AWS access control policy condition that allows an access control statement
to be conditionally applied based on the comparison of an Amazon Resource
Name (ARN).
An Amazon Resource Name (ARN) takes the following format:
arn:aws:<vendor>:<region>:<namespace>:<relative-id>
- vendor identifies the AWS product (e.g., sns)
- region is the AWS Region the resource resides in (e.g., us-east-1), if
any
- namespace is the AWS account ID with no hyphens (e.g., 123456789012)
- relative-id is the service specific portion that identifies the specific
resource
For example, an Amazon SQS queue might be addressed with the following ARN:
arn:aws:sqs:us-east-1:987654321000:MyQueue
Currently the only valid condition key to use in an ARN condition is
ConditionFactory#SOURCE_ARN_CONDITION_KEY, which indicates the
source resource that is modifying another resource, for example, an SNS topic
is the source ARN when publishing messages from the topic to an SQS queue.