AxelBase
Blog /

How This ARN Parser Works

How This ARN Parser Works

Published: November 7, 2025

This AWS ARN Parser is a fully client-side, zero-dependency web tool built with SvelteKit and Bootstrap. It validates and extracts ARN components instantly — no API calls, no tracking, no data sent to servers. Let’s dive into the technical architecture and parsing logic.

Core Design Principles

The parser follows three strict rules:

  • Deterministic: Same input → same output, every time
  • Privacy-first: All processing happens in your browser
  • Instant: Results appear in under 100ms

Why Client-Side?

ARNs often appear in IAM policies, CloudFormation templates, and CLI scripts — sensitive contexts. Running validation locally eliminates data exposure risks. The entire app is static HTML/JS/CSS, deployable on GitHub Pages.

Parsing Logic Step-by-Step

The arnParser.ts utility uses a multi-stage validation pipeline:

1. Prefix Check

Ensures input starts with arn:. Case-sensitive.

if (!input.startsWith('arn:')) → error

2. Colon Count

Splits on : and requires 6+ parts (S3 ARNs may have empty fields).

parts.length >= 6

3. Partition Validation

Checks against known AWS partitions:

['aws', 'aws-cn', 'aws-us-gov', 'aws-iso', 'aws-iso-b']

4. Service & Resource Extraction

Service is always part 3. Resource is everything after part 5. The parser then intelligently splits resource into type and id using / or : delimiters.

5. Special Cases

  • S3: arn:aws:s3:::bucket → region/account omitted
  • IAM: arn:aws:iam::123:role/X → region empty
  • Lambda versions: :prod, :1

Output Structure

Parsed result is a structured object:

{
  partition: "aws",
  service: "ec2",
  region: "us-east-1",
  accountId: "123456789012",
  resourceType: "instance",
  resourceId: "i-abc123",
  fullResource: "instance/i-abc123",
  original: "arn:aws:ec2:..."
}

Validation Edge Cases

The parser handles:

  • Empty region/account in global services
  • Colons in resource paths (e.g., Lambda qualifiers)
  • Wildcards in IAM policies (*)
  • Case sensitivity in resource IDs

FAQ

Does it support future AWS partitions?

Yes. Add new partitions to the validation array in arnParser.ts.

Can I fork and customize it?

Absolutely. It’s open-source, MIT-licensed, and deployable anywhere.

Why not use AWS SDK?

SDKs are heavy and require credentials. This tool is lightweight and works offline.

Built for speed, privacy, and accuracy — validate ARNs before they break your deployment.