You can use AWS condition keys in your CodeGuru Reviewer policies to express conditions. For a list, see IAM JSON policy elements reference in the IAM User Guide.
You specify the actions in the policy's Action field. To specify an
action, use the codeguru-reviewer: prefix followed by the API operation name (for
example, codeguru-reviewer:AssociateRepository and
codeguru-reviewer:DisassociateRepository). To specify multiple actions in a
single statement, separate them with commas (for example, "Action": [
"codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository" ]).
Using wildcard characters
You specify an Amazon Resource Name (ARN), with or without a wildcard character (*),
as the resource value in the policy's Resource field. You can use a
wildcard to specify multiple actions or resources. For example,
codeguru-reviewer:* specifies all CodeGuru Reviewer actions and
codeguru-reviewer:List* specifies all CodeGuru Reviewer actions that begin with the word
List. The following example refers to all repository associations with
a universally unique identifier (UUID) that begins with PullRequest-GITHUB.
arn:aws:codeguru-reviewer:us-east-2:123456789012:association:PullRequest-GITHUB*You can use the following table as a reference when you are setting up Authenticating with identities and writing permissions policies that you can attach to an IAM identity (identity-based policies).
| CodeGuru Reviewer API operations | Required permissions (API actions) | Resources |
|---|---|---|
AssociateRepository |
Required to associate a repository with CodeGuru Reviewer. |
|
CreateCodeReview |
Required to create a code review to analyze all code under a specified branch in an associated repository. |
|
DescribeCodeReview |
Required to view information about a code review, including its status. |
|
DescribeRecommendationFeedback |
Required to view customer feedback about a recommendation. |
|
DescribeRepositoryAssociation |
Required to view information about a repository association and its status details. |
|
DisassociateRepository |
Required to remove the association between CodeGuru Reviewer and a repository. |
|
ListCodeReviews |
Required to view the names of all code reviews in the current AWS account that were created in the past 90 days. |
|
ListRecommendationFeedback |
Required to list all users' customer feedback for a code review recommendation. |
|
ListRecommendations |
Required to view a list of all the recommendations for one completed code review. |
|
ListRepositoryAssociations |
Required to list summary information about repository associations. |
|
ListTagsForResource |
Required to list tags associated with an associated repository ARN. |
|
PutRecommendationFeedback |
Required to store feedback for a code review recommendation. |
|
TagResource |
Required for adding one or more tags to an associated repository. |
|
UnTagResource |
Required for removing a tag from an associated repository. |
|
