyper-parameter-tuning-job:my-hp-tuningJob-1 arn:aws:sagemaker:us-east-1:123456789012:transform-job:my-transformJob-1

AWS Secrets Manager

Sintaxe:

arn:aws:secretsmanager:region:account_id:secret:path/friendly_secret_name-uniqueness_code

Cada segredo inclui um caminho opcional, o nome amigável do segredo conforme fornecido pelo usuário e, por fim, um traço seguido por um código aleatório de 6 dígitos gerado pela AWS.

Exemplo:

arn:aws:secretsmanager:us-east-1:123456789012:secret:myfolder/MyFirstSecret-ocq1Wq

AWS Serverless Application Repository

Sintaxe:

arn:aws:serverlessrepo:region:account-id:applications/application-name arn:aws:serverlessrepo:region:account-id:applications/application-name/versions/symantic-version

Exemplos:

arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp arn:aws:serverlessrepo:us-east-1:123456789012:applications/myApp/versions/1.0.0

Amazon Simple Email Service (Amazon SES)

No Amazon SES, os ARNs são usados com mais frequência para configurar a autorização de envio. Para obter mais informações, consulte Usar a autorização de envio com o Amazon SES no Guia do desenvolvedor do Amazon Simple Email Service.

Sintaxe:

arn:aws:ses:region:account-id:identity/identity

Exemplos:

arn:aws:ses:us-east-1:123456789012:identity/example.com arn:aws:ses:us-east-1:123456789012:identity/sender@example.net

Amazon Simple Notification Service (Amazon SNS)

Sintaxe:

arn:aws:sns:region:account-id:topicname arn:aws:sns:region:account-id:topicname:subscriptionid

Exemplos:

arn:aws:sns:*:123456789012:my_corporate_topic arn:aws:sns:us-east-1:123456789012:my_corporate_topic:02034b43-fefa-4e07-a5eb-3be56f8c54ce

Amazon Simple Queue Service (Amazon SQS)

Sintaxe:

arn:aws:sqs:region:account-id:queuename

Exemplo:

arn:aws:sqs:us-east-1:123456789012:queue1

Amazon Simple Storage Service (Amazon S3)

Sintaxe:

arn:aws:s3:::bucket_name arn:aws:s3:::bucket_name/key_name

nota

O Amazon S3 não exige um número de conta ou região nos ARNs. Se você especificar um ARN para uma política, também poderá usar um caractere curinga"*" na parte do ID relativo do ARN.

Exemplos:

arn:aws:s3:::my_corporate_bucket arn:aws:s3:::my_corporate_bucket/exampleobject.png arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

Para obter mais informações, consulte Especificar recursos em uma política no Guia do desenvolvedor do Amazon Simple Storage Service.

Amazon Simple Workflow Service (Amazon SWF)

Sintaxe:

arn:aws:swf:region:account-id:/domain/domain_name

Exemplos:

arn:aws:swf:us-east-1:123456789012:/domain/department1 arn:aws:swf:*:123456789012:/domain/*

AWS Step Functions

Sintaxe:

arn:aws:states:region:account-id:activity:activityName arn:aws:states:region:account-id:stateMachine:stateMachineName arn:aws:states:region:account-id:execution:stateMachineName:executionName

Exemplos:

arn:aws:states:us-east-1:123456789012:activity:HelloActivity arn:aws:states:us-east-1:123456789012:stateMachine:HelloStateMachine arn:aws:states:us-east-1:123456789012:execution:HelloStateMachine:HelloStateMachineExecution

AWS Storage Gateway

Sintaxe:

arn:aws:storagegateway:region:account-id:gateway/gateway-id arn:aws:storagegateway:region:account-id:share/share-id arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:region:account-id:tape/tapebarcode arn:aws:storagegateway:region:account-id:gateway/gateway-id/target/iSCSItarget arn:aws:storagegateway:region:account-id:gateway/gateway-id/device/vtldevice

Exemplos:

arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B arn:aws:storagegateway:us-east-1:123456789012:share/share-17A34572 arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/volume/vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:tape/AMZNC8A26D arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/target/iqn.1997-05.com.amazon:vol-1122AABB arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12A3456B/device/AMZN_SGW-FF22CCDD_TAPEDRIVE_00010

nota

Para cada recurso da AWS Storage Gateway, é possível especificar um caractere curinga (*).

AWS Systems Manager

Sintaxe:

arn:aws:ssm:region:account-id:document/document_name arn:aws:ssm:region:account-id:parameter/parameter_name arn:aws:ssm:region:account-id:patchbaseline/baseline_id arn:aws:ssm:region:account-id:maintenancewindow/window_id arn:aws:ssm:region:account-id:automation-execution/execution_id arn:aws:ssm:region:account-id:automation-Activity/activity_name arn:aws:ssm:region:account-id:automation-definition/definitionName:version arn:aws:ssm:region:account-id:managed-instance/instance_id arn:aws:ssm:region:account-id:managed-instance-inventory/instance_id

Exemplos:

arn:aws:ssm:us-east-1:123456789012:document/highAvailabilityServerSetup arn:aws:ssm:us-east-1:123456789012:parameter/myParameterName arn:aws:ssm:us-east-1:123456789012:patchbaseline/pb-12345678901234567 arn:aws:ssm:us-east-1:123456789012:maintenancewindow/mw-12345678901234567 arn:aws:ssm:us-east-1:123456789012:automation-execution/123456-6789-1a2b3-c4d5-e1a2b3c4d arn:aws:ssm:us-east-1:123456789012:automation-activity/myActivityName arn:aws:ssm:us-east-1:123456789012:automation-definition/myDefinitionName:1 arn:aws:ssm:us-east-1:123456789012:managed-instance/mi-12345678901234567 arn:aws:ssm:us-east-1:123456789012:managed-instance-inventory/i-12345661

Transferência da AWs para SFTP

Sintaxe:

arn:aws:transfer:region:account-id:server/server-id arn:aws:transfer:region:account-id:user/server-id/username

Exemplo:

arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef arn:aws:transfer:us-east-1:123456789012:user/s-01234567890abcdef/user1

AWS Trusted Advisor

Sintaxe:

arn:aws:trustedadvisor:*:account-id:checks/categorycode/checkid

Exemplo:

arn:aws:trustedadvisor:*:123456789012:checks/fault_tolerance/BueAdJ7NrP

AWS WAF

Sintaxe, WAF Global (Usada para CloudFront):

arn:aws:waf::account-id:resource-type/resource-id

Sintaxe, WAF Regional (Usada para Balanceador de carga de aplicaçõess):

arn:aws:waf-regional::account-id:resource-type/resource-id

Exemplos:

arn:aws:waf::123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf-regional:us-east-1:123456789012:rule/41b5b052-1e4a-426b-8149-3595be6342c2 arn:aws:waf::123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf-regional:us-east-1:123456789012:webacl/3bffd3ed-fa2e-445e-869f-a6a7cf153fd3 arn:aws:waf::123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf-regional:us-east-1:123456789012:ipset/3f74bd8c-f046-4970-a1a7-41aa52e05480 arn:aws:waf::123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4 arn:aws:waf-regional:us-east-1:123456789012:bytematchset/d131bc0b-57be-4536-af1d-4894fd28acc4

Caminhos em ARNs

Alguns serviços permitem especificar um caminho para o nome do recurso. Por exemplo, no Amazon S3, o identificador de recursos é um nome de objeto que pode incluir barras (/) para formar um caminho. Da mesma forma, nomes de usuários e nomes de grupo do IAM podem incluir caminhos.

Em alguns casos, os caminhos podem incluir um caractere curinga, ou seja, um asterisco (*). Por exemplo, se estiver criando uma política do IAM e, no elemento Resource, quiser especificar que todos os usuários do IAM que têm o caminho product_1234, você poderá usar um curinga, como este:

arn:aws:iam::123456789012:user/Development/product_1234/*

Da mesma forma, no elemento Resource de uma política do IAM, no final do ARN, você pode especificar user/* para indicar todos os usuários, ou group/* para indicar todos os grupos, como nos exemplos a seguir:

"Resource":"arn:aws:iam::123456789012:user/*" "Resource":"arn:aws:iam::123456789012:group/*"

Você não pode usar um curinga para especificar todos os usuários no elemento Principal em uma política com base em recursos ou em uma política de confiança de função. Os grupos não são suportados como principais em nenhuma política.

O exemplo a seguir mostra ARNs para um bucket do Amazon S3 em que o nome do recurso inclui um caminho:

arn:aws:s3:::my_corporate_bucket/* arn:aws:s3:::my_corporate_bucket/Development/*

Você não pode usar um curinga na parte do ARN que especifica o tipo de recurso, como o termo user em um ARN do IAM.

O mencionado a seguir não é permitido:

arn:aws:iam::123456789012:u*

Namespaces de serviços da AWS

Ao criar políticas do IAM ou trabalhar com nomes de recursos da Amazon (ARNs), você identificará os serviços da AWS usando um namespace. Por exemplo, o namespace do Amazon S3 é s3, e o namespace do Amazon EC2 é ec2. Os namespaces são usados ao identificar ações e recursos.

O exemplo a seguir mostra uma política do IAM, na qual o valor dos elementos Action e os valores nos elementos Resource e Condition utilizam namespaces para identificar os serviços de ações e recursos.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": [ "arn:aws:ec2:us-west-2:123456789012:customer-gateway/*", "arn:aws:ec2:us-west-2:123456789012:dhcp-options/*", "arn:aws:ec2:us-west-2::image/*", "arn:aws:ec2:us-west-2:123456789012:instance/*", "arn:aws:iam::123456789012:instance-profile/*", "arn:aws:ec2:us-west-2:123456789012:internet-gateway/*", "arn:aws:ec2:us-west-2:123456789012:key-pair/*", "arn:aws:ec2:us-west-2:123456789012:network-acl/*", "arn:aws:ec2:us-west-2:123456789012:network-interface/*", "arn:aws:ec2:us-west-2:123456789012:placement-group/*", "arn:aws:ec2:us-west-2:123456789012:route-table/*", "arn:aws:ec2:us-west-2:123456789012:security-group/*", "arn:aws:ec2:us-west-2::snapshot/*", "arn:aws:ec2:us-west-2:123456789012:subnet/*", "arn:aws:ec2:us-west-2:123456789012:volume/*", "arn:aws:ec2:us-west-2:123456789012:vpc/*", "arn:aws:ec2:us-west-2:123456789012:vpc-peering-connection/*" ] }, { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::example_bucket/marketing/*" }, { "Effect": "Allow", "Action": "s3:ListBucket*", "Resource": "arn:aws:s3:::example_bucket", "Condition": {"StringLike": {"s3:prefix": "marketing/*"}} } ] }

A tabela a seguir contém o namespace para cada serviço da AWS.

Serviço Namespace
Alexa for Business a4b
API Gateway apigateway
Aplicativo Auto Scaling application-autoscaling
AWS Application Discovery Service discovery
Amazon AppStream appstream
AWS AppSync appsync
AWS Artifact artifact
Amazon Athena athena
Planos de Auto Scaling autoscaling-plans
AWS Batch batch
AWS Billing and Cost Management aws-portal
Orçamentos da AWS budgets
AWS Certificate Manager (ACM) acm
Autoridade de certificação privada do AWS Certificate Manager acm-pca
Amazon Chime chime
AWS Cloud9 cloud9
Amazon Cloud Directory clouddirectory
AWS CloudFormation cloudformation
Amazon CloudFront cloudfront
AWS CloudHSM cloudhsm
AWS Cloud Map servicediscovery
Amazon CloudSearch cloudsearch
AWS CloudTrail cloudtrail
Amazon CloudWatch cloudwatch
Eventos do Amazon CloudWatch events
Amazon CloudWatch Logs logs
CodeBuild codebuild
AWS CodeCommit codecommit
AWS CodeDeploy codedeploy
AWS CodePipeline codepipeline
AWS Code Signing para Amazon FreeRTOS signer
AWS CodeStar codestar
Seus Grupos de Usuários do Amazon Cognito cognito-idp
Identidades federadas do Amazon Cognito cognito-identity
Amazon Cognito Sync cognito-sync
Amazon Comprehend comprehend
AWS Config config
Amazon Connect connect
Relatório de uso e de custo da AWS cur
AWS Cost Explorer Service ce
AWS Data Pipeline datapipeline
AWS Database Migration Service (AWS DMS) dms
AWS Device Farm devicefarm
AWS Direct Connect directconnect
AWS Directory Service ds
Amazon DynamoDB dynamodb
Amazon DynamoDB Accelerator (DAX) dax
Amazon EC2 Auto Scaling autoscaling
Amazon Elastic Compute Cloud (Amazon EC2) ec2
Amazon Elastic Container Registry (Amazon ECR) ecr
Amazon Elastic Container Service (Amazon ECS) ecs
Amazon Elastic Container Service for Kubernetes (Amazon EKS) eks
AWS Elastic Beanstalk elasticbeanstalk
Amazon Elastic File System (Amazon EFS) elasticfilesystem
Elastic Load Balancing elasticloadbalancing
Amazon EMR elasticmapreduce
Amazon Elastic Transcoder elastictranscoder
Amazon ElastiCache elasticache
Amazon Elasticsearch Service (Amazon ES) es
AWS Firewall Manager fms
Amazon FreeRTOS freertos
Amazon GameLift gamelift
Amazon S3 Glacier glacier
AWS Global Accelerator globalaccelerator
AWS Glue glue
AWS IoT Greengrass greengrass
Amazon GuardDuty guardduty
AWS Health/Personal Health Dashboard health
AWS Identity and Access Management (IAM) iam
AWS Import/Export importexport
Amazon Inspector inspector
AWS IoT iot
AWS IoT Analytics iotanalytics
AWS IoT 1-Click iot1click
AWS Key Management Service (AWS KMS) kms
Amazon Kinesis Data Analytics kinesisanalytics
Amazon Kinesis Data Firehose firehose
Amazon Kinesis Data Streams kinesis
Amazon Streams de vídeo do Kinesis kinesisvideo
AWS Lambda lambda
Amazon Lex lex
Amazon Lightsail lightsail
Amazon Macie macie
Amazon Machine Learning machinelearning
AWS Marketplace aws-marketplace
AWS Marketplace Management Portal aws-marketplace-management
Amazon Mechanical Turk mechanicalturk
Amazon Mechanical Turk Público crowd
AWS Elemental MediaConnect mediaconnect
AWS Elemental MediaConvert mediaconvert
AWS Elemental MediaLive medialive
AWS Elemental MediaPackage mediapackage
AWS Elemental MediaStore mediastore
AWS Elemental MediaTailor mediatailor
Serviço de entrega de mensagens da Amazon ec2message
AWS Migration Hub mgh
Amazon Mobile Analytics mobileanalytics
AWS Mobile Hub mobilehub
Amazon MQ mq
AWS OpsWorks opsworks
AWS OpsWorks for Chef Automate ou AWS OpsWorks for Puppet Enterprise opsworks-cm
AWS Organizations organizations
Amazon Personalize personalize
Amazon Pinpoint mobiletargeting
Amazon Polly polly
Tabela de preços da AWS pricing
Amazon QuickSight quicksight
Amazon Redshift redshift
Amazon Rekognition rekognition
Amazon Relational Database Service (Amazon RDS) rds
AWS Resource Groups resource-groups
API de marcação por tags de grupos de recursos da Amazon tag
Amazon Route 53 route53
Domínios do Amazon Route 53 route53domains
Resolvedor do Amazon Route 53 route53resolver
Amazon SageMaker sagemaker
AWS Secrets Manager secretsmanager
AWS Security Token Service (AWS STS) sts
AWS Serverless Application Repository serverlessrepo
AWS Service Catalog servicecatalog
AWS Shield shield
AWS Shield Advanced shield
AWS SFTP transfer
Amazon Simple Email Service (Amazon SES) ses
Amazon Simple Notification Service (Amazon SNS) sns
Amazon Simple Queue Service (Amazon SQS) sqs
Amazon Simple Storage Service (Amazon S3) s3
Amazon Simple Workflow Service (Amazon SWF) swf
Amazon SimpleDB sdb
Logon único da AWS sso
AWS Snowball snowball
AWS Step Functions states
AWS Storage Gateway storagegateway
Amazon Sumerian sumerian
AWS Support support
AWS Systems Manager ssm
Amazon Textract textract
Amazon Transcribe transcribe
Amazon Translate translate
AWS Trusted Advisor trustedadvisor
Amazon Virtual Private Cloud (Amazon VPC) ec2
AWS WAF waf
Regional do AWS WAF waf-regional
Amazon WorkDocs workdocs
Amazon WorkMail workmail
Amazon WorkSpaces workspaces
Amazon WorkSpaces Application Manager wam
AWS X-Ray xray