Amazon Resource Names (ARNs) Reference
Search AWS service prefixes and Amazon Resource Name formats for IAM policies and resource references.
Generated AWS ARN reference data
Generated from AWS Policy Generator data for searchable Amazon Resource Name lookups.
200 of 426 matching rows shown
| AWS service name | Service prefix | ARN format |
|---|---|---|
| Alexa for Business | a4b | arn:aws:a4b:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon AI Operations | aiops | arn:aws:aiops:${Region}:${Account}:.+ |
| Amazon API Gateway | execute-api | arn:aws:execute-api:${Region}:${Account}:${ResourcePath} |
| Amazon API Gateway Management | apigateway | arn:aws:apigateway:${Region}::${ApiGatewayResourcePath} |
| Amazon API Gateway Management V2 | apigateway | arn:aws:apigateway:${Region}::${ApiGatewayResourcePath} |
| Amazon AppFlow | appflow | arn:aws:appflow:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon AppIntegrations | app-integrations | arn:aws:app-integrations:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Application Recovery Controller - Zonal Shift | arc-zonal-shift | arn:aws:arc-zonal-shift:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon AppStream 2.0 | appstream | arn:aws:appstream:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon ARC Region switch | arc-region-switch | arn:aws:arc-region-switch::${Account}:${ResourceType} |
| Amazon Athena | athena | arn:aws:athena:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Aurora DSQL | dsql | arn:aws:dsql:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Bedrock | bedrock | arn:aws:bedrock:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Bedrock Agentcore | bedrock-agentcore | arn:aws:bedrock-agentcore:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Bedrock Powered by AWS Mantle | bedrock-mantle | arn:aws:bedrock-mantle:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Braket | braket | arn:aws:braket:${Region}:${Account}:.+ |
| Amazon Chime | chime | arn:aws:chime:${Region}:${Account}:${ResourceType}/${ResourceID} |
| Amazon Cloud Directory | clouddirectory | arn:aws:clouddirectory:${Region}:${Account}:${RelativeId} |
| Amazon CloudFront | cloudfront | arn:aws:cloudfront:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon CloudFront KeyValueStore | cloudfront-keyvaluestore | arn:aws:cloudfront:${Region}:${Account}:key-value-store/${ResourceId} |
| Amazon CloudSearch | cloudsearch | arn:aws:cloudsearch:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon CloudWatch | cloudwatch | arn:aws:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon CloudWatch Application Signals | application-signals | arn:aws:application-signals:${Region}:${Account}:slo/{ServiceLevelObjectivesName} |
| Amazon CloudWatch Application Signals MCP Server | application-signals-mcp | arn:aws:application-signals-mcp:${Region}:${Account}:mcp-server/${ResourceId} |
| Amazon CloudWatch Evidently | evidently | arn:aws:evidently:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon CloudWatch Internet Monitor | internetmonitor | arn:aws:internetmonitor:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon CloudWatch Logs | logs | arn:aws:logs:${Region}:${Account}:.+ |
| Amazon CloudWatch Network Synthetic Monitor | networkmonitor | arn:aws:networkmonitor:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon CloudWatch Observability Access Manager | oam | arn:aws:oam:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon CloudWatch Observability Admin Service | observabilityadmin | arn:aws:observabilityadmin:${Region}:${Account}:${ResourceType} |
| Amazon CloudWatch Synthetics | synthetics | arn:aws:synthetics:${Region}:${Account}:${ResourceType}:${ResourceName} |
| Amazon CodeCatalyst | codecatalyst | arn:aws:codecatalyst:${Region}:${Account}:${RelativeId} |
| Amazon CodeGuru | codeguru | arn:${Partition}:codeguru:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon CodeGuru Profiler | codeguru-profiler | arn:aws:codeguru-profiler:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon CodeGuru Reviewer | codeguru-reviewer | arn:aws:codeguru-reviewer:${Region}:${Account}:${ResourceType}:${ResourceName} |
| Amazon CodeGuru Security | codeguru-security | arn:aws:codeguru-security:${Region}:${Account}:* |
| Amazon CodeWhisperer | codewhisperer | arn:aws:codewhisperer:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Cognito Identity | cognito-identity | arn:aws:cognito-identity:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Cognito Sync | cognito-sync | arn:aws:cognito-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}: |
| Amazon Cognito User Pools | cognito-idp | arn:aws:cognito-idp:${Region}:${Account}:${ResourceType}/${ResourcePath}: |
| Amazon Comprehend | comprehend | arn:aws:comprehend:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Comprehend Medical | comprehendmedical | arn:${Partition}:comprehendmedical:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Connect | connect | arn:aws:connect:${Region}:${Account}:instance/${InstanceId} |
| Amazon Connect Cases | cases | arn:aws:cases:${Region}:${Account}:domain/${DomainId} |
| Amazon Connect Customer Profiles | profile | arn:aws:profile:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Connect Health | health-agent | arn:aws:health-agent:${Region}:${Account}:${ResourceType} |
| Amazon Connect Outbound Campaigns | connect-campaigns | arn:aws:connect-campaigns:${Region}:${Account}:campaign/${CampaignId} |
| Amazon Connect Voice ID | voiceid | arn:aws:voiceid:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Data Lifecycle Manager | dlm | arn:aws:dlm:${Region}:${Account}:policy/${ResourceName} |
| Amazon DataZone | datazone | arn:aws:datazone:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Detective | detective | arn:aws:detective:${Region}:${Account}:graph:${GraphId} |
| Amazon DevOps Guru | devops-guru | arn:aws:devops-guru:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon DocumentDB Elastic Clusters | docdb-elastic | arn:aws:docdb-elastic:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon DynamoDB | dynamodb | arn:aws:dynamodb:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon DynamoDB Accelerator (DAX) | dax | arn:aws:dax:${Region}:${Account}:cache/${ClusterName} |
| Amazon EC2 | ec2 | arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon EC2 Auto Scaling | autoscaling | arn:aws:autoscaling:${Region}:${Account}:${RelativeId} |
| Amazon EC2 Image Builder | imagebuilder | arn:aws:imagebuilder:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon EC2 Instance Connect | ec2-instance-connect | arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon EKS Auth | eks-auth | arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId} |
| Amazon EKS MCP Server | eks-mcp | arn:${Partition}:eks-mcp:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Elastic Block Store | ebs | arn:aws:ebs:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Elastic Container Registry | ecr | arn:aws:ecr:${Region}:${Account}:repository/${RepositoryName} |
| Amazon Elastic Container Registry Public | ecr-public | arn:aws:ecr-public::${Account}:${RepositoryOrRegistry}/${RepositoryNameOrAccountId} |
| Amazon Elastic Container Service | ecs | arn:aws:ecs:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Elastic File System | elasticfilesystem | arn:aws:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Elastic Kubernetes Service | eks | arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId} |
| Amazon Elastic MapReduce | elasticmapreduce | arn:aws:elasticmapreduce:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Elastic Transcoder | elastictranscoder | arn:aws:elastictranscoder:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Elastic VMware Service | evs | arn:aws:evs:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon ElastiCache | elasticache | arn:aws:elasticache:${Region}:${Account}:${ResourceType}:${ResourceName} |
| Amazon EMR on EKS (EMR Containers) | emr-containers | arn:aws:emr-containers:${Region}:${Account}:/${ResourceType}/${ResourcePath} |
| Amazon EMR Serverless | emr-serverless | arn:aws:emr-serverless:${Region}:${Account}:/${ResourceType}/${ResourcePath} |
| Amazon EventBridge | events | arn:aws:events:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon EventBridge Pipes | pipes | arn:aws:pipes:${Region}:${Account}:pipe/${PipeName} |
| Amazon EventBridge Scheduler | scheduler | arn:aws:scheduler:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon EventBridge Schemas | schemas | arn:aws:schemas:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon FinSpace | finspace | arn:aws:finspace:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon FinSpace API | finspace-api | arn:aws:finspace-api:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Forecast | forecast | arn:aws:forecast:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Fraud Detector | frauddetector | arn:aws:frauddetector:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon FreeRTOS | freertos | arn:aws:freertos:${Region}:${Account}:${Type}/${Name} |
| Amazon FSx | fsx | arn:aws:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon GameLift Servers | gamelift | arn:aws:gamelift:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon GameLift Streams | gameliftstreams | arn:aws:gameliftstreams:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon GroundTruth Labeling | groundtruthlabeling | arn:${Partition}:groundtruthlabeling:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon GuardDuty | guardduty | arn:aws:guardduty:${Region}:${Account}:.+ |
| Amazon Honeycode | honeycode | arn:aws:honeycode:${Region}:${Account}:${ResourceType}:${ResourcePath} |
| Amazon Inspector2 | inspector2 | arn:aws:inspector2:${Region}:${Account}:.+ |
| Amazon Interactive Video Service | ivs | arn:aws:ivs:${Region}:${Account}:${ArnType}/${ResourceId} |
| Amazon Interactive Video Service Chat | ivschat | arn:aws:ivschat:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Kendra | kendra | arn:aws:kendra:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Kendra Intelligent Ranking | kendra-ranking | arn:aws:kendra-ranking:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Keyspaces (for Apache Cassandra) | cassandra | arn:aws:cassandra:${Region}:${Account}:/${ResourceType}/${ResourcePath}/ |
| Amazon Kinesis Analytics | kinesisanalytics | arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName} |
| Amazon Kinesis Analytics V2 | kinesisanalytics | arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName} |
| Amazon Kinesis Data Streams | kinesis | arn:aws:kinesis:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Kinesis Firehose | firehose | arn:aws:firehose:${Region}:${Account}:deliverystream/${DeliveryStreamName} |
| Amazon Kinesis Video Streams | kinesisvideo | arn:aws:kinesisvideo:${Region}:${Account}:${ResourceType}/${ResourceName}/${CreationTime} |
| Amazon Lex | lex | arn:aws:lex:${Region}:${Account}:${Type}:${Name} |
| Amazon Lex V2 | lex | arn:aws:lex:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Lightsail | lightsail | arn:aws:lightsail:${Region}:${Account}:${ResourceType}/${Id} |
| Amazon Location | geo | arn:aws:geo:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Location Service Maps | geo-maps | arn:aws:geo-maps:${Region}::provider/default |
| Amazon Location Service Places | geo-places | arn:aws:geo-places:${Region}::provider/default |
| Amazon Location Service Routes | geo-routes | arn:aws:geo-routes:${Region}::provider/default |
| Amazon Lookout for Equipment | lookoutequipment | arn:aws:lookoutequipment:${Region}:${Account}:${ResourceType}/${ResourceName}/${ResourceId} |
| Amazon Lookout for Metrics | lookoutmetrics | arn:aws:lookoutmetrics:${Region}:${AccountId}:${ResourceType}:${ResourceName} |
| Amazon Lookout for Vision | lookoutvision | arn:aws:lookoutvision:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Machine Learning | machinelearning | arn:aws:machinelearning:${Region}:${Account}:${ResourceType}/${RelativeID} |
| Amazon Macie | macie2 | arn:aws:macie2:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Managed Blockchain | managedblockchain | arn:aws:managedblockchain:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Managed Blockchain Query | managedblockchain-query | arn:${Partition}:managedblockchain-query:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Managed Grafana | grafana | arn:aws:grafana:${Region}:${Account}:/${ResourceType}/${ResourceId} |
| Amazon Managed Service for Prometheus | aps | arn:aws:aps:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Managed Streaming for Apache Kafka | kafka | arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceName}/${Uuid} |
| Amazon Managed Streaming for Kafka Connect | kafkaconnect | arn:aws:kafkaconnect:${Region}:${Account}:${ResourceType}/${ResourceName}/${UUID} |
| Amazon Managed Workflows for Apache Airflow | airflow | arn:aws:airflow:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon MemoryDB | memorydb | arn:aws:memorydb:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Monitron | monitron | arn:aws:monitron:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon MQ | mq | arn:aws:mq:${Region}:${Account}:.+ |
| Amazon Neptune | neptune-db | arn:aws:neptune-db:${Region}:${Account}:${Id}/* |
| Amazon Neptune Analytics | neptune-graph | arn:aws:neptune-graph:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Nimble Studio | nimble | arn:aws:nimble:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Nova Act | nova-act | arn:aws:nova-act:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon One Enterprise | one | arn:aws:one:${Region}:${Account}:${ResourceType}:${ResourceId} |
| Amazon OpenSearch | opensearch | arn:aws:opensearch:${Region}:${Account}:${Resource} |
| Amazon OpenSearch Ingestion | osis | arn:aws:osis:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon OpenSearch Serverless | aoss | arn:aws:aoss:${Region}:${Account}:${Resource} |
| Amazon OpenSearch Service | es | arn:aws:es:${Region}:${Account}:${Resource} |
| Amazon Personalize | personalize | arn:aws:personalize:${Region}:${Account}:${Resourcename}/${ResourceId} |
| Amazon Pinpoint | mobiletargeting | arn:aws:mobiletargeting:${Region}:${Account}:.+ |
| Amazon Pinpoint Email Service | ses | arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Pinpoint SMS and Voice Service | sms-voice | arn:aws:sms-voice:<region>:<account-id>:<resource-type>/<resource_name> |
| Amazon Polly | polly | arn:aws:polly:${Region}:${Account}:lexicon/${RelativeId} |
| Amazon Q | q | arn:aws:qdeveloper:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Q Business | qbusiness | arn:aws:qbusiness:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Q Business Q Apps | qapps | arn:aws:qapps:${Region}:${Account}:${ResourceType}:${ResourcePath} |
| Amazon Q Developer | qdeveloper | arn:aws:qdeveloper:${Region}:${Account}:${ResourceType} |
| Amazon Q in Connect | wisdom | arn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId} |
| Amazon QLDB | qldb | arn:aws:qldb:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon QuickSight | quicksight | arn:aws:quicksight:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon RDS | rds | arn:aws:rds:${Region}:${Account}:${RelativeId} |
| Amazon RDS Data API | rds-data | arn:aws:rds:${Region}:${Account}:${RelativeId} |
| Amazon RDS IAM Authentication | rds-db | arn:aws:rds-db:<region>:<account-id>:dbuser:<dbi-resource-id>/<db-user-name> |
| Amazon Redshift | redshift | arn:aws:redshift:${Region}:${Account}:${RelativeId} |
| Amazon Redshift Data API | redshift-data | arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Redshift Serverless | redshift-serverless | arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Rekognition | rekognition | arn:aws:rekognition:${Region}:${Account}:${RelativeId} |
| Amazon RHEL Knowledgebase Portal | rhelkb | arn:${Partition}:rhelkb:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Route 53 | route53 | arn:aws:route53:::${Resource}/{$Id} |
| Amazon Route 53 Profiles | route53profiles | arn:aws:route53profiles:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Route 53 Recovery Cluster | route53-recovery-cluster | arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName} |
| Amazon Route 53 Recovery Controls | route53-recovery-control-config | arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName} |
| Amazon Route 53 Recovery Readiness | route53-recovery-readiness | arn:aws:route53-recovery-readiness::${Account}:${ResourceType}/${ResourceName} |
| Amazon Route 53 Resolver | route53resolver | arn:aws:route53resolver:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon S3 | s3 | arn:aws:s3:::${BucketName}/${KeyName} |
| Amazon S3 Express | s3express | arn:aws:s3express:${Region}:${Account}:bucket/${BucketName} |
| Amazon S3 Files | s3files | arn:aws:s3files:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon S3 Glacier | glacier | arn:aws:glacier:${Region}:${Account}:vault/${VaultName} |
| Amazon S3 Object Lambda | s3-object-lambda | arn:aws:s3-object-lambda:::accesspoint/${AccessPointName} |
| Amazon S3 on Outposts | s3-outposts | arn:aws:s3-outposts:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon S3 Tables | s3tables | arn:aws:s3tables:${Region}:${Account}:${ResourceType} |
| Amazon S3 Vectors | s3vectors | arn:aws:s3vectors:${Region}:${Account}:${ResourceType} |
| Amazon SageMaker | sagemaker | arn:aws:sagemaker:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon SageMaker geospatial capabilities | sagemaker-geospatial | arn:aws:sagemaker-geospatial:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon SageMaker Unified Studio MCP | sagemaker-unified-studio-mcp | arn:${Partition}:sagemaker-unified-studio-mcp:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon SageMaker with MLflow | sagemaker-mlflow | arn:aws:sagemaker:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Security Lake | securitylake | arn:aws:securitylake:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon SES | ses | arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Simple Email Service - Mail Manager | ses | arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Simple Email Service v2 | ses | arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon Simple Workflow Service | swf | arn:aws:swf:${Region}:${Account}:/domain/${DomainName} |
| Amazon SimpleDB | sdb | arn:aws:sdb:${Region}:${Account}:domain/${DomainName} |
| Amazon SNS | sns | arn:aws:sns:${Region}:${Account}:${TopicName} |
| Amazon SQS | sqs | arn:aws:sqs:${Region}:${Account}:${QueueName} |
| Amazon Textract | textract | arn:aws:textract:${Region}:${Account}:${RelativeId} |
| Amazon Timestream | timestream | arn:aws:timestream:${Region}:${Account}:database/${DatabaseName}/table/${TableName} |
| Amazon Timestream InfluxDB | timestream-influxdb | arn:aws:timestream-influxdb:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| Amazon Transcribe | transcribe | arn:aws:transcribe:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Translate | translate | arn:aws:translate:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon Verified Permissions | verifiedpermissions | arn:aws:verifiedpermissions:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon VPC Lattice | vpc-lattice | arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId} |
| Amazon VPC Lattice Services | vpc-lattice-svcs | arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId} |
| Amazon WorkDocs | workdocs | arn:aws:workdocs:${Region}:${Account}:${ResourceType}/${ResourceName} |
| Amazon WorkLink | worklink | arn:aws:worklink::${Account}:${ResourceType}/${ResourcePath} |
| Amazon WorkMail | workmail | arn:aws:workmail:${Region}:${Account}:${ResourceType}/${ResourceId} |
| Amazon WorkMail Message Flow | workmailmessageflow | arn:aws:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId} |
| Amazon WorkSpaces | workspaces | arn:aws:workspaces:${Region}:${Account}:* |
| Amazon WorkSpaces AgentAccess MCP Server | agentaccess-mcp | arn:${Partition}:agentaccess-mcp:${Region}:${Account}:* |
| Amazon WorkSpaces Secure Browser | workspaces-web | arn:aws:workspaces-web:${Region}:${Account}:${ResourceType}/${ResourceIdentifier} |
| Amazon WorkSpaces Thin Client | thinclient | arn:aws:thinclient:${Region}:${Account}:${ResourceType}/${ResourceIdentifier} |
| AmazonMediaImport | mediaimport | arn:aws:mediaimport:${Region}:${Account}/* |
| Apache Kafka APIs for Amazon MSK clusters | kafka-cluster | arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceDescriptor} |
| AWS Account Management | account | arn:aws:account::${Account}:account |
| AWS Amplify | amplify | arn:aws:amplify:${Region}:${Account}:${ResourceType}/${ResourceName} |
| AWS Amplify Admin | amplifybackend | arn:aws:amplifybackend:${Region}:${Account}:/${ResourceType}/${ResourceName} |
| AWS Amplify UI Builder | amplifyuibuilder | arn:aws:amplifyuibuilder:${Region}:${Account}:${ResourceType}/${ResourcePath} |
| AWS App Mesh | appmesh | arn:aws:appmesh:${Region}:${Account}:${ResourceType}/${ResourceName} |
| AWS App Mesh Preview | appmesh-preview | arn:aws:appmesh-preview:${Region}:${Account}:${ResourceType}/${ResourceName} |
What is an Amazon Resource Name?
Amazon Resource Names, usually shortened to ARNs, uniquely identify AWS resources. You use them in IAM policies, resource-based policies, CloudFormation templates, EventBridge rules, and any place where AWS needs an exact resource reference.
The general ARN formats are:
arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-idARN components
| Component | What it means |
|---|---|
partition | The AWS partition, such as aws, aws-cn, or aws-us-gov. |
service | The AWS service prefix. Use the service prefix column in the table above. |
region | The AWS Region for regional resources, such as eu-central-1. |
account-id | The 12-digit AWS account ID that owns the resource. If you need to find it, read how to find your AWS account ID. |
resource-id | The unique resource identifier. |
resource-type | The resource type within a service. For example, Amazon EC2 has resource types such as vpc, instance, and security-group. |
How to use the ARN table
- Search for the AWS service name, such as
Amazon S3,Amazon DynamoDB, orAWS Lambda. - Copy the service prefix when you need the value for an IAM policy or ARN string, such as
s3orlambda. - Use the ARN format as the template for your policy
Resourcevalue. - Replace placeholders like
${Region},${Account}, and${ResourceId}with your actual values.
Common ARN examples
| Resource | Example ARN |
|---|---|
| S3 bucket object | arn:aws:s3:::my-bucket/path/file.txt |
| Lambda function | arn:aws:lambda:eu-central-1:111122223333:function:my-function |
| DynamoDB table | arn:aws:dynamodb:eu-central-1:111122223333:table/my-table |
| SNS topic | arn:aws:sns:eu-central-1:111122223333:my-topic |
When ARN formats differ
ARN formats are not perfectly consistent across AWS. Some services use slash-separated resources, some use colon-separated resources, and global services may leave the Region or account segment empty.
That is why this table is useful when writing least-privilege IAM policies. The service prefix and ARN shape need to match what the target service expects, otherwise your policy may not match the resource you intended.
Related tools
AWS IAM Service Principals Reference
Search the complete AWS service principal reference for IAM trust policies, resource policies, and service-linked role setup.
AWS IAM Policy Generator
Generate AWS IAM policies from searchable action metadata and export ready-to-use JSON, Terraform, or CloudFormation snippets.
CloudFormation Resource Attributes Reference
Search AWS CloudFormation resource types and the attributes available through Fn::GetAtt for each resource.
Next step
Want AWS engineering that feels this practical?
I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.