AWSArn - snelluri/ServerLessFramework GitHub Wiki

ARN Stands for Amazon Resource Name: ARN is really just a globally unique identifier for an individual AWS resource. It takes one of the following formats.

• arn:partition:service:region:account-id:resource
• arn:partition:service:region:account-id:resourcetype/resource
• arn:partition:service:region:account-id:resourcetype:resource

Let’s look at some examples of ARN. Note the different formats used.

-- Elastic Beanstalk application version --

• arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment

-- IAM user name --

• arn:aws:iam::123456789012:user/David

-- Amazon RDS instance used for tagging --

• arn:aws:rds:eu-west-1:123456789012:db:mysql-db

-- Object in an Amazon S3 bucket --

• arn:aws:s3:::my_corporate_bucket/exampleobject.png

Finally, let’s look at the common use cases for ARN.

Communication

ARN is used to reference a specific resource when you orchestrate a system involving multiple AWS resources. For example, you have an API Gateway listening for RESTful APIs and invoking the corresponding Lambda function based on the API path and request method. The routing looks like the following.

GET /hello_world => arn:aws:lambda:us-east-1:123456789012:function:lambda-hello-world IAM Policy

We had looked at this in detail in the last chapter but here is an example of a policy definition.

{

"Version": "2012-10-17",

"Statement": {

"Effect": "Allow",

"Action": ["s3:GetObject"],

"Resource": "arn:aws:s3:::Hello-bucket/*"

}

ARN is used to define which resource (S3 bucket in this case) the access is granted for. The wildcard * character is used here to match all resources inside the Hello-bucket.

Next let’s configure our AWS CLI. We’ll be using the info from the IAM user account we created previously.