Administering end users

If CodeWhisperer has already been set up for your organization

You can set up CodeWhisperer in any member account in your organization. As a matter of best practice it should not be the Organizations management account. It does not have to be the same account that you use for IAM Identity Center administration.

To delete CodeWhisperer from an account, choose Delete from the top of the CodeWhisperer settings page.

Adding the CodeWhisperer application to IAM Identity Center

Warning

In this procedure, you are acting as the CodeWhisperer administrator. In the previous procedure, you were acting as the AWS Organizations administrator. If necessary, log out of the AWS console, and log back in as the CodeWhisperer administrator.

To add the CodeWhisperer application to IAM Identity Center, complete the following steps:

1. Open a browser tab with the access portal URL, and log in as the CodeWhisperer administrator.

2. At the top of the next screen, choose the orange cube representing your AWS account. If your account is the only account in its AWS organization, then there will only be one choice.

3. The name of your account will appear in a bar, along with your account number and the associated email address.

   Choose the bar.

4. The bar will expand to show CodeWhisperer_administrator. It may also show other access profiles, depending on how your account is configured.

   On the same row as Administrator Access, choose Management console.

5. From the console homepage choose Amazon CodeWhisperer.

6. From the CodeWhisperer console page, choose Set up CodeWhisperer.

   Note

   After your initial setup, the Set up page becomes the Settings page.

7. On the Set up page, under Details, the option Include suggestions with code references is selected by default. if appropriate, leave it selected.

   To learn more about this option, see Code references.

Note

The timeout period for your CodeWhisperer or Amazon Q session is either the timeout period that you set in IAM Identity Center, or the timeout period of your third-party identity provider, whichever is lower.

In order to change the timeout period in IAM Identity Center, on the settings page, select the Authentication tab. Then, under Session settings, choose Configure.

Assign users and groups to IAM Identity Center

Warning

In this procedure, you are acting as the Organizations administrator, logged into the delegator administrator account. Depending on how you were logged in for the previous procedures, you may need to switch users, accounts, and/or roles before continuing.

Your organization's contributors authenticate through AWS IAM Identity Center. To authorize developers in your organization to work with CodeWhisperer Professional, you must first create or import them as users in IAM Identity Center.

1. Open a browser tab with the access portal URL given to you by the root user.

2. Log in to the account that the root user created for you. Either the root user provided you with a one-time password that you now must change, or you received an email with directions for setting up your own password.

3. At the top of the next screen, choose the orange cube representing your AWS account. If your account is the only account in its AWS organization, then there will only be one choice.

4. The name of your account will appear in a bar, along with your account number and the associated email address.

   Choose the bar.

5. The bar will expand to show Administrator Access. It may also show other access profiles, depending on how your account is configured.

   On the same row as Administrator Access, choose Management console.

   

6. From the console home page, choose IAM Identity Center.

7. From the dashboard, choose Choose your identity source.

   Your default identity source is Identity Center directory. With Identity Center directory, you manage users and groups completely inside IAM Identity Center.

8. (optional) If you want to choose a different identity source, then under the Actions dropdown, choose Change identity source.

   On the Choose identity source page, the other two options are:

   • Active Directory: Select this option if you already have your users and groups configured in Active Directory.

   • External identity provider: Select this option if you already have your users and groups configured in an external system that is not Active Directory.

The rest of the process for adding users and groups to IAM Identity Center is beyond the scope of this guide. For additional information about IAM Identity Center and how to set it up, see the AWS IAM Identity Center User Guide. Be sure to set create or import at least two more users: one for the CodeWhisperer administrator, and one for the professional developer. Then, return to this guide for Assigning CodeWhisperer administration rights.

Authorizing professional developers to use CodeWhisperer

Warning

In this procedure, you are acting as the CodeWhisperer administrator. If necessary, log out of the AWS console, and log back in as the CodeWhisperer administrator.

To authorize specific users to work with CodeWhisperer, complete the following steps:

1. From the CodeWhisperer console choose Settings to open the Settings menu.

2. If you want to, from the Details section, select Include suggestions with code references.

   After you make this selection, individual developers will not be able to change it in the IDE.

3. Under Users view, select the individuals that require authorization to use CodeWhisperer.

   The users that you select will appear under Selected users and groups.

   Note

   Before a user can be chosen here, they must first be added in the IAM Identity Center by the IAM Identity Center administrator. For more information, see Assign users and groups to IAM Identity Center

   Note

   Even if the same user acts as a CodeWhisperer developer in two different accounts within the same organization, your organization will only be billed for that user once per billing cycle.

4. Choose Set up CodeWhisperer.

To authorize groups of users to use CodeWhisperer, complete the following steps:

1. From the CodeWhisperer console choose Settings to open the Settings menu.

2. In the upper right corner of the console window, confirm that the region is set to US East (N. Virginia).

   This step is necessary, regardless of which region you used when adding the CodeWhisperer application to IAM Identity Center, or which region the account administrator used when adding or creating users and groups in IAM Identity Center.

3. If you want to, from the Details section, select Include suggestions with code references.

   After you make this selection, individual developers will not be able to change it in the IDE.

4. From the Groups tab, choose Add groups to open the Add groups view.

   

5. From the Add groups view, choose the groups that require authorization to use CodeWhisperer.

6. Choose Add groups to authorize CodeWhisperer access for the selected groups.

The CodeWhisperer administrator removes access to CodeWhisperer

You can remove CodeWhisperer access for users and groups of individual users.

To remove CodeWhisperer access from individual users, complete the following steps:

1. From the CodeWhisperer console choose Settings to open the Settings menu.

2. From the Users tab, choose Remove access.

3. When prompted, choose Remove to confirm that your want to remove CodeWhisperer access for the user.

To remove CodeWhisperer access from a group of users, complete the following steps:

1. From the CodeWhisperer console, choose Settings to open the Settings menu.

2. From the Groups tab, choose Remove Access.

3. When prompted, choose Remove to confirm that your want to remove CodeWhisperer access for the group of users.