Skip to content

Instantly share code, notes, and snippets.

@vanvuvuong
Forked from rams3sh/aws_regex_cheat_sheet
Last active February 12, 2025 18:34
Show Gist options
  • Save vanvuvuong/e6ad9a477c8bc3d7d2270e68b02102a7 to your computer and use it in GitHub Desktop.
Save vanvuvuong/e6ad9a477c8bc3d7d2270e68b02102a7 to your computer and use it in GitHub Desktop.
AWS ARN resources regex cheat sheet

ARN Base Pattern

arn:<aws_parition>:<aws_service>:[<aws_region>]:<account_id>:<root | resource_type>:/<resource_name>[/<sub_resource_names>...]

i.<aws_partition>

Regex: (aws|aws-us-gov|aws-cn)

ii. <aws_service> - No fixed pattern:

Reference here. Checkout #Actions, resources, and condition keys -> Resource types

iii. <aws_region> - No fixed pattern

Most of the regions occur in combination of 2 letter followed by "-" followed by a combination of direction based word , followed by a "-" and then a digit.

Ref: AWS' regions are listed here

General Regex: (af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+

Note: Availability Zone - Since AZ has a letter added to a region, it can be of following regex: (af|ap|ca|eu|me|sa|us)-(central|north|(north(?:east|west))|south|south(?:east|west)|east|west)-\d+[a-z]{1}

iv. <account_id> - Its a 12 digit number

Regex: \d{12}

v. <resource_type>, <resource_name> and ... do not have a standard convention.

Below , I have tried capturing things that I have encountered as part of my daily operations.

Service Specific Regex:

IAM

Paths have not been considered in below regex. It adds up to more complexity.

i. Arn

Ref : https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html

Regex : ^(?:\d{12}|(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}(?:|:(?:root|user\/[0-9A-Za-z\+\.@_,-]{1,64}))))$

Note: The above regex will also accomodate 12 digit account number as root can also be represented with the account number.

Pure User ARN (without considering account number alone) : ^(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}(?:|:(?:root|user\/[0-9A-Za-z\+\.@_,-]{1,64})))$

Pure User ARN(without considering root or account number): ^(arn:(aws|aws-us-gov|aws-cn):iam::\d{12}:user\/[0-9A-Za-z\+\.@_,-]{1,64})$

ii. ID

Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html

Regex: AIDA[A-Z0-9]{1,124}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment