This topic lists the identifiers used for EIM resources and in the policies.

Names, Paths and Uniques IDs for EIM Resources

IdentifierDescriptionExample
Name

A friendly name you give to users, groups and policies at creation to identify them more easily. Names must be unique for your account. However, you can reuse a name of a user, a group or a policy that has been previously deleted.

Names can be composed of upper and lowercase alphanumeric characters, and of the following characters: =,.@-. Spaces are not allowed.

Jane
Path

A path you can add to users, groups and managed policies at creation to identify the part of your organization they belong to.

Specifying a same path for different users does not put them into a same group. However, you can use paths as a filter when listing EIM identities or policies. Paths are also used in their Outscale Resource Names (ORN).

A path corresponds to different sections separated by a slash (/), representing the structure of your organization.

/division_xxx/subdivision_yyy
Unique IDThe unique ID that is automatically assigned to users, groups and managed policies when creating them. Unlike names, IDs are not reused if the user, group or policies are deleted.ABC1D23EFGHIJKL4MN5OP


Outscale Resource Names (ORNs)

An ORN is a unique identifier in the ORN format that is automatically assigned to your resources. ORNs indicate where the resource is in the Cloud.

EIM policies require you to use ORNs to specify your resources.

ORN Format

ORNs follow the following AWS-compliant format:

arn:aws:service:region:account:resource

An ORN is composed of the following sections you need to specify, separated using colons (:):

  • service: The 3DS OUTSCALE service, identified by its service code.

    You must use one of the following codes:

    • For the 3DS OUTSCALE API: api
    • For Flexible Compute Unit (FCU): ec2
    • For Elastic Identity Management (EIM): iam
    • For Load Balancing Unit (LBU): elasticloadbalancing
    • For DirectLink: directconnect
    • For Outscale Key Management Service (OKMS): kms
    • For all the services above: *

  • region: The Region where the resource is.

    As EIM resources are global, this section is always blank for them but must appear in the ORN using a double-colon (::).

  • account: The account ID of the owner of the resource.
  • resource: The resource identification. This section is composed of:
    • The type of resource.
    • (optional) The path for the resource, if applicable.
    • A slash (/) followed by the resource name or ID.

You can use wildcards (*) as part of the ORN to specify multiple resources. For example, the ORN for all the managed policies with the /division_xxx/subdivision_yyy path is arn:aws:iam::123456789000:policy//division_xxx/subdivision_yyy/*, and the ORN for all the groups of your account is arn:aws:iam::123456789000:group/*.


AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.