Amazon CodeGuru Reviewer permissions reference
You can use AWS condition keys in your CodeGuru Reviewer policies to express conditions. For a list, see IAM JSON policy elements reference in the IAM User Guide.
You specify the actions in the policy's Action
field. To specify an
action, use the codeguru-reviewer:
prefix followed by the API operation name (for
example, codeguru-reviewer:AssociateRepository
and
codeguru-reviewer:DisassociateRepository
). To specify multiple actions in a
single statement, separate them with commas (for example, "Action": [
"codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository" ]
).
Using wildcard characters
You specify an Amazon Resource Name (ARN), with or without a wildcard character (*),
as the resource value in the policy's Resource
field. You can use a
wildcard to specify multiple actions or resources. For example,
codeguru-reviewer:*
specifies all CodeGuru Reviewer actions and
codeguru-reviewer:List*
specifies all CodeGuru Reviewer actions that begin with the word
List
. The following example refers to all repository associations with
a universally unique identifier (UUID) that begins with PullRequest-GITHUB
.
arn:aws:codeguru-reviewer:us-east-2:123456789012:association:PullRequest-GITHUB*
You can use the following table as a reference when you are setting up Authenticating with identities and writing permissions policies that you can attach to an IAM identity (identity-based policies).
CodeGuru Reviewer API operations and required
permissions for actions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CodeGuru Reviewer API operations | Required permissions (API actions) | Resources | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
AssociateRepository |
Required to associate a repository with CodeGuru Reviewer. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CreateCodeReview |
Required to create a code review to analyze all code under a specified branch in an associated repository. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DescribeCodeReview |
Required to view information about a code review, including its status. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DescribeRecommendationFeedback |
Required to view customer feedback about a recommendation. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DescribeRepositoryAssociation |
Required to view information about a repository association and its status details. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
DisassociateRepository |
Required to remove the association between CodeGuru Reviewer and a repository. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ListCodeReviews |
Required to view the names of all code reviews in the current AWS account that were created in the past 90 days. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ListRecommendationFeedback |
Required to list all users' customer feedback for a code review recommendation. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ListRecommendations |
Required to view a list of all the recommendations for one completed code review. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ListRepositoryAssociations |
Required to list summary information about repository associations. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ListTagsForResource |
Required to list tags associated with an associated repository ARN. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PutRecommendationFeedback |
Required to store feedback for a code review recommendation. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
TagResource |
Required for adding one or more tags to an associated repository. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
UnTagResource |
Required for removing a tag from an associated repository. |
|