Actions, resources, and condition keys for Amazon CodeCatalyst
Amazon CodeCatalyst (service prefix: codecatalyst) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
Actions defined by Amazon CodeCatalyst
Amazon CodeCatalyst has no API operations that can be used in the
Actions element of an IAM policy statement.
Permission-only actions for Amazon CodeCatalyst
The following actions are defined by Amazon CodeCatalyst but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to accept a request to connect this account to an Amazon CodeCatalyst space |
Write |
|||
Grants permission to associate an IAM role to a connection |
Write |
|||
Grants permission to associate an IAM Identity Center application with an Amazon CodeCatalyst space |
Write |
|||
Grants permission to associate an identity with an IAM Identity Center application for an Amazon CodeCatalyst space |
Write |
|||
Grants permission to associate multiple identities with an IAM Identity Center application for an Amazon CodeCatalyst space |
Write |
|||
Grants permission to disassociate multiple identities from an IAM Identity Center application for an Amazon CodeCatalyst space |
Write |
|||
Grants permission to create an IAM Identity Center application |
Write |
|||
Grants permission to create an Amazon CodeCatalyst space |
Write |
|||
Grants permission to create an administrator role assignment for a given Amazon CodeCatalyst space and IAM Identity Center application |
Write |
|||
Grants permission to delete a connection |
Write |
|||
Grants permission to delete an IAM Identity Center application |
Write |
|||
Grants permission to disassociate an IAM role from a connection |
Write |
|||
Grants permission to disassociate an IAM Identity Center application from an Amazon CodeCatalyst space |
Write |
|||
Grants permission to disassociate an identity from an IAM Identity Center application for an Amazon CodeCatalyst space |
Write |
|||
Grants permission to describe the billing authorization for a connection |
Read |
|||
Grants permission to get a connection |
Read |
|||
Grants permission to get information about an IAM Identity Center application |
Read |
|||
Grants permission to get a pending request to connect this account to an Amazon CodeCatalyst space |
Read |
|||
Grants permission to list connections that are not pending |
List |
|||
Grants permission to list IAM roles associated with a connection |
List |
|||
Grants permission to view a list of all IAM Identity Center applications in the account |
List |
|||
Grants permission to view a list of IAM Identity Center applications by Amazon CodeCatalyst space |
List |
|||
Grants permission to view a list of Amazon CodeCatalyst spaces by IAM Identity Center application |
List |
|||
Grants permission to list tags for an Amazon CodeCatalyst resource |
Read |
|||
Grants permission to create or update the billing authorization for a connection |
Write |
|||
Grants permission to reject a request to connect this account to an Amazon CodeCatalyst space |
Write |
|||
Grants permission to synchronize an IAM Identity Center application with the backing identity store |
Write |
|||
Grants permission to tag an Amazon CodeCatalyst resource |
Tagging, Write |
|||
Grants permission to untag an Amazon CodeCatalyst resource |
Tagging, Write |
|||
Grants permission to update an IAM Identity Center application |
Write |
Resource types defined by Amazon CodeCatalyst
The following resource types are defined by this service and can be used in the
Resource element of IAM permission policy statements.
| Resource types | ARN | Condition keys |
|---|---|---|
arn:${Partition}:codecatalyst:${Region}:${Account}:/connections/${ConnectionId} |
||
arn:${Partition}:codecatalyst:${Region}:${Account}:/identity-center-applications/${IdentityCenterApplicationId} |
||
arn:${Partition}:codecatalyst:::space/${SpaceId}/project/${ProjectId} |
||
arn:${Partition}:codecatalyst:::space/${SpaceId} |
Condition keys for Amazon CodeCatalyst
Amazon CodeCatalyst defines the following condition keys that can be used in the
Condition element of an IAM policy.
| Condition keys | Description | Type |
|---|---|---|
Filters access by a tag's key and value in a request |
String |
|
Filters access by the presence of tag key-value pairs in the request |
String |
|
Filters access by the tag keys in a request |
ArrayOfString |