Get ARN of S3 Bucket with aws cli

Question

Is it possible to get the ARN of an S3 bucket via the AWS command line?

I have looked through the documentation for aws s3api ... and aws s3 ... and have not found a way to do this.

Can't believe this is real. For years now there is no way to get a definite ARN from CLI. — theaws.blog, Aug 02 '19 at 04:23
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html — Shiwangini, Nov 19 '20 at 10:46

score 157 · Accepted Answer · edited May 10 '20 at 16:41

157

It's always arn:PARTITION:s3:::NAME-OF-YOUR-BUCKET. If you know the name of the bucket and in which partition it's located, you know the ARN. No need to 'get' it from anywhere.

The PARTITION will be aws, aws-us-gov, or aws-cndepending on whether you're in general AWS, GovCloud, or China resepectively.

edited May 10 '20 at 16:41

Dan

2,938
1
28
48

answered Dec 20 '16 at 23:55

Sergey Kovalev

7,747
2
21
27

6

Probably why your AWS S3 bucket names have to be globally unique; but it's a horrid wart to couple these together that way. The interpolation of an account ID into that ARN would be much better. :( – Jim Dennis Dec 20 '16 at 23:59
4

Was hoping for a way to do this without making any assumptions about the ARN format. Buckets in cn-north-1 region are arn:aws-cn:s3:::BUCKET_NAME and I was hoping to avoid having to "know" how Amazon assigned ARNs in case Amazon were to change the rules. – ljcundiff Dec 21 '16 at 00:33
6

@ljcundiff an ARN is a non-opaque, constructible identifier, apparently by design. They aren't at all likely to change the [documented rules for the S3 ARN format](http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html). The `cn-north-1` region is special case, as is GovCloud, because those are completely cordoned off from the global `aws` partition, not accessible with the same sets of keys. If you're working in multiple partitions, you have to know which partition you're dealing with. – Michael - sqlbot Dec 21 '16 at 00:55
1

usually have to add `BUCKET_NAME/*` the "/*" at the end AFAIK – boldnik Dec 04 '19 at 11:29
Some S3 apis do not support this ARN, eg: `aws s3api get-bucket-acl --bucket arn:aws:s3:::mybucket` will return bucket name error complaining it does not match one of the regular expressions: `<...> or be an ARN matching the regex "^arn:(aws).*:s3:[a-z\-0-9]+:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-]{1,63}$|^arn:(aws).*:s3-outposts:[a-z\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\-]{1,63}$"` – Aivaras Jan 05 '21 at 13:01

score 16 · Answer 2 · answered Feb 18 '19 at 11:27

16

You can also select your S3 bucket ARN by selecting it using the tick mark at the s3 management console, which will pop up a Side bar. where there is a provision to copy your S3 bucket ARN.S3 management console with bucket ARN

answered Feb 18 '19 at 11:27

jovel

199
1
10

score 3 · Answer 3 · answered Jul 31 '20 at 22:00

3

aws articles spell out the arn format but never say go here to see it. Highlighting my s3 bucket and seeing that Copy Bucket ARN kept me sane for a few more hours.

answered Jul 31 '20 at 22:00

deawar

31
4

1

Your answer is more helpful than the aws docs on this topic, which talk endlessly *about* a bucket ARN, but don't actually tell you where to go if you simply want to copy it – stevec Sep 30 '20 at 15:03

Get ARN of S3 Bucket with aws cli

3 Answers3

Linked