87

Is it possible to get the ARN of an S3 bucket via the AWS command line?

I have looked through the documentation for aws s3api ... and aws s3 ... and have not found a way to do this.

ljcundiff
  • 1,159
  • 1
  • 9
  • 14

3 Answers3

172

It's always arn:PARTITION:s3:::NAME-OF-YOUR-BUCKET. If you know the name of the bucket and in which partition it's located, you know the ARN. No need to 'get' it from anywhere.

The PARTITION will be aws, aws-us-gov, or aws-cndepending on whether you're in general AWS, GovCloud, or China resepectively.

Dan
  • 3,246
  • 1
  • 32
  • 52
Sergey Kovalev
  • 9,110
  • 2
  • 28
  • 32
  • 6
    Probably why your AWS S3 bucket names have to be globally unique; but it's a horrid wart to couple these together that way. The interpolation of an account ID into that ARN would be much better. :( – Jim Dennis Dec 20 '16 at 23:59
  • 5
    Was hoping for a way to do this without making any assumptions about the ARN format. Buckets in cn-north-1 region are arn:aws-cn:s3:::BUCKET_NAME and I was hoping to avoid having to "know" how Amazon assigned ARNs in case Amazon were to change the rules. – ljcundiff Dec 21 '16 at 00:33
  • 6
    @ljcundiff an ARN is a non-opaque, constructible identifier, apparently by design. They aren't at all likely to change the [documented rules for the S3 ARN format](http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html). The `cn-north-1` region is special case, as is GovCloud, because those are completely cordoned off from the global `aws` partition, not accessible with the same sets of keys. If you're working in multiple partitions, you have to know which partition you're dealing with. – Michael - sqlbot Dec 21 '16 at 00:55
  • 1
    usually have to add `BUCKET_NAME/*` the "/*" at the end AFAIK – boldnik Dec 04 '19 at 11:29
  • 2
    Some S3 apis do not support this ARN, eg: `aws s3api get-bucket-acl --bucket arn:aws:s3:::mybucket` will return bucket name error complaining it does not match one of the regular expressions: `<...> or be an ARN matching the regex "^arn:(aws).*:s3:[a-z\-0-9]+:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-]{1,63}$|^arn:(aws).*:s3-outposts:[a-z\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\-]{1,63}$"` – Ivar Jan 05 '21 at 13:01
18

You can also select your S3 bucket ARN by selecting it using the tick mark at the s3 management console, which will pop up a Side bar. where there is a provision to copy your S3 bucket ARN.S3 management console with bucket ARN

Jovel
  • 318
  • 3
  • 12
5

aws articles spell out the arn format but never say go here to see it. Highlighting my s3 bucket and seeing that Copy Bucket ARN kept me sane for a few more hours.

deawar
  • 51
  • 1
  • 4
  • 2
    Your answer is more helpful than the aws docs on this topic, which talk endlessly *about* a bucket ARN, but don't actually tell you where to go if you simply want to copy it – stevec Sep 30 '20 at 15:03