Which is a valid Amazon Resource name (ARN) for IAM?

Which is a valid Amazon Resource name (ARN) for IAM?
A . aws:iam::123456789012:instance-profile/Webserver
B . arn:aws:iam::123456789012:instance-profile/Webserver
C . 123456789012:aws:iam::instance-profile/Webserver
D . arn:aws:iam::123456789012::instance-profile/Webserver

View Answer

Answer: B

Explanation:

IAM ARNs

Most resources have a friendly name (for example, a user named Bob or a group named Developers).

However, the access policy language requires you to specify the resource or resources using the following Amazon Resource Name (ARN) format.

arn:aws:service:region:account:resource

Where:

service identifies the AWS product. For IAM resources, this is always iam.

region is the region the resource resides in. For IAM resources, this is always left blank.

account is the AWS account ID with no hyphens (for example, 123456789012).

resource is the portion that identifies the specific resource by name.

You can use ARNs in IAM for users (IAM and federated), groups, roles, policies, instance profiles, virtual MFA devices, and server certificates. The following table shows the ARN format for each and an example. The region portion of the ARN is blank because IAM resources are global.