Actions, resources, and condition keys for Amazon CodeGuru Reviewer
Amazon CodeGuru Reviewer (service prefix: codeguru-reviewer) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
API operations defined by Amazon CodeGuru Reviewer
The following table maps API operations to the IAM actions they authorize. Only condition keys that have static values for the given API and action are listed; for the full set of condition keys supported by each action, see the Actions table.
| Operation | IAM action | Condition key | Possible value(s) | Access level |
|---|---|---|---|---|
|
AssociateRepository |
Write |
|||
Tagging, Write |
||||
|
CreateCodeReview |
Write |
|||
|
DescribeCodeReview |
Read |
|||
|
DescribeRecommendationFeedback |
Read |
|||
|
DescribeRepositoryAssociation |
Read |
|||
|
DisassociateRepository |
Write |
|||
|
ListCodeReviews |
List |
|||
|
ListRecommendationFeedback |
List |
|||
|
ListRecommendations |
List |
|||
|
ListRepositoryAssociations |
List |
|||
|
ListTagsForResource |
List |
|||
|
PutRecommendationFeedback |
Write |
|||
|
TagResource |
Tagging, Write |
|||
|
UntagResource |
Tagging, Write |
Actions defined by Amazon CodeGuru Reviewer
You can specify the following actions in the Action element of an IAM
policy statement. Use policies to grant permissions to perform an operation in AWS. When
you use an action in a policy, you usually allow or deny access to the API operation or CLI
command with the same name. However, in some cases, a single action controls access to more
than one operation. Alternatively, some operations require several different actions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to associates a repository with Amazon CodeGuru Reviewer |
Write |
|||
Grants permission to create a code review |
Write |
|||
Grants permission to describe a code review |
Read |
|||
Grants permission to describe a recommendation feedback on a code review |
Read |
|||
Grants permission to describe a repository association |
Read |
|||
Grants permission to disassociate a repository with Amazon CodeGuru Reviewer |
Write |
|||
Grants permission to list summary of code reviews |
List |
|||
Grants permission to list summary of recommendation feedback on a code review |
List |
|||
Grants permission to list summary of recommendations on a code review |
List |
|||
Grants permission to list summary of repository associations |
List |
|||
Grants permission to list the resource attached to a associated repository ARN |
List |
|||
Grants permission to put feedback for a recommendation on a code review |
Write |
|||
Grants permission to attach resource tags to an associated repository ARN |
Tagging, Write |
|||
Grants permission to disassociate resource tags from an associated repository ARN |
Tagging, Write |
Permission-only actions for Amazon CodeGuru Reviewer
The following actions are defined by Amazon CodeGuru Reviewer but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to perform webbased oauth handshake for 3rd party providers |
Read |
|||
Grants permission to view pull request metrics in console |
Read |
|||
Grants permission to list 3rd party providers repositories in console |
Read |
Resource types defined by Amazon CodeGuru Reviewer
The following resource types are defined by this service and can be used in the
Resource element of IAM permission policy statements.
| Resource types | ARN | Condition keys |
|---|---|---|
arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId} |
||
arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId} |
Condition keys for Amazon CodeGuru Reviewer
Amazon CodeGuru Reviewer defines the following condition keys that can be used in the
Condition element of an IAM policy.
| Condition keys | Description | Type |
|---|---|---|
Filters access based on the presence of tag key-value pairs in the request |
String |
|
Filters actions based on tag key-value pairs attached to the resource |
String |
|
Filters access based on the presence of tag keys in the request |
ArrayOfString |