AWS CodeDeploy
User Guide (API Version 2014-10-06)

The procedures in this guide support the new console design. If you choose to use the older version of the console, you will find many of the concepts and basic procedures in this guide still apply. To access help in the new console, choose the information icon.

Step 1: Provision an IAM User

Follow these instructions to prepare an IAM user to use AWS CodeDeploy:

  1. Create an IAM user or use one associated with your AWS account. For more information, see Creating an IAM User in IAM User Guide.

  2. Grant the IAM user access to AWS CodeDeploy—and AWS services and actions AWS CodeDeploy depends on—by copying the following policy and attaching it to the IAM user:

    { "Version": "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "autoscaling:*", "codedeploy:*", "ec2:*", "lambda:*", "ecs:*", "elasticloadbalancing:*", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole", "iam:DeleteInstanceProfile", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "iam:PutRolePolicy", "iam:RemoveRoleFromInstanceProfile", "s3:*" ], "Resource" : "*" } ] }

    The preceding policy grants the IAM user the access required to deploy an AWS Lambda compute platform, an EC2/On-Premises compute platform, and an Amazon ECS compute platform.

    To learn how to attach a policy to an IAM user, see Working with Policies. To learn how to restrict users to a limited set of AWS CodeDeploy actions and resources, see Authentication and Access Control for AWS CodeDeploy.

    You can use the AWS CloudFormation templates provided in this documentation to launch Amazon EC2 instances that are compatible with AWS CodeDeploy. To use AWS CloudFormation templates to create applications, deployment groups, or deployment configurations, you must grant the IAM user access to AWS CloudFormation—and AWS services and actions that AWS CloudFormation depends on—by attaching an additional policy to the IAM user:

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": "*" } ] }

    For information about other AWS services listed in these statements, see: