2

The AWS Documentation on Amazon Resource Names says

Some services let you specify a path for the resource name. For example, in Amazon S3, the resource identifier is an object name that can include slashes (/) to form a path. Similarly, IAM user names and group names can include paths.

This can be seen with the iam:CreateGroup call as an example.

What services other than S3 and IAM allow you to specify a path for a created resource?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
gene_wood
  • 533
  • 6
  • 15

1 Answers1

1

Actually, I don't think there is a compiled list of services that allow paths in ARNs for a service's resources. And I'm not really sure why you would need this, however, by going through example ARNs for all services you could probably figure it out all by yourself! :)

Bazze
  • 1,531
  • 10
  • 11
  • 1
    The reason for wanting to know is to assess how viable it is to use ARN path restrictions in the resource stanzas of IAM Role policies to constrain access to certain resources (ec2 instances, elbs, rds instances, etc) based on paths for certain groups of users. If paths are generally universal and missing for just a few AWS resource types then it would work, if S3 and IAM are the few resource types that one can assign paths for then I'd need to take a different approach. – gene_wood Jan 26 '15 at 06:09