The following are the general formats for ARNs; the specific components and values used depend on the AWS service.
arn:aws:service:region:account:resource arn:aws:service:region:account:resourcetype/resource arn:aws:service:region:account:resourcetype:resource
service-
The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of namespaces, see AWS Service Namespaces.
region-
The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted.
account-
The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the ARNs for some resources don't require an account number, so this component might be omitted.
resource,resourcetype:resource, orresourcetype/resource-
The content of this part of the ARN varies by service. It often includes an indicator of the type of resource—for example, an IAM user or Amazon RDS database —followed by a slash (
/) or a colon (:), followed by the resource name itself. Some services allows paths for resource names, as described in Paths in ARNs. -
You can ignore some parts in that format, for example, ignore region, then the ARN looks as follows (':' will be left)
-
arn:aws:service::account:resource arn:aws:service::account:resourcetype/resource arn:aws:service::account:resourcetype:resource
