rams3sh · November 5, 2024 17:38 · iakov-aws · Jan 8, 2024
diff --git a/aws_regex_cheat_sheet b/aws_regex_cheat_sheet
 ARN Base Pattern :-

 arn:<aws_parition>:<aws_service>:[<aws_region>]:<account_id>:<root | resource_type>:/<resource_name>[/<sub_resource_names>...]

 i. <aws_partition>
 Regex - (aws|aws-us-gov|aws-cn)

 ii. <aws_service> - No fixed pattern
 iii. <aws_region> - No fixed pattern
 Most of the regions occur in combination of 2 letter followed by "-" followed by a combination of direction based word , followed by a "-" and then a digit.
 Ref : AWS' regions are listed here https://aws.amazon.com/about-aws/global-infrastructure/regions_az
 General Regex - (af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+
 Note: Availability Zone - Since AZ has a letter added to a  region, it can be of following regex:-
 (af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+[a-z]{1}

 iv. <account_id> - Its a 12 digit number
 Regex - \d{12}

 v. <resource_type>, <resource_name> and <sub-resources> ... do not have a standard convention.

 Below , I have tried capturing things that I have encountered as part of my daily operations.

 Service Specific Regex:- 

 IAM 
 Paths have not been considered in below regex. It adds up to more complexity.
 1. User:-
 i. Arn
 Ref : https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
 Regex : ^(?:\d{12}|(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}(?:|:(?:root|user\/[0-9A-Za-z\+\.@_,-]{1,64}))))$
 Note: The above regex will also accomodate 12 digit account number as root can also be represented with the account number.
 Pure User ARN (without considering account number alone) : ^(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}(?:|:(?:root|user\/[0-9A-Za-z\+\.@_,-]{1,64})))$
 Pure User ARN(without considering root or account number):  ^(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:user\/[0-9A-Za-z\+\.@_,-]{1,64})$
 ii. ID
 Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
 Regex: AIDA[A-Z0-9]{1,124}
	ARN Base Pattern :-

	arn:<aws_parition>:<aws_service>:[<aws_region>]:<account_id>:<root \| resource_type>:/<resource_name>[/<sub_resource_names>...]

	i. <aws_partition>
	Regex - (aws\|aws-us-gov\|aws-cn)

	ii. <aws_service> - No fixed pattern
	iii. <aws_region> - No fixed pattern
	Most of the regions occur in combination of 2 letter followed by "-" followed by a combination of direction based word , followed by a "-" and then a digit.
	Ref : AWS' regions are listed here https://aws.amazon.com/about-aws/global-infrastructure/regions_az
	General Regex - (af\|ap\|ca\|eu\|me\|sa\|us)-(central\|north\|(north(?:east\|west))\|south\|south(?:east\|west)\|east\|west)-\d+
	Note: Availability Zone - Since AZ has a letter added to a region, it can be of following regex:-
	(af\|ap\|ca\|eu\|me\|sa\|us)-(central\|north\|(north(?:east\|west))\|south\|south(?:east\|west)\|east\|west)-\d+[a-z]{1}

	iv. <account_id> - Its a 12 digit number
	Regex - \d{12}

	v. <resource_type>, <resource_name> and <sub-resources> ... do not have a standard convention.

	Below , I have tried capturing things that I have encountered as part of my daily operations.

	Service Specific Regex:-

	IAM
	Paths have not been considered in below regex. It adds up to more complexity.
	1. User:-
	i. Arn
	Ref : https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	Regex : ^(?:\d{12}\|(arn:(aws\|aws-us-gov\|aws-cn):iam::\d{12}(?:\|:(?:root\|user\/[0-9A-Za-z\+\.@_,-]{1,64}))))$
	Note: The above regex will also accomodate 12 digit account number as root can also be represented with the account number.
	Pure User ARN (without considering account number alone) : ^(arn:(aws\|aws-us-gov\|aws-cn):iam::\d{12}(?:\|:(?:root\|user\/[0-9A-Za-z\+\.@_,-]{1,64})))$
	Pure User ARN(without considering root or account number): ^(arn:(aws\|aws-us-gov\|aws-cn):iam::\d{12}:user\/[0-9A-Za-z\+\.@_,-]{1,64})$
	ii. ID
	Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
	Regex: AIDA[A-Z0-9]{1,124}