Setting up - Developer Tools console

Setting up

If you have a managed policy for AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, or AWS CodePipeline applied to your IAM user or role, you have the permissions required to work with notifications within the limitations of the roles and permissions provided by the policy. For example, users who have the AWSCodeBuildFullAccess, AWSCodeCommitFullAccess, AWSCodeDeployFullAccess, or AWSCodePipeline_FullAccess managed policy applied have full administrative access to notifications.

For more information, including example policies, see Identity-based policies.

If you have one of these policies applied to your IAM user or role, and a build project in CodeBuild, a repository in CodeCommit, a deployment application in CodeDeploy, or a pipeline in CodePipeline, you are ready to create your first notification rule. Continue to Getting started with notifications. If not, see the following topics:

If you want to manage administrative permissions for notifications for IAM users, groups, or roles yourself, follow the procedures in this topic to set up the permissions and resources you need to use the service.

If you want to use previously created Amazon SNS topics for notifications instead of creating topics specifically for notifications, you must configure an Amazon SNS topic to use as the target for a notification rule by applying a policy that allows events to be published to that topic.

Note

To perform the following procedures, you must be signed in with an account that has administrative permissions. For more information, see Creating your first IAM admin user and group.

Create and apply a policy for administrative access to notifications

You can administer notifications by signing in with an IAM user or using a role that has permissions to access the service and the services (AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, or AWS CodePipeline) for which you want to create notifications. You can also create your own policies and apply them to users or groups.

The following procedure shows you how to configure an IAM group with permissions for administering notifications and adding IAM users. If you do not want to set up a group, you can apply this policy directly to IAM users or to an IAM role that can be assumed by users. You can also use the managed policies for CodeBuild, CodeCommit, CodeDeploy, or CodePipeline, which include policy-appropriate access to notification features depending on the scope of the policy.

To set up a group with permissions to administer AWS CodeStar Notifications

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

    Make sure you sign in using an account that has administrative permissions.

  2. In the IAM console, choose Policies, and then choose Create policy.

  3. In Create policy, choose JSON, and paste the following policy statement:

    { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSCodeStarNotificationsFullAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:ListNotificationRules", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe", "codestar-notifications:DeleteTarget", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:TagResource", "codestar-notifications:UntagResource" ], "Resource": "*" } ] }

    For examples of other policy permission statements for AWS CodeStar Notifications, see Example: A contributor-level policy for using AWS CodeStar Notifications and Example: A read-only-level policy for using AWS CodeStar Notifications.

  4. Choose Review policy.

  5. In Review policy section, enter a name (for example, AWSCodeStarNotificationsFullAccess) and an optional description for this policy. The description helps you remember the purpose of the policy (for example, This policy provides full access to AWS CodeStar Notifications.)

  6. Choose Create policy.

  7. In the navigation bar, choose Groups, and then choose Create group.

  8. In Group name, enter a name (for example, AWSCodeStarNotificationAdmins) and then choose Next Step.

  9. In Attach Policy, attach the AWSCodeStarNotificationsFullAccess policy you just created. Choose Next Step.

  10. In Review, choose Create Group.

  11. Choose the group name from the list. In Users, choose Add Users to Group. Add the IAM users you want to have full administrative access for AWS CodeStar Notifications.