Resource Identifiers

This topic lists the identifiers used for EIM resources and in the policies.

Names, Paths and Uniques IDs for EIM Resources

Identifier Description Example


A friendly name you give to users, groups and policies at creation to identify them more easily. Names must be unique for your account. However, you can reuse a name of a user, a group or a policy that has been previously deleted.

Names can be composed of upper and lowercase alphanumeric characters, and of the following characters: =,.@-. Spaces are not allowed.



A path you can add to users, groups and managed policies at creation to identify the part of your organization they belong to.

Specifying a same path for different users does not put them into a same group. However, you can use paths as a filter when listing EIM identities or policies. Paths are also used in their OUTSCALE Resource Names (ORN).

A path corresponds to different sections separated by a slash (/), representing the structure of your organization.


Unique ID

The unique ID that is automatically assigned to users, groups and managed policies when creating them. Unlike names, IDs are not reused if the user, group or policies are deleted.


OUTSCALE Resource Names (ORNs)

An ORN is a unique identifier in the ORN format that is automatically assigned to your resources. ORNs indicate where the resource is in the Cloud.

ORN Format

ORNs follow the following AWS-compliant format:


An ORN is composed of the following sections you need to specify, separated using colons (:):

  • service: The OUTSCALE service, identified by its service code.

    You must use one of the following codes:

    • For the OUTSCALE API: api

    • For Flexible Compute Unit (FCU): ec2

    • For Load Balancing Unit (LBU): elasticloadbalancing

    • For Elastic Identity Management (EIM): iam

    • For DirectLink: directconnect

    • For all the services above: *

    EIM is not compatible with the Internal Call Unit (ICU) and OUTSCALE Object Storage (OOS) services.

  • region: The Region where the resource is.

    As EIM resources are global, this section is always blank for them but must appear in the ORN using a double-colon (::).

  • account: The account ID of the owner of the resource.

  • resource: The resource identification. This section is composed of:

    • The type of resource.

    • (optional) The path for the resource, if applicable.

    • A slash (/) followed by the resource name or ID.

You can use asterisks (*) as part of the ORN to specify multiple resources. For example, the ORN for all the managed policies with the /division_xxx/subdivision_yyy path is arn:aws:iam::123456789000:policy//division_xxx/subdivision_yyy/*, and the ORN for all the groups of your account is arn:aws:iam::123456789000:group/*.

Related Pages

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.