Creating and setting up an App Studio instance for the first time
Sign up for an AWS account
An AWS account is required to set up App Studio. Only one AWS account is required to use App Studio— builders and administrators do not need an AWS account to use App Studio, as access is managed with AWS IAM Identity Center.
To create an AWS account
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.
Create an administrative user for managing AWS resources
When you first create an AWS account, you begin with a default set of credentials with complete access to all AWS resources in your account. This identity is called the AWS account root user. For creating AWS roles and resources to be used with App Studio, we strongly recommend you do not use the AWS account root user, and instead create and use an administrative user.
Use the following topics to create an administrative user for managing AWS roles and resources for use with App Studio.
For a single, standalone AWS account, see Create your first IAM user in the IAM User Guide. You can provide any user name, but it must have
AdministratorAccess
permissions policy.For multiple AWS accounts managed through AWS Organizations, see Set up AWS account access for an IAM Identity Center administrative user in the AWS IAM Identity Center User Guide.
Create an App Studio instance in the AWS Management Console
To use App Studio, you must create an instance from the App Studio landing page in the AWS Management Console.
Note
You can only create one instance of App Studio, across all AWS Regions. If you have an existing instance, you must delete it before creating another one. For more information, see Deleting an App Studio instance.
To create an App Studio instance in the AWS Management Console
-
Open the App Studio console at https://console.aws.amazon.com/appstudio/
. Navigate to the AWS Region in which you want to create an App Studio instance.
-
Choose Get started.
The steps to set up App Studio are determined by whether or not you have an IAM Identity Center instance, and the type of instance. To find more information about IAM Identity Center instances, including the different types and how to find which type you have, see Manage organization and account instances of IAM Identity Center in the AWS IAM Identity Center User Guide.
If you have an organization instance of IAM Identity Center:
-
In Configure access to App Studio with Single Sign-On, select existing IAM Identity Center groups to provide them with access to App Studio. App Studio groups will be created based on the specified configuration. Members of groups added to Admin groups will have the Admin role, and members of groups added to Builder groups will have the Builder role in App Studio. The roles are defined as follows:
Admins can manage users and groups within App Studio, add and manage connectors, and manage applications created by builders. Additionally, users with the Admin role have all of the permissions included with the Builder role.
Builders can create and build applications. Builders cannot manage users or groups, add or edit connector instances, or manage other builders' applications.
-
In Create Amazon CodeCatalyst space, provide a name for the CodeCatalyst space that will be used to store App Studio source code and other information.
-
-
If you have an account instance of IAM Identity Center instance:
-
In Account permissions, review the required permissions for enabling App Studio. If your account does not have the required permissions, you will not be able to enable App Studio. You must either get the required permissions added to your account, or switch to an account that has them.
In Configure access to App Studio with Single Sign-On, in IAM Identity Center account, choose Use an existing account instance
In AWS Region, choose the region in which your IAM Identity Center account instance is located.
Select existing IAM Identity Center groups to provide them with access to App Studio. App Studio groups will be created based on the specified configuration. Members of groups added to Admin groups will have the Admin role, and members of groups added to Builder groups will have the Builder role in App Studio. The roles are defined as follows:
Admins can manage users and groups within App Studio, add and manage connectors, and manage applications created by builders. Additionally, users with the Admin role have all of the permissions included with the Builder role.
Builders can create and build applications. Builders cannot manage users or groups, add or edit connector instances, or manage other builders' applications.
-
-
If you do not have an IAM Identity Center instance:
Note
Setting up App Studio automatically creates an IAM Identity Center account instance with the groups you configure during the set up process. After the setup is complete, you can add or manage users and groups in the IAM Identity Center console at https://console.aws.amazon.com/singlesignon/
. -
In Account permissions, review the required permissions for enabling App Studio. If your account does not have the required permissions, you will not be able to enable App Studio. You must either get the required permissions added to your account, or switch to an account that has them.
In Configure access to App Studio with Single Sign-On, in IAM Identity Center account, choose Create an account instance for me.
In Create users and groups and add them to App Studio, provide a name for and add users to an admin group and builder group. Users added to the admin group will have the Admin role in App Studio, and users added to the builder group will have the Builder role. The roles are defined as follows:
Admins can manage users and groups within App Studio, add and manage connectors, and manage applications created by builders. Additionally, users with the Admin role have all of the permissions included with the Builder role.
Builders can create and build applications. Builders cannot manage users or groups, add or edit connector instances, or manage other builders' applications.
Important
You must add yourself as a user of the admin group to set up App Studio and have admin access after setting up.
-
In Service access and roles, review the service roles and service-linked role that are created automatically when you set up App Studio to provide the service with necessary permissions. Choose View permissions to see the exact permissions granted for service roles, or View policy to see the permissions policy attached to the service-linked role.
In Acknowledgement, acknowledge the statements by choosing their checkboxes.
Choose Set up to create your instance.