New deal!

Join 90,000+ creators to write, schedule and publish on Twitter • Sign up for free → typefully.com

Get in Touch

Updated:

Amazon Resource Names (ARNs) format cheat sheet

Danny Steenman

This cheat sheet shows a complete overview of 300+ Amazon Resource Names (ARNs) references that you can apply to IAM policies within AWS.

In the official documentation, you find a general reference guide on using ARNs, that’s helpful to a certain extent.

But when you want to apply permissions on AWS resources, then you need the prefix name of the AWS service and the ARN in order to deny or allow actions on it.

To my knowledge there is no reference or specification available that allows us to see which ARNs are available. Therefore we use the AWS IAM Policy generator to scrape the available ARNs and publish them in this blog post.

What is an Amazon Resource Names (ARN)?

ARNs uniquely identify AWS resources across all of AWS.

The general format for an ARN looks like this:

arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id
  • partition – is the location where the resource is located. The available options are: aws, aws-cn and aws-us-gov.
  • service – is the AWS service name that’s being used as a reference. For the ARN format, you need to use the service prefix name (2nd column in the table below).
  • region – is the region that’s being used in your AWS account for the deployment of your AWS services/resources e.g. eu-central-1 for the data center in Frankfurt.
  • account-id – is the ID of the AWS account that owns the resource, this typically consists of 12 numbers, and here are instructions on how to find it on your account.
  • resource-id – is a unique identifier to distinguish multiple resources from the same AWS resource.
  • resource-type – AWS Services contain different types of resources, hence the resource type attribute. This lets you specify the resource in a more granular detail e.g. the service Amazon EC2 has a resource type called VPC.

A complete list of ARNs reference formats

The table is split up into 3 columns that help you to find the right ARN for the AWS resource.

Use the find feature in the browser, type in the AWS Service name e.g. Amazon S3 and you’ll see the service prefix name and the ARN format.

AWS Service NameAWS Service PrefixARN Format
AWS Account Managementaccountarn:aws:account::${Account}:account
AWS Amplify Adminamplifybackendarn:aws:amplifybackend:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Amplify UI Builderamplifyuibuilderarn:aws:amplifyuibuilder:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Amplifyamplifyarn:aws:amplify:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS App Mesh Previewappmesh-previewarn:aws:appmesh-preview:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS App Meshappmesharn:aws:appmesh:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS App Runnerapprunnerarn:aws:apprunner:${Region}:${Account}:${ResourceType}/${PathToResource}
AWS App2Containera2carn:${Partition}:a2c:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS AppConfigappconfigarn:aws:appconfig:${Region}:${Account}:${RelativeId}
AWS AppFabricappfabricarn:aws:appfabric:${Region}:${Account}:${ResourceInfo}
AWS AppSyncappsyncarn:aws:appsync:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Application Auto Scalingapplication-autoscalingarn:aws:application-autoscaling:${Region}:${Account}:${RelativeId}
AWS Application Migration Servicemgnarn:aws:mgn:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Artifactartifactarn:aws:artifact:::${Resource}
AWS Audit Managerauditmanagerarn:aws:auditmanager:::${ResourceType}/${ResourceName}
AWS Backup Gatewaybackup-gatewayarn:aws:backup-gateway:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Backup storagebackup-storagearn:${Partition}:backup-storage:${Region}:${Account}:${ResourceType}:${ResourceName}
AWS Backupbackuparn:aws:backup:${Region}:${Account}:${ResourceType}:${ResourceName}
AWS Batchbatcharn:aws:batch:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Billing Conductorbillingconductorarn:aws:billingconductor::${Account}:${ResourceType}
AWS Budget Servicebudgetsarn:aws:budgets::${Account}:budget/${BudgetName}
AWS BugBustbugbustarn:aws:bugbust:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Certificate Manageracmarn:aws:acm:${Region}:${Account}:${ArnType}/${ResourceId}
AWS Chatbotchatbotarn:aws:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}
AWS Clean Roomscleanroomsarn:aws:cleanrooms:${Region}:${Account}:${ResourceType}/${PathToResource}
AWS Cloud Control APIcloudformationarn:aws:cloudformation:${Region}:${Account}:${RelativeId}
AWS Cloud Mapservicediscoveryarn:aws:servicediscovery:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Cloud9cloud9arn:aws:cloud9:${Region}:${Account}:${ResourceType}:${ResourceId}
AWS CloudFormationcloudformationarn:aws:cloudformation:${Region}:${Account}:${ResourceType}/${Id}
AWS CloudHSMcloudhsmarn:aws:cloudhsm:${Region}:${Account}:${ResourceName}
AWS CloudShellcloudshellarn:aws:cloudshell:${Region}:${Account}:environment/${EnvironmentId}
AWS CloudTrail Datacloudtrail-dataarn:aws:cloudtrail:${Region}:${Account}:${Resource}
AWS CloudTrailcloudtrailarn:aws:cloudtrail:${Region}:${Account}:${Resource}
AWS CloudWatch RUMrumarn:aws:rum:${Region}:${Account}:appmonitor/${Name}
AWS CodeArtifactcodeartifactarn:aws:codeartifact:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS CodeBuildcodebuildarn:aws:codebuild:${Region}:${Account}:build/${BuildId}
AWS CodeCommitcodecommitarn:aws:codecommit:${Region}:${Account}:${RepositoryName}
AWS CodeDeploycodedeployarn:aws:codedeploy:${Region}:${Account}:${ResourceType}:${ResourceSpecifier}
AWS CodePipelinecodepipelinearn:aws:codepipeline:${Region}:${Account}:${PathToPipelineResource}
AWS CodeStar Connectionscodestar-connectionsarn:aws:codestar-connections:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS CodeStar Notificationscodestar-notificationsarn:aws:codestar-notifications:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS CodeStarcodestararn:aws:codestar:${Region}:${Account}:project/${ResourceId}
AWS Configconfigarn:aws:config:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Connector Serviceawsconnectorarn:aws:${serviceName}:${region}:${account-id}:${resource-type}/${resource_name}
AWS Console Mobile Appconsoleapparn:aws:consoleapp:${Region}:${Account}:${ResourceType}
AWS Consolidated Billingconsolidatedbillingarn:${Partition}:consolidatedbilling::${Account}:${ResourceType}/${ResourceId}
AWS Control Towercontroltowerarn:${Partition}:controltower:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Cost Explorer Servicecearn:aws:ce::${Account}:${ResourceType}/${ResourceName}
AWS Cost and Usage Reportcurarn:aws:cur:${Region}:${Account}:definition/${ResourceName}
AWS Data Exchangedataexchangearn:aws:dataexchange:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Data Pipelinedatapipelinearn:aws:datapipeline:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS DataSyncdatasyncarn:aws:datasync:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Database Migration Servicedmsarn:aws:dms:${Region}:${Account}:${Resource}
AWS DeepComposerdeepcomposerarn:aws:deepcomposer:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS DeepLensdeeplensarn:aws:deeplens:${region}:${account-id}:${resource-type}/${resource_name}
AWS DeepRacerdeepracerarn:aws:deepracer:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Device Farmdevicefarmarn:aws:devicefarm:${Region}:${Account}:${ResourceType}:${ResourceId}
AWS Direct Connectdirectconnectarn:aws:directconnect:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Directory Servicedsarn:aws:ds:${Region}:${Account}:${RelativeId}
AWS Elastic Beanstalkelasticbeanstalkarn:aws:elasticbeanstalk:${Region}:${AccountID}:${ResourceType}/${PathToResource}
AWS Elastic Disaster Recoverydrsarn:aws:drs:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Elastic Load Balancing V2elasticloadbalancingarn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Elastic Load Balancingelasticloadbalancingarn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Elemental Appliances and Software Activation Serviceelemental-activationsarn:aws:elemental-activations:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Elemental Appliances and Softwareelemental-appliances-softwarearn:aws:elemental-appliances-software:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Elemental MediaConnectmediaconnectarn:aws:mediaconnect:${Region}:${Account}:${Namespace}:${RelativeId}:${RelativeName}
AWS Elemental MediaConvertmediaconvertarn:aws:mediaconvert:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Elemental MediaLivemedialivearn:aws:medialive:${Region}:${Account}:${ResourceType}:${ResourceId}
AWS Elemental MediaPackage V2mediapackagev2arn:aws:mediapackagev2:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}
AWS Elemental MediaPackage VODmediapackage-vodarn:aws:mediapackage-vod:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}
AWS Elemental MediaPackagemediapackagearn:aws:mediapackage:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}
AWS Elemental MediaStoremediastorearn:aws:mediastore:${Region}:${Account}:${Resource}
AWS Elemental MediaTailormediatailorarn:aws:mediatailor:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Elemental Support Caseselemental-support-casesarn:${Partition}:elemental-support-cases:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Elemental Support Contentelemental-support-contentarn:${Partition}:elemental-support-content:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Entity Resolutionentityresolutionarn:aws:entityresolution:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Fault Injection Simulatorfisarn:aws:fis:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Firewall Managerfmsarn:aws:fms:${Region}:${Account}:${Resource}/${Id}
AWS Global Acceleratorglobalacceleratorarn:aws:globalaccelerator::${Account}:accelerator/${AcceleratorId}
AWS Glue DataBrewdatabrewarn:aws:databrew:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Gluegluearn:aws:glue:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Ground Stationgroundstationarn:aws:groundstation:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Health APIs and Notificationshealtharn:aws:health::${Namespace}:${RelativeId}
AWS HealthImagingmedical-imagingarn:aws:medical-imaging:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS HealthLakehealthlakearn:aws:healthlake:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS HealthOmicsomicsarn:aws:omics:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS IAM Access Analyzeraccess-analyzerarn:aws:access-analyzer:${Region}:${Account}:analyzer/${AnalyzerName}
AWS IAM Identity Center (successor to AWS Single Sign-On) directorysso-directoryarn:${Partition}:sso-directory:${Region}:${Account}:${RelativeId}
AWS IAM Identity Center (successor to AWS Single Sign-On)ssoarn:aws:sso:::${RelativeId}
AWS IQ Permissionsiq-permissionarn:aws:iq-permission:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS IQiqarn:aws:iq:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Identity Store Authidentitystore-autharn:${Partition}:identitystore-auth:${Region}:${Account}:${RelativeId}
AWS Identity Storeidentitystorearn:aws:identitystore::${Account}:${ResourceType}/${ResourceId}
AWS Identity Syncidentity-syncarn:aws:identity-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Identity and Access Management (IAM)iamarn:aws:iam::${Account}:${ResourceType}/${ResourceName}
AWS Identity and Access Management Roles Anywhererolesanywherearn:aws:rolesanywhere:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS IoT 1-Clickiot1clickarn:aws:iot1click:${Region}:${Account}:${Type}/${Name}
AWS IoT Analyticsiotanalyticsarn:aws:iotanalytics:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS IoT Core Device Advisoriotdeviceadvisorarn:aws:iotdeviceadvisor:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS IoT Device Testeriot-device-testerarn:${Partition}:iot-device-tester:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS IoT Eventsioteventsarn:aws:iotevents:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS IoT Fleet Hub for Device Managementiotfleethubarn:aws:iotfleethub:${Region}:${AccountId}:${ResourceType}/${ResourceName}
AWS IoT FleetWiseiotfleetwisearn:aws:iotfleetwise:${Region}:${Account}:${Type}/${Name}
AWS IoT Greengrass V2greengrassarn:aws:greengrass:${Region}:${Account}:${ResourceType}:${ResourcePath}
AWS IoT Greengrassgreengrassarn:aws:greengrass:${Region}:${Account}:/greengrass/${ResourceType}/${ResourcePath}
AWS IoT Jobs DataPlaneiotjobsdataarn:aws:iot:${Region}:${Account}:${Type}/${Name}
AWS IoT RoboRunneriotroborunnerarn:aws:iotroborunner:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS IoT SiteWiseiotsitewisearn:aws:iotsitewise:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS IoT TwinMakeriottwinmakerarn:aws:iottwinmaker:${Region}:${Account}:${ResourceType}/${ResourceTypeId}
AWS IoT Wirelessiotwirelessarn:aws:iotwireless:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS IoTiotarn:aws:iot:${Region}:${Account}:${Type}/${Name}
AWS Key Management Servicekmsarn:aws:kms:${Region}:${Account}:${ResourceType}/${Id}
AWS Lake Formationlakeformationarn:${Partition}:lakeformation:${Region}:${Account}:${ResourceType}/${ResourcePath}
AWS Lambdalambdaarn:aws:lambda:${Region}:${Account}:${ResourceType}:${ResourceId}
AWS License Managerlicense-managerarn:aws:license-manager:${Region}:${Account}:${ResourceType}:${ResourceId}
AWS Mainframe Modernization Servicem2arn:aws:m2:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Marketplace Catalogaws-marketplacearn:aws:aws-marketplace:${Region}:${Account}:${Catalog}/${ResourceType}/${ResourceId}
AWS Marketplace Management Portalaws-marketplace-managementarn:${Partition}:Marketplace:${Region}:${Account}:${Resource}
AWS Marketplace Seller Reportingaws-marketplacearn:aws:aws-marketplace::${Account}:${Catalog}/${ResourceType}/${ResourcePath}
AWS Marketplace Vendor Insightsvendor-insightsarn:aws:vendor-insights:::${ResourceType}:${ResourceId}
AWS Microservice Extractor for .NETserviceextractarn:${Partition}:serviceextract:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Migration Acceleration Program Creditsmapcreditsarn:aws:mapcredits:::${ResourceType}/${ResourceId}
AWS Migration Hub Orchestratormigrationhub-orchestratorarn:aws:migrationhub-orchestrator:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Migration Hub Refactor Spacesrefactor-spacesarn:aws:refactor-spaces:${Region}:${Account}:${ResourceType}/${RelativeId}
AWS Migration Hub Strategy Recommendationsmigrationhub-strategyarn:${Partition}:iam:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Migration Hubmgharn:aws:mgh:${region}:${namespace}:${relative-id}
AWS Mobile Hubmobilehubarn:aws:mobilehub:${region}:${aws_account_ID}:project/${project_ID}
AWS Network Firewallnetwork-firewallarn:aws:network-firewall:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Network Managernetworkmanagerarn:aws:networkmanager::${Account}:${ResourceType}/${ResourceName}
AWS OpsWorks Configuration Managementopsworks-cmarn:aws:opsworks-cm:${region}:${account}:${resourceType}/${id}
AWS OpsWorksopsworksarn:aws:${ServiceName}:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Organizationsorganizationsarn:aws:organizations::${Account}:${Resource}/o-${OrganizationId}(/${ResourceType}/${ResourceId})?
AWS Outpostsoutpostsarn:aws:outposts:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Panoramapanoramaarn:aws:panorama:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Payment Cryptographypayment-cryptographyarn:aws:payment-cryptography:${Region}:${Account}:${ResourceType}/${Id}
AWS Performance Insightspiarn:aws:pi:${Region}:${Account}:${ResourceType}/${RelativeId}
AWS Private CA Connector for Active Directorypca-connector-adarn:aws:pca-connector-ad:${Region}:${Account}:${ResourceType}
AWS Private Certificate Authorityacm-pcaarn:aws:acm-pca:${Region}:${Account}:${ARNType}/${ResourceId}
AWS Protonprotonarn:aws:proton:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Purchase Orders Consolepurchase-ordersarn:aws:purchase-orders::${Account}:${ResourceType}/${ResourceName}
AWS Recycle Binrbinarn:aws:rbin:${Region}:${Account}:rule/${ResourceName}
AWS Resilience Hubresiliencehubarn:aws:resiliencehub:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Resource Access Manager (RAM)ramarn:aws:ram:${Region}:${Account}:resource-share/${ResourceUUID}
AWS Resource Explorerresource-explorer-2arn:aws:resource-explorer-2:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}
AWS Resource Groupsresource-groupsarn:aws:resource-groups:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS RoboMakerrobomakerarn:aws:robomaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}
AWS SQL Workbenchsqlworkbencharn:aws:sqlworkbench:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Savings Planssavingsplansarn:aws:savingsplans::${Account}:${ResourceType}/${ResourcePath}
AWS Secrets Managersecretsmanagerarn:aws:secretsmanager:${Region}:${Account}:secret:${SecretId}
AWS Security Hubsecurityhubarn:aws:securityhub:${Region}:${Account}:.+
AWS Security Token Servicestsarn:aws:iam::${Account}:${RelativeId}
AWS Server Migration Servicesmsarn:aws:${serviceName}:${region}:${account-id}:${resource-type}/${resource_name}
AWS Serverless Application Repositoryserverlessrepoarn:aws:serverlessrepo:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Service Catalogservicecatalogarn:aws:(catalog|servicecatalog):${Region}:${Account}:${ResourceType}/${Id}
AWS Shieldshieldarn:aws:shield::${Account}:${Resource}/${ResourceId}
AWS Signersignerarn:aws:signer:${Region}:${Account}:/${ResourceType}/${ResourceIdentifier}
AWS SimSpace Weaversimspaceweaverarn:aws:simspaceweaver:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Snow Device Managementsnow-device-managementarn:aws:snow-device-management:${region}:${account-id}:${resource-type}/${resource_name}
AWS Step Functionsstatesarn:aws:states:${Region}:${Account}:${ResourceType}:${ResourceName}
AWS Storage Gatewaystoragegatewayarn:aws:storagegateway:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Supply Chainscnarn:aws:scn:${Region}:${Account}:instance/
AWS Support Planssupportplansarn:${Partition}:supportplans::${Account}:${ResourceType}/${ResourcePath}
AWS Sustainabilitysustainabilityarn:${Partition}:sustainability:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Systems Manager Incident Manager Contactsssm-contactsarn:aws:ssm-contacts:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS Systems Manager Incident Managerssm-incidentsarn:aws:ssm-incidents::${Account}:${ResourceType}/${ResourceId}
AWS Systems Manager for SAPssm-saparn:aws:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}
AWS Systems Managerssmarn:aws:ssm:${Region}:${Account}:${RelativeId}
AWS Tag Editorresource-explorerarn:${Partition}:resource-explorer:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Telco Network Buildertnbarn:aws:tnb:${Region}:${Account}:${RelativeId}
AWS Tirostirosarn:${Partition}:tiros:${Region}:${Account}:${RelativeId}
AWS Transfer Familytransferarn:aws:transfer:${Region}:${Account}:${ResourceType}/${ResourceName}
AWS Trusted Advisortrustedadvisorarn:aws:trustedadvisor:${Region}:${Account}:checks/${Category}/${CheckId}
AWS User Notifications Contactsnotifications-contactsarn:aws:notifications-contacts::${Account}:${ResourceType}/${ResourceId}
AWS User Notificationsnotificationsarn:aws:notifications::${Account}:${ResourceType}/${ResourceId}
AWS WAF Regionalwaf-regionalarn:aws:waf-regional:${Region}:${Account}:${ResourceId}/${Id}
AWS WAF V2wafv2arn:aws:wafv2:${Region}:${Account}:${Scope}/${ResourceType}/${ResourceName}/${ResourceId}
AWS WAFwafarn:aws:waf::${Account}:${ResourceId}/${Id}
AWS Well-Architected Toolwellarchitectedarn:aws:wellarchitected:${Region}:${Account}:${ResourceName}/${ResourceId}
AWS Wickrwickrarn:aws:wickr:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS X-Rayxrayarn:aws:xray:${Region}:${Account}:${ResourceType}/${ResourceId}
AWS service providing managed private networksprivate-networksarn:aws:private-networks:${Region}:${Account}:${RelativeId}
Alexa for Businessa4barn:aws:a4b:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon API Gateway Management V2apigatewayarn:aws:apigateway:${Region}::${ApiGatewayResourcePath}
Amazon API Gateway Managementapigatewayarn:aws:apigateway:${Region}::${ApiGatewayResourcePath}
Amazon API Gatewayexecute-apiarn:aws:execute-api:${region}:${account_id}:${api_id}/${stage}/${method}/${api_specific_resource_path}
Amazon AppFlowappflowarn:aws:appflow:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon AppIntegrationsapp-integrationsarn:aws:app-integrations:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon AppStream 2.0appstreamarn:aws:appstream:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Athenaathenaarn:aws:athena:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Bedrockbedrockarn:aws:bedrock:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Braketbraketarn:aws:braket:{$Region}:{$AccountI}}:.+
Amazon Chimechimearn:aws:chime:${Region}:${Account}:${ResourceType}/${ResourceID}
Amazon Cloud Directoryclouddirectoryarn:aws:clouddirectory::${Region}:${Account}:${RelativeId}
Amazon CloudFrontcloudfrontarn:aws:cloudfront:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon CloudSearchcloudsearcharn:aws:cloudsearch:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon CloudWatch Evidentlyevidentlyarn:aws:evidently:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon CloudWatch Internet Monitorinternetmonitorarn:aws:internetmonitor:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon CloudWatch Logslogsarn:aws:logs:${Region}:${Account}:.+
Amazon CloudWatch Observability Access Manageroamarn:aws:oam:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon CloudWatch Syntheticssyntheticsarn:aws:synthetics:${Region}:${Account}:${ResourceType}:${ResourceName}
Amazon CloudWatchcloudwatcharn:aws:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon CodeCatalystcodecatalystarn:aws:codecatalyst:${Region}:${Account}:${RelativeId}
Amazon CodeGuru Profilercodeguru-profilerarn:aws:codeguru-profiler:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon CodeGuru Reviewercodeguru-reviewerarn:aws:codeguru-reviewer:${Region}:${Account}:${ResourceType}:${ResourceName}
Amazon CodeGuru Securitycodeguru-securityarn:aws:codeguru-security:${Region}:${Account}:*
Amazon CodeGurucodeguruarn:${Partition}:codeguru:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon CodeWhisperercodewhispererarn:aws:codewhisperer:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Cognito Identitycognito-identityarn:aws:cognito-identity:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Cognito Synccognito-syncarn:aws:cognito-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}:
Amazon Cognito User Poolscognito-idparn:aws:cognito-idp:${Region}:${Account}:${ResourceType}/${ResourcePath}:
Amazon Comprehend Medicalcomprehendmedicalarn:${Partition}:comprehendmedical:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Comprehendcomprehendarn:aws:comprehend:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Connect Casescasesarn:aws:cases:${Region}:${Account}:domain/${DomainId}
Amazon Connect Customer Profilesprofilearn:aws:profile:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Connect Voice IDvoiceidarn:aws:voiceid:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Connect Wisdomwisdomarn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId}
Amazon Connectconnectarn:aws:connect:${Region}:${Account}:instance/${InstanceId}
Amazon Data Lifecycle Managerdlmarn:aws:dlm:${Region}:${Account}:policy/${ResourceName}
Amazon DataZone Controldatazonecontrolarn:aws:datazonecontrol:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon DataZonedatazonearn:${Partition}:datazone:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Detectivedetectivearn:aws:detective:${Region}:${Account}:graph:${GraphId}
Amazon DevOps Gurudevops-guruarn:aws:devops-guru:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon DocumentDB Elastic Clustersdocdb-elasticarn:aws:docdb-elastic:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon DynamoDB Accelerator (DAX)daxarn:aws:dax:${Region}:${Account}:cache/${ClusterName}
Amazon DynamoDBdynamodbarn:aws:dynamodb:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon EC2 Auto Scalingautoscalingarn:aws:autoscaling:${Region}:${Account}:${RelativeId}
Amazon EC2 Image Builderimagebuilderarn:aws:imagebuilder:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon EC2 Instance Connectec2-instance-connectarn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon EC2ec2arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon EMR Serverlessemr-serverlessarn:aws:emr-serverless:${Region}:${Account}:/${ResourceType}/${ResourcePath}
Amazon EMR on EKS (EMR Containers)emr-containersarn:aws:emr-containers:${Region}:${Account}:/${ResourceType}/${ResourcePath}
Amazon ElastiCacheelasticachearn:aws:elasticache:${Region}:${Account}:${ResourceType}:${ResourceName}
Amazon Elastic Block Storeebsarn:aws:ebs:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Elastic Container Registry Publicecr-publicarn:aws:ecr-public::${Account}:${RepositoryOrRegistry}/${RepositoryNameOrAccountId}
Amazon Elastic Container Registryecrarn:aws:ecr:${Region}:${Account}:repository/${RepositoryName}
Amazon Elastic Container Serviceecsarn:aws:ecs:${Region}:${Account}:${ResourceType}/${RelativeId}
Amazon Elastic File Systemelasticfilesystemarn:aws:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Elastic Inferenceelastic-inferencearn:aws:elastic-inference:${region}:${account-id}:elastic-inference-accelerator/${identifier}
Amazon Elastic Kubernetes Serviceeksarn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId}
Amazon Elastic MapReduceelasticmapreducearn:aws:elasticmapreduce:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Elastic Transcoderelastictranscoderarn:aws:elastictranscoder:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon EventBridge Pipespipesarn:aws:pipes:${Region}:${Account}:pipe/${PipeName}
Amazon EventBridge Schedulerschedulerarn:aws:scheduler:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon EventBridge Schemasschemasarn:aws:schemas:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon EventBridgeeventsarn:aws:events:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon FSxfsxarn:aws:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon FinSpace APIfinspace-apiarn:aws:finspace-api:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon FinSpacefinspacearn:aws:finspace:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Forecastforecastarn:aws:forecast:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Fraud Detectorfrauddetectorarn:aws:frauddetector:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon FreeRTOSfreertosarn:aws:freertos:${Region}:${Account}:${Type}/${Name}
Amazon GameLiftgameliftarn:aws:gamelift:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon GameSparksgamesparksarn:aws:gamesparks:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon GroundTruth Labelinggroundtruthlabelingarn:${Partition}:groundtruthlabeling:${region}:${account}:${resourceType}/${resourcePath}
Amazon GuardDutyguarddutyarn:aws:guardduty:${Region}:${Account}:.+
Amazon Honeycodehoneycodearn:aws:honeycode:${Region}:${Account}:${ResourceType}:${ResourcePath}
Amazon Inspector2inspector2arn:aws:inspector2:${Region}:${Account}:.+
Amazon Interactive Video Service Chativschatarn:aws:ivschat:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Interactive Video Serviceivsarn:aws:ivs:${Region}:${Account}:${ArnType}/${ResourceId}
Amazon Kendra Intelligent Rankingkendra-rankingarn:aws:kendra-ranking:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Kendrakendraarn:aws:kendra:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Keyspaces (for Apache Cassandra)cassandraarn:aws:cassandra:${Region}:${Account}:/${ResourceType}/${ResourcePath}/
Amazon Kinesis Analytics V2kinesisanalyticsarn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}
Amazon Kinesis Analyticskinesisanalyticsarn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}
Amazon Kinesis Data Streamskinesisarn:aws:kinesis:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Kinesis Firehosefirehosearn:aws:firehose:{Region}:{Account}:deliverystream/${DeliveryStreamName}
Amazon Kinesis Video Streamskinesisvideoarn:aws:kinesisvideo:${Region}:${Account}:${ResourceType}/${ResourceName}/${CreationTime}
Amazon Lex V2lexarn:aws:lex:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Lexlexarn:aws:lex:${Region}:${Account}:${Type}:${Name}
Amazon Lightsaillightsailarn:aws:lightsail:${Region}:${Account}:${ResourceType}/${Id}
Amazon Locationgeoarn:aws:geo:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Lookout for Equipmentlookoutequipmentarn:aws:lookoutequipment:${Region}:${Account}:${ResourceType}/${ResourceName}/${ResourceId}
Amazon Lookout for Metricslookoutmetricsarn:aws:lookoutmetrics:${Region}:${AccountId}:${ResourceType}:${ResourceName}
Amazon Lookout for Visionlookoutvisionarn:aws:lookoutvision:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon MQmqarn:aws:mq:${Region}:${Account}:.+
Amazon Machine Learningmachinelearningarn:aws:machinelearning:${Region}:${Account}:${ResourceType}/${RelativeID}
Amazon Maciemacie2arn:aws:macie2:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Managed Blockchain Querymanagedblockchain-queryarn:${Partition}:managedblockchain-query:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Managed Blockchainmanagedblockchainarn:aws:managedblockchain:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Managed Grafanagrafanaarn:aws:grafana:${Region}:${Account}:/${ResourceType}/${ResourceId}
Amazon Managed Service for Prometheusapsarn:aws:aps:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Managed Streaming for Apache Kafkakafkaarn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceName}/${Uuid}
Amazon Managed Streaming for Kafka Connectkafkaconnectarn:aws:kafkaconnect:${Region}:${Account}:${ResourceType}/${ResourceName}/${UUID}
Amazon Managed Workflows for Apache Airflowairflowarn:aws:airflow:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon MemoryDBmemorydbarn:aws:memorydb:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Monitronmonitronarn:aws:monitron:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Neptuneneptune-dbarn:aws:neptune-db:${Region}:${Account}:${Id}/*
Amazon Nimble Studionimblearn:aws:nimble:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon OpenSearch Ingestionosisarn:aws:osis:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon OpenSearch Serverlessaossarn:aws:aoss:${Region}:${Account}:${Resource}
Amazon OpenSearch Serviceesarn:aws:es:${Region}:${Account}:${Resource}
Amazon Personalizepersonalizearn:aws:personalize:${Region}:${Account}:${Resourcename}/${ResourceId}
Amazon Pinpoint Email Servicesesarn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Pinpoint SMS Voice V2sms-voicearn:aws:sms-voice:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Pinpoint SMS and Voice Servicesms-voicearn:aws:sms-voice:${region}:${account-id}:${resource-type}/${resource_name}
Amazon Pinpointmobiletargetingarn:aws:mobiletargeting:${Region}:${Account}:.+
Amazon Pollypollyarn:aws:polly:${Region}:${Account}:lexicon/${RelativeId}
Amazon QLDBqldbarn:aws:qldb:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon QuickSightquicksightarn:aws:quicksight:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon RDS Data APIrds-dataarn:aws:rds:${Region}:${Account}:${RelativeId}
Amazon RDS IAM Authenticationrds-dbarn:aws:rds-db:${region}:${account-id}:dbuser:${dbi-resource-id}/${db-user-name}
Amazon RDSrdsarn:aws:rds:${Region}:${Account}:${RelativeId}
Amazon RHEL Knowledgebase Portalrhelkbarn:${Partition}:rhelkb:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Redshift Data APIredshift-dataarn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Redshift Serverlessredshift-serverlessarn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Redshiftredshiftarn:aws:redshift:${Region}:${Account}:${RelativeId}
Amazon Rekognitionrekognitionarn:aws:rekognition:${Region}:${Account}:${RelativeId}
Amazon Route 53 Application Recovery Controller – Zonal Shiftarc-zonal-shiftarn:aws:arc-zonal-shift:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Route 53 Recovery Clusterroute53-recovery-clusterarn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}
Amazon Route 53 Recovery Controlsroute53-recovery-control-configarn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}
Amazon Route 53 Recovery Readinessroute53-recovery-readinessarn:aws:route53-recovery-readiness::${Account}:${ResourceType}/${ResourceName}
Amazon Route 53 Resolverroute53resolverarn:aws:route53resolver:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Route 53route53arn:aws:route53:::${Resource}/{$Id}
Amazon S3 Glacierglacierarn:aws:glacier:${Region}:${Account}:vault/${VaultName}
Amazon S3 Object Lambdas3-object-lambdaarn:aws:s3-object-lambda:::accesspoint/${access point name}
Amazon S3 on Outpostss3-outpostsarn:aws:s3-outposts:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon S3s3arn:aws:s3:::${BucketName}/${KeyName}
Amazon SESsesarn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon SNSsnsarn:aws:sns:${Region}:${Account}:${TopicName}
Amazon SQSsqsarn:aws:sqs:${Region}:${Account}:${QueueName}
Amazon SageMaker Ground Truth Syntheticsagemaker-groundtruth-syntheticarn:${Partition}:sagemaker-groundtruth-synthetic:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon SageMaker geospatial capabilitiessagemaker-geospatialarn:aws:sagemaker-geospatial:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon SageMakersagemakerarn:aws:sagemaker:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Security Lakesecuritylakearn:aws:securitylake:${Region}:${Account}:${ResourceType}/${ResourcePath}
Amazon Simple Email Service v2sesarn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon Simple Workflow Serviceswfarn:aws:swf:${Region}:${Account}:/domain/${DomainName}
Amazon SimpleDBsdbarn:aws:sdb:${Region}:${Account}:domain/${DomainName}
Amazon Textracttextractarn:${Partition}:textract:${Region}:${Account}:${RelativeId}
Amazon Timestreamtimestreamarn:aws:timestream:${Region}:${Account}:database/${DatabaseName}/table/${TableName}
Amazon Transcribetranscribearn:aws:transcribe:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon Translatetranslatearn:aws:translate:${Region}:${Account}:${ResourceType}/${ResourceName}
Amazon VPC Lattice Servicesvpc-lattice-svcsarn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}
Amazon VPC Latticevpc-latticearn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}
Amazon Verified Permissionsverifiedpermissionsarn:aws:verifiedpermissions:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon WorkLinkworklinkarn:aws:worklink::${Account}:${ResourceType}/${ResourcePath}
Amazon WorkMail Message Flowworkmailmessageflowarn:aws:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId}
Amazon WorkMailworkmailarn:aws:workmail:${Region}:${Account}:${ResourceType}/${ResourceId}
Amazon WorkSpaces Webworkspaces-webarn:aws:workspaces-web:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}
Amazon WorkSpacesworkspacesarn:aws:workspaces:${Region}:${Account}:*
AmazonMediaImportmediaimportarn:aws:mediaimport:${Region}:${Account}/*
Apache Kafka APIs for Amazon MSK clusterskafka-clusterarn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceDescriptor}
Database Query Metadata Servicedbqmsarn:${Partition}:dbqms::
High-volume outbound communicationsconnect-campaignsarn:aws:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}
Service Quotasservicequotasarn:aws:servicequotas:${Region}:${Account}:${ResourceType}/${ResourceName}
A table containing a complete list of ARNs for all AWS Services

Note: The data was collected by using a script that reads the assets that are used by the AWS Policy Generator.

You can bookmark this page so use you can revisit it later to look up other ARN formats and prefix names quickly when creating your IAM policies.

I’ve also created cheat sheets for CloudFormation properties and attributes to help you develop infrastructure and code more quickly.

Want to join us? Join for tips, strategies, and resources that I use in my solo cloud agency to build well-architected, resilient, and cost-optimized AWS solutions on AWS.

Join 1k+ AWS Cloud enthusiasts
Loved by engineers worldwide
, ,

Related posts

Danny Steenman

A Senior AWS Cloud Engineer with over 9 years of experience migrating workloads from on-premises to AWS Cloud.

I have helped companies of all sizes shape their cloud adoption strategies, optimizing operational efficiency, reducing costs, and improving organizational agility.

Connect with me today to discuss your cloud aspirations, and let’s work together to transform your business by leveraging the power of AWS Cloud.

I need help with..
stacked cubes
Improving or managing my CDK App.Maximize the potential of your AWS CDK app by leveraging the expertise of a seasoned CDK professional.
Reducing AWS Costs.We can start by doing a thorough assessment of your current AWS infrastructure, identifying areas with potential for cost reduction and efficiency improvement.
Verifying if my infrastructure is reliable and efficient.We’ve created a comprehensive AWS Operations Checklist that you can utilize to quickly verify if your AWS Resources are set up reliably and efficiently.