Spaces in CodeCatalyst - Amazon CodeCatalyst

Spaces in CodeCatalyst

You create a space that represents you, your company, department, or group, and provides a place where your development teams can manage projects. You must create a space to add projects, members, and the associated cloud resources you create in Amazon CodeCatalyst.

Note

Space names must be unique across CodeCatalyst. You cannot reuse names of deleted spaces.

When you create a space, you are automatically assigned the Space administrator role. You can add this role to other users in the space.

With the Space administrator role, you can manage the space as follows:

  • Add other space administrators to the space

  • Change member roles and permissions

  • Edit or delete the space

  • Create projects and invite members to the project

  • View a list of all projects in the space

  • View the activity feed for all projects in the space

When you create a space, you are automatically added to the space with two roles: the Space administrator role, and the Project administrator role for the project you created as part of creating the space. Additional users are added as members to the space automatically when they accept invitations to projects. This membership in the space does not grant any permissions in the space. What users can do in a space is determined by the role the user has in a specific project.

CodeCatalyst projects are managed at the project level by a Space administrator or a Project administrator. After the Space administrator creates a project, the Space administrator and the Project administrator can manage the project, edit the project information, and invite members to the project from the space or external to the space.

A space represents your company, department, or group. You must create a space to add projects, members, and the associated cloud resources you create in CodeCatalyst. When a user accepts an invitation to a project, CodeCatalyst automatically adds them to the space that contains that project. Users with the Space administrator role have permissions to manage the space.

For more information about roles, see Working with roles in Amazon CodeCatalyst.

Diagram showing how spaces share members and resources across projects while all projects return activity data to the space level

Account connections for billing – Billing for CodeCatalyst is provided by AWS and charges, if applicable, are applied to a specified AWS account. Even when you're using the CodeCatalyst Free tier, you must add an AWS account for billing. For more information, see Billing.

AWS is the billing provider for CodeCatalyst accounts. The account you specify will show CodeCatalyst charges on your AWS bill. Only one AWS account can be used as a billing account for a space in CodeCatalyst. If an account is already used for a space, you must use a different billing account for any additional spaces.

Account connections for deployments – A service role is required for workflows to deploy successfully. If your project workflows contain CodeCatalyst actions that require AWS resources, CodeCatalyst uses a combination of AWS account, IAM role, and CodeCatalyst environment to access resources as follows:

  • Environments are used to track deployment activity for a CodeCatalyst project. Environments also provide a link between IAM roles and workflow actions so that the actions can authenticate to, and operate in, AWS services.

    Note

    All workflow actions that require IAM roles, including build actions, must use a CodeCatalyst environment in order to run.

  • AWS accounts provide a link between the CodeCatalyst environment and the AWS IAM roles and policies used as a service role.

  • IAM roles and role policies provide the permissions to perform actions within CodeCatalyst workflows.

The following diagram provides a functional overview of connections between your AWS account and CodeCatalyst. In this example, AWS account 1 has been added to the space and set up for billing. AWS account 2 and AWS account 3 are added to the space and available to CodeCatalyst projects in the space. AWS account 2 and AWS account 3 each connect to a project that requires IAM roles for CodeCatalyst actions that use AWS resources. One project does not require IAM roles and so does not require a connection to an account.

Connections allow a space to use AWS resources for deployments and billing

The following are additional considerations for added accounts:

  • There is a one-to-one mapping of account connection to AWS account for a space. A single AWS account can be added to multiple different spaces. AWS accounts you deploy to do not need to be unique and can be used by more than one space.

  • AWS accounts added to a CodeCatalyst space can be used in any project in that space.

  • While each environment can support multiple AWS accounts, you can only use one account per environment in an action.

  • Billing is configured at the space level. Multiple accounts can be configured for billing, but only one can be active in a CodeCatalyst space. Only one AWS account can be used as a billing account for a space in CodeCatalyst. If an account is already used for a space, you must use a different billing account for the additional space.

  • After you create a connection, you must add AWS IAM roles to your connection if your workflow must access those IAM roles with your CodeCatalyst environment. For more information about how environments are used, see Working with environments.

The CodeCatalyst workflow actions that require an environment are build or deploy actions that run AWS resources or generate AWS resource stacks.

The Environment, Connection, and Role properties are required to run CodeCatalyst workflow build and deploy actions with AWS resources. The IAM roles and account information are specified in the YAML that you have configured for your workflow. For an example, see the CodeCatalyst build action reference YAML parameters for Environment, Connections, and Role.

Topics