What is Arn in AWS?

Answered by James Kissner

ARN stands for Amazon Resource Name and it is a unique identifier used to specify AWS resources. In simple terms, an ARN is like a digital address for a resource in the AWS ecosystem. It is used to unambiguously identify resources across all of AWS services and is commonly used in IAM policies, tags, and API calls.

Let me explain further. When you create a resource in AWS, such as an EC2 instance, a Lambda function, or an S3 bucket, it gets assigned a unique ARN. This ARN consists of several parts that provide specific information about the resource.

The general format of an ARN is as follows:

Arn:partition:service:region:account-id:resource-id

Let’s break down each part:

1. Partition: This indicates the AWS partition the resource belongs to. The most common partition is “aws”, but there are others like “aws-cn” for China and “aws-us-gov” for the AWS GovCloud.

2. Service: This specifies the AWS service the resource belongs to, such as EC2, S3, Lambda, or RDS. Each service has its own set of ARN formats and resource types.

3. Region: This represents the AWS region where the resource is located. For example, “us-east-1” for the US East (N. Virginia) region or “eu-west-1” for the EU (Ireland) region. Some services, like IAM, are global and don’t require a region.

4. Account ID: This is the unique identifier for your AWS account. It helps distinguish resources between different accounts.

5. Resource ID: This identifies the specific resource within the service. It can be a unique identifier generated by AWS or a user-defined name. The format of the resource ID varies depending on the service.

Let me give you an example. Suppose you have an S3 bucket named “my-bucket” in the US East (N. Virginia) region, and your AWS account ID is 123456789012. The ARN for this S3 bucket would look like this:

Arn:aws:s3:us-east-1:123456789012:my-bucket

ARNs are used in various scenarios within AWS. For example, when creating an IAM policy to grant permissions to a specific resource, you would specify the ARN of that resource in the policy statement. Similarly, when tagging resources in Amazon RDS, you would use the ARN to uniquely identify the resource being tagged.

An ARN is a unique identifier that helps you specify AWS resources accurately and unambiguously. It contains information about the AWS partition, service, region, account ID, and resource ID. ARNs are used in various contexts within AWS, such as IAM policies, tags, and API calls, to identify and manage resources effectively.