Allowing access to AWS resources with connected AWS accounts - Amazon CodeCatalyst

Allowing access to AWS resources with connected AWS accounts

You can use resources from your AWS accounts in Amazon CodeCatalyst spaces. To do so, you must set up a connection between the AWS accounts and your space in CodeCatalyst. Creating a connection like this means that projects and workflows within your CodeCatalyst space can interact with resources in your AWS accounts. You must create one connection for each AWS account you want to use with your CodeCatalyst space.

After you create a connection, you can choose to associate AWS IAM roles with it.

You can set up CodeCatalyst to use authorized AWS accounts by adding the accounts to your space. By adding AWS accounts to your CodeCatalyst space, you can give your project workflows access to AWS account resources and your billing configuration.

Adding an AWS account creates a connection that authorizes CodeCatalyst to use this account. You can use added AWS accounts to do the following:

  • Set up billing for a CodeCatalyst space. See Managing billing in the Amazon CodeCatalyst Administrator Guide. The AWS account that is specified as the billing account for your CodeCatalyst space has different quotas from other account connections for a space. For more information, see Quotas for CodeCatalyst.

  • Allow CodeCatalyst to assume IAM roles to access AWS resources and deploy to AWS services in the account. See Configuring IAM roles for connected accounts.

Account connections are created by completing authorization with the AWS account. After the connection is created, you further configure the connection for workflows and projects to use by adding IAM roles.

For the steps to configure account connections in the AWS Management Console page for CodeCatalyst as the administrator for the AWS account and the space, see Managing connected accounts in the CodeCatalyst Administrator Guide. Account connections can be configured for restriction to specific projects. You can only associate workflows or VPC connections with an AWS account that has access to your project. For more information, see Configuring project-restricted account connections.