AWS CodeDeploy
User Guide (API Version 2014-10-06)

A new console design is available for this service. Although the procedures in this guide were written for the older version of the console, you will find many of the concepts and basic procedures in this guide still apply.

Step 1: Provision an IAM User

Follow these instructions to prepare an IAM user to use AWS CodeDeploy:

  1. Create an IAM user or use an existing one associated with your AWS account. For more information, see Creating an IAM User in IAM User Guide.

  2. Grant the IAM user access to AWS CodeDeploy—and AWS services and actions AWS CodeDeploy depends on—by copying the following policy and attaching it to the IAM user:

    { "Version": "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "autoscaling:*", "codedeploy:*", "ec2:*", "lambda:*", "elasticloadbalancing:*", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole", "iam:DeleteInstanceProfile", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "iam:PutRolePolicy", "iam:RemoveRoleFromInstanceProfile", "s3:*" ], "Resource" : "*" } ] }

    The preceding policy grants the IAM user the access required to deploy to both an AWS Lambda compute platform and an EC2/On-Premises compute platform.

    To learn how to attach a policy to an IAM user, see Working with Policies. To learn how to restrict users to a limited set of AWS CodeDeploy actions and resources, see Authentication and Access Control for AWS CodeDeploy.

    You can use the AWS CloudFormation templates provided in this documentation to launch Amazon EC2 instances that are compatible with AWS CodeDeploy. To use AWS CloudFormation templates to create applications, deployment groups, or deployment configurations, you must grant the IAM user access to AWS CloudFormation—and AWS services and actions that AWS CloudFormation depends on—by attaching an additional policy to the IAM user, as follows:

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": "*" } ] }

    For information about other AWS services listed in these statements, see: