Amazon CodeGuru Security is in preview release and is subject to change.
Configure IAM permissions
Following security best practices, create an AWS Identity and Access Management (IAM) role with access restricted to Amazon CodeGuru Security operations and with required permissions. You can add other permissions as needed.
The following policies provide permissions to use Amazon CodeGuru Security:
-
AmazonCodeGuruSecurityFullAccess: Provides full access to resources needed to use Amazon CodeGuru Security.
-
AmazonCodeGuruSecurityScanAccess: Provides access to API operations needed to create scans, get scan information, and get scan findings.
For more information on these AWS managed policies, see AWS managed policies for Amazon CodeGuru Security.
You can also create custom IAM policies to allow permissions for CodeGuru Security actions and resources. See the following topics for more information on configuring IAM roles to use CodeGuru Security:
Assigning permissions
To provide access, add permissions to your users, groups, or roles:
-
Users and groups in AWS IAM Identity Center:
Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center User Guide.
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-