AWS ARN Builder

About This Tool

Constructing ARNs by hand is error-prone because each AWS service uses slightly different resource-type separators, optional qualifiers, and region/account requirements. The AWS ARN Builder provides guided dropdowns for partition, service, and resource type so you produce syntactically correct ARNs on the first attempt. It is especially useful when writing IAM policies, resource-based policies, or infrastructure-as-code templates where a single misplaced colon can cause silent permission failures.

When to Use This Tool

• •Building resource ARNs for IAM policy Condition blocks or Resource arrays without consulting service-specific documentation
• •Generating ARNs for cross-account resource references in CloudFormation StackSets or Terraform modules
• •Creating properly formatted ARNs for AWS Config rules, EventBridge targets, or SNS topic policies
• •Constructing GovCloud or China partition ARNs (aws-us-gov, aws-cn) that are easy to get wrong from memory

Frequently Asked Questions

How do I know which resource type separator to use — slash or colon?

The separator depends on the service. IAM uses slashes (arn:aws:iam::123456789012:user/admin), while some services like SNS use colons (arn:aws:sns:us-east-1:123456789012:my-topic). The builder automatically applies the correct separator for each service and resource type, so you do not need to memorize these differences.

Do I need to include region and account for every ARN?

No. Global services like IAM and S3 omit certain fields. IAM ARNs always have an empty region field, and S3 ARNs omit both region and account. The builder knows which fields are required, optional, or must be empty for each service, preventing you from including data that would make the ARN invalid.

Related Learning Guides

• AWS IAM Best Practices25 min read