
Note that this metadata is not exposed in the Console. Here are some examples from the above document:Īn IAM user called Bob in a given account: arn:aws:iam::123456789012:user/BobĪnother different user Bob with a path reflecting an organization chart: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/BobĪn IAM group: arn:aws:iam::123456789012:group/DevelopersĪrn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developer This would correspond to internal divisions of the organization. For additional examples of how you might use paths, see IAM ARNs.įor example, a large organization may have users in paths /WestRegion/AZ and /EastRegion/NY. To view this policy, see IAM: Access the Policy Simulator API Based on User Path. You could then create a policy to allow all users in that path to access the policy simulator API. For example, you could use the nested path /division_abc/subdivision_xyz/product_1234/engineering/ to match your company's organizational structure. You can use a single path, or nest multiple paths as if they were a folder structure. If you are using the IAM API or AWS Command Line Interface (AWS CLI) to create IAM entities, you can also give the entity an optional path.


The path variable in IAM is used for grouping related users and groups in a unique namespace, usually for organizational purposes.
