BaseARN does not generate valid ARNs for GovCloud and CN partitions of AWS

Question

BaseARN does not generate valid ARNs for GovCloud and CN partitions of AWS

earlrob opened this issue 7 years ago · 1 comments

Gov Cloud and China regions use an alternate partition name for ARNs. The following docs and code from aws which show how to properly build a region-agnostic arn: aws arn docs
TL;DR
example arn

arn:partition:service:region:account-id:resourcetype:resource

partition : The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn.

awscli
TL;DR

def _get_policy_arn_suffix(region):
  region_string = region.lower()
  if region_string.startswith("cn-"):
   return "aws-cn"
  elif region_string.startswith("us-gov"):
    return "aws-us-gov"
  else:
    return "aws"

Answer 1 · 2017-09-14T15:14:43.000Z

Fixed via merge of #85. Thanks!