AWS ARN Parser

How to use

1. 1Open the Parse tab and paste a full ARN, or click a sample chip to load a typical one for S3, IAM, Lambda, DynamoDB, EC2, SQS, CloudFront, KMS, Secrets Manager, or Step Functions.
2. 2Read the ARN segments panel for partition, service, region, and account id, each annotated with a human-readable note when the value is a known AWS partition, service, or region code.
3. 3Read the Resource breakdown panel to see whether the resource uses a bare id, a type and id separated by a slash, or a type and id separated by a colon, with any qualifier or path part shown separately.
4. 4Optional: click Load fields into builder to switch to the Build tab with every value pre-filled, then edit any field. The builder assembles a new ARN as you type and gives you a Copy button.
5. 5Optional in builder mode: click Test this ARN in the parser to send the freshly built ARN back through the parser and confirm every field is correct before you paste it into an IAM policy or CloudFormation template.

About this tool

AWS ARN Parser is a browser-only tool for decoding and building Amazon Resource Names. Paste any ARN and the tool splits it into the six positional fields that AWS defines (partition, service, region, account id, and resource, where the resource itself can be a bare id, a type and id separated by a slash, or a type and id separated by a colon) and explains what each segment means. Built-in metadata covers the public AWS partition along with aws-cn, aws-us-gov, and the ISO partitions, around three dozen of the most common AWS services with their typical resource layouts and whether they include a region and account, and the AWS-published list of region codes (us-east-1, eu-west-2, ap-south-1, and so on). Quick samples load real-world ARNs for S3 buckets and objects, IAM roles and users, Lambda functions, DynamoDB tables, EC2 instances, SQS queues, CloudFront distributions, Secrets Manager secrets, KMS keys, and Step Functions state machines so you can immediately see how a particular service formats its identifier. The builder mode flips the workflow around: pick a service from a known list (or type any service id), fill in each field, choose whether the resource type and id use a slash or a colon delimiter, and the tool assembles a syntactically correct ARN for you with a single Copy button. Switching between the two modes preserves the values, so you can paste an existing ARN, load its fields into the builder, edit one segment (for example, change a region or swap an alias name), and copy the new ARN. Useful for writing IAM policies, debugging CloudFormation outputs, pasting resource references into the SDK or CLI, comparing ARNs from logs, normalizing values for inventory exports, and learning how the format differs across services. Parsing and building run entirely with plain string handling in your browser. No ARN you paste, no account number, and no resource name is uploaded.

Free to use. Works in your browser. No signup, no login.