BaseARN does not generate valid ARNs for GovCloud and CN partitions of AWS
earlrob opened this issue · 1 comments
earlrob commented
Gov Cloud and China regions use an alternate partition name for ARNs. The following docs and code from aws which show how to properly build a region-agnostic arn: aws arn docs
TL;DR
example arn
arn:partition:service:region:account-id:resourcetype:resource
partition : The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn.
awscli
TL;DR
def _get_policy_arn_suffix(region):
region_string = region.lower()
if region_string.startswith("cn-"):
return "aws-cn"
elif region_string.startswith("us-gov"):
return "aws-us-gov"
else:
return "aws"