AWS CodeDeploy
User Guide (API Version 2014-10-06)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Step 1: Provision an IAM User

Follow these instructions to prepare an IAM user to use CodeDeploy:

  1. Create an IAM user or use one associated with your AWS account. For more information, see Creating an IAM User in IAM User Guide.

  2. Grant the IAM user access to CodeDeploy—and AWS services and actions CodeDeploy depends on—by copying the following policy and attaching it to the IAM user:

    { "Version": "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "autoscaling:*", "codedeploy:*", "ec2:*", "lambda:*", "ecs:*", "elasticloadbalancing:*", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole", "iam:DeleteInstanceProfile", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "iam:PutRolePolicy", "iam:RemoveRoleFromInstanceProfile", "s3:*" ], "Resource" : "*" } ] }

    The preceding policy grants the IAM user the access required to deploy an AWS Lambda compute platform, an EC2/On-Premises compute platform, and an Amazon ECS compute platform.

    To learn how to attach a policy to an IAM user, see Working with Policies. To learn how to restrict users to a limited set of CodeDeploy actions and resources, see Authentication and Access Control for AWS CodeDeploy.

    You can use the AWS CloudFormation templates provided in this documentation to launch Amazon EC2 instances that are compatible with CodeDeploy. To use AWS CloudFormation templates to create applications, deployment groups, or deployment configurations, you must grant the IAM user access to AWS CloudFormation—and AWS services and actions that AWS CloudFormation depends on—by attaching an additional policy to the IAM user:

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": "*" } ] }

    For information about other AWS services listed in these statements, see: