Identifiersflags: g

AWS ARN (Amazon Resource Name)

Match AWS ARNs (Amazon Resource Names) across commercial, China, and GovCloud partitions.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

arn:(?:aws|aws-cn|aws-us-gov):[a-z0-9\-]+:[a-z0-9\-]*:\d{12}?:[\w\-\/.*:]+   (flags: g)

Raw source: arn:(?:aws|aws-cn|aws-us-gov):[a-z0-9\-]+:[a-z0-9\-]*:\d{12}?:[\w\-\/.*:]+

How it works

arn:(?:aws|aws-cn|aws-us-gov): matches the ARN prefix and partition. [a-z0-9\-]+ matches the service (s3, lambda, iam, etc.). [a-z0-9\-]* matches the optional region (some services like IAM omit it). \d{12}? matches the 12-digit account ID (or omitted for some services). [\w\-\/.*:]+ matches the resource portion which varies wildly per service.

Examples

Input

Bucket arn:aws:s3:::my-app-bucket/path

Matches

arn:aws:s3:::my-app-bucket/path

Input

Lambda arn:aws:lambda:us-east-1:123456789012:function:hello

Matches

arn:aws:lambda:us-east-1:123456789012:function:hello

Input

no arns here

No match

—

Common use cases

•IAM policy linting and parsing
•CloudFormation / Terraform validation
•Secret scanning for accidentally hardcoded ARNs
•Cost allocation tooling that joins ARNs to billing data

←PreviousGit Remote URL (HTTPS or SSH)

All patterns

NextPassword (No Special Chars)→