What is Arn in S3 bucket?

Question

The following common Amazon Resource Name (ARN) format identifies resources in AWS:

Nội dung chính Show

Amazon S3 ARN examples
Step-by-Step Instruction on how to get the ARN of an S3 Bucket via AWS Console
Post navigation
What is the ARN for?
What does Arn and stands for in AWS?
What is the Arn of my AWS account?
What is Arn in CloudWatch?

arn:partition:service:region:namespace:relative-id

For information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

For information about resources, see IAM JSON Policy Elements: Resource in the IAM User Guide.

An Amazon S3 ARN excludes the AWS Region and namespace, but includes the following:

Partition ‐ aws is a common partition name. If your resources are in the China (Beijing) Region, aws-cn is the partition name.
Service ‐ s3.
Relative ID ‐ bucket-name or a bucket-name/object-key. You can use wild cards.

The ARN format for Amazon S3 resources reduces to the following:

arn:aws:s3:::bucket_name/key_name

For a complete list of Amazon S3 resources, see Actions, resources, and condition keys for Amazon S3.

To find the ARN for an S3 bucket, you can look at the Amazon S3 console Bucket Policy or CORS configuration permissions pages. For more information, see the following topics:

Adding a bucket policy by using the Amazon S3 console
CORS configuration

Amazon S3 ARN examples

The following are examples of Amazon S3 resource ARNs.

Bucket Name and Object Key Specified

The following ARN identifies the /developers/design_info.doc object in the examplebucket bucket.

arn:aws:s3:::examplebucket/developers/design_info.doc

Wildcards

You can use wildcards as part of the resource ARN. You can use wildcard characters (* and ?) within any ARN segment (the parts separated by colons). An asterisk (*) represents any combination of zero or more characters, and a question mark (?) represents any single character. You can use multiple * or ? characters in each segment, but a wildcard cannot span segments.

The following ARN uses the wildcard * in the relative-ID part of the ARN to identify all objects in the examplebucket bucket.
```
arn:aws:s3:::examplebucket/*
```
The following ARN uses * to indicate all Amazon S3 resources (all S3 buckets and objects).
```
arn:aws:s3:::*
```
The following ARN uses both wildcards, * and ?, in the relative-ID part. It identifies all objects in buckets such as example1bucket, example2bucket, example3bucket, and so on.
```
arn:aws:s3:::example?bucket/*
```

Policy Variables

You can use policy variables in Amazon S3 ARNs. At policy evaluation time, these predefined variables are replaced by their corresponding values. Suppose that you organize your bucket as a collection of folders, one folder for each of your users. The folder name is the same as the user name. To grant users permission to their folders, you can specify a policy variable in the resource ARN:

arn:aws:s3:::bucket_name/developers/${aws:username}/

At runtime, when the policy is evaluated, the variable ${aws:username} in the resource ARN is substituted with the user name making the request.

Skip to content

Each resource in AWS has an Amazon Resource Name (ARN). An ARN is a unique identifier of your resource. Its value has no duplicate in other accounts and only exists in your account.

It’s used especially in IAM policies where you set which resources you will allow access to.

You can actually predict the ARN of an S3 Bucket since it has a standard format of arn:aws:s3:::S3_BUCKET_NAME.

But if you are like me who is afraid of making a mistake typing the S3 bucket ARN, I prefer going to the AWS Console, searching for the S3 Bucket ARN, and copy-pasting it.

Follow the instructions below to get the S3 Bucket ARN.

Step-by-Step Instruction on how to get the ARN of an S3 Bucket via AWS Console

#1

In the S3 AWS Console, click on the name of your S3 Bucket.

#2

Click on Properties.

#3

Under the Bucket overview, you will see the ARN of the S3 Bucket.

I hope the above instructions helped you retrieve your S3 Bucket’s ARN.

Let me know your experience in the comments below.

What is the ARN for?

An Acquirer Reference Number, or ARN, is a unique number created in credit or debit Visa® and Mastercard® transactions. The ARN is assigned to a transaction as it moves through a payment flow. ARNs are valuable to fraud and dispute shops, issuers, and merchants.

What does Arn and stands for in AWS?

AWS ARN (Amazon Resource Name) is a unique identifier for AWS Cloud resources such as a server instance, a database instance, a queue buffer, and.. Read More. ARN can be used in cases when developers have to refer to a resource in documentation or when assistance is required from the AWS support team.

What is the Arn of my AWS account?

Your AWS account ARN (Amazon Resource Name) is a unique identifier for your AWS account. It is used in various API operations and for identifying your account in AWS Billing and Cost Management reports.

What is Arn in CloudWatch?

Resource – You use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. For more information, see CloudWatch Logs resources and operations. Action – You use action keywords to identify resource operations that you want to allow or deny.

S3 ARN example AWS ARN S3 ARN Bucket policy S3 Permission s3 bucket