ARNs and Endpoints in AWS China

If you are reading this article it can mean two things. That you are struggling with the endpoints and ARNs for AWS services in China, or that you are looking for content about AWS in China. In both cases, you are in the right place. In this article, I will go through the ARNs and endpoints for AWS services in China.

AWS China comprises of two AWS regions, Beijing and Ningxia, with five availability zones in total. Beijing operated by Sinnet and Ningxia operated by NWCD. As you probably know from my previous blog posts, AWS China has completely separated regions from the global regions. Due to the separate infrastructures, the user accounts of AWS China are completely different from AWS global. In the same way, the AWS endpoints and ARNs in AWS global and in AWS China are slightly different.

But first of all, what is an AWS endpoint? To connect programmatically to an AWS service in China, you use an endpoint. An endpoint is the URL of the entry point for an AWS service.

The endpoints for services in the Beijing Region and the Ningxia Region are different from other AWS global endpoints. The endpoint domain for both the Beijing and Ningxia Regions is

Every region in AWS has an endpoint code, that you can use to make your requests and deploy your resources in a specific region.

Region NameCode

You have to keep in mind, this only applies to the region-specific services which are essentially most of the AWS services. However, there are some services, such as IAM, Route53, WAF, CloudFront, that are global services and therefore do not support regions.

  • The endpoints for these services do not include a region:

For example, is the endpoint for the Route53 service in China.

  • The services that support regions include the region in the endpoint:

For example, is the endpoint for the Amazon DynamoDB service in the Beijing Region, and is the endpoint for Amazon DynamoDB in the Ningxia Region.

For a complete list of endpoints in China Regions, see the following topics:

Now that we already know what the AWS endpoints are and how do they work specifically in the China regions, it’s time to talk about the ARNs.

What are the Amazon Resource Names (ARNs)? Amazon Resource Names (ARNs) uniquely identify AWS resources. You use an ARN to specify a resource across all of AWS, such as in AWS Identity and Access Management (IAM) policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.

The ARNs are defined as following: arn:partition:service:region:account-id:resource-id

In AWS China regions, the ARN syntax includes a cn and this is the main difference with AWS global ARNs.

RegionARN partition

Here some examples:

  • arn:aws-cn:s3:cn-northwest-1:1234567890:my_bucket
  • arn:aws-cn:iam::1234567890:user/David
  • arn:aws-cn:ec2:cn-north-1:1234567890:*
  • arn:aws-cn:rds:cn-north-1:1234567890:db:mysql-db
  • arn:aws-cn:ec2:cn-northwest-1:1234567890:volume/vol-1a2b3c4d

About Roopu Cloud

If you have any questions or concerns about AWS China, you can contact us. We are experts in building and implementing cloud solutions in the AWS China platform as well as in other Chinese cloud platforms. Let us help you!

Other related posts:

Leave a Comment

Scroll to Top