View a markdown version of this page

Actions, resources, and condition keys for Amazon CodeGuru Reviewer - Service Authorization Reference

Actions, resources, and condition keys for Amazon CodeGuru Reviewer

Amazon CodeGuru Reviewer (service prefix: codeguru-reviewer) provides the following service-specific operations, resources, actions, and condition keys for use in IAM permission policies.

References:

API operations defined by Amazon CodeGuru Reviewer

The following table maps API operations to the IAM actions they authorize. Only condition keys that have static values for the given API and action are listed; for the full set of condition keys supported by each action, see the Actions table.

Operation IAM action Condition key Possible value(s) Access level

AssociateRepository

codeguru-reviewer:AssociateRepository

Write

codeguru-reviewer:TagResource

Tagging, Write

CreateCodeReview

codeguru-reviewer:CreateCodeReview

Write

DescribeCodeReview

codeguru-reviewer:DescribeCodeReview

Read

DescribeRecommendationFeedback

codeguru-reviewer:DescribeRecommendationFeedback

Read

DescribeRepositoryAssociation

codeguru-reviewer:DescribeRepositoryAssociation

Read

DisassociateRepository

codeguru-reviewer:DisassociateRepository

Write

ListCodeReviews

codeguru-reviewer:ListCodeReviews

List

ListRecommendationFeedback

codeguru-reviewer:ListRecommendationFeedback

List

ListRecommendations

codeguru-reviewer:ListRecommendations

List

ListRepositoryAssociations

codeguru-reviewer:ListRepositoryAssociations

List

ListTagsForResource

codeguru-reviewer:ListTagsForResource

List

PutRecommendationFeedback

codeguru-reviewer:PutRecommendationFeedback

Write

TagResource

codeguru-reviewer:TagResource

Tagging, Write

UntagResource

codeguru-reviewer:UnTagResource

Tagging, Write

Actions defined by Amazon CodeGuru Reviewer

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

Actions Description Resource types (*required) Condition keys Access level

AssociateRepository

Grants permission to associates a repository with Amazon CodeGuru Reviewer

aws:RequestTag/${TagKey}

aws:TagKeys

Write

CreateCodeReview

Grants permission to create a code review

association*

aws:ResourceTag/${TagKey}

Write

DescribeCodeReview

Grants permission to describe a code review

association*

aws:ResourceTag/${TagKey}

Read

DescribeRecommendationFeedback

Grants permission to describe a recommendation feedback on a code review

association*

aws:ResourceTag/${TagKey}

Read

DescribeRepositoryAssociation

Grants permission to describe a repository association

association*

aws:ResourceTag/${TagKey}

Read

DisassociateRepository

Grants permission to disassociate a repository with Amazon CodeGuru Reviewer

association*

aws:ResourceTag/${TagKey}

Write

ListCodeReviews

Grants permission to list summary of code reviews

List

ListRecommendationFeedback

Grants permission to list summary of recommendation feedback on a code review

association*

aws:ResourceTag/${TagKey}

List

ListRecommendations

Grants permission to list summary of recommendations on a code review

association*

aws:ResourceTag/${TagKey}

List

ListRepositoryAssociations

Grants permission to list summary of repository associations

List

ListTagsForResource

Grants permission to list the resource attached to a associated repository ARN

association*

aws:ResourceTag/${TagKey}

List

PutRecommendationFeedback

Grants permission to put feedback for a recommendation on a code review

association*

aws:ResourceTag/${TagKey}

Write

TagResource

Grants permission to attach resource tags to an associated repository ARN

association*

aws:RequestTag/${TagKey}

aws:ResourceTag/${TagKey}

aws:TagKeys

Tagging, Write

UnTagResource

Grants permission to disassociate resource tags from an associated repository ARN

association*

aws:ResourceTag/${TagKey}

aws:TagKeys

Tagging, Write

Permission-only actions for Amazon CodeGuru Reviewer

The following actions are defined by Amazon CodeGuru Reviewer but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.

Actions Description Resource types (*required) Condition keys Access level

CreateConnectionToken

Grants permission to perform webbased oauth handshake for 3rd party providers

Read

GetMetricsData

Grants permission to view pull request metrics in console

Read

ListThirdPartyRepositories

Grants permission to list 3rd party providers repositories in console

Read

Resource types defined by Amazon CodeGuru Reviewer

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements.

Resource types ARN Condition keys

association

arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}

aws:ResourceTag/${TagKey}

codereview

arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}

Condition keys for Amazon CodeGuru Reviewer

Amazon CodeGuru Reviewer defines the following condition keys that can be used in the Condition element of an IAM policy.

Condition keys Description Type

aws:RequestTag/${TagKey}

Filters access based on the presence of tag key-value pairs in the request

String

aws:ResourceTag/${TagKey}

Filters actions based on tag key-value pairs attached to the resource

String

aws:TagKeys

Filters access based on the presence of tag keys in the request

ArrayOfString