AWS CodeDeploy (IAM)

aws devops

AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and on-premises servers.

Common permissions

codedeploy:ListApplicationscodedeploy:GetApplicationcodedeploy:CreateDeploymentcodedeploy:GetDeploymentcodedeploy:ListDeploymentscodedeploy:GetDeploymentGroupcodedeploy:ListDeploymentGroupscodedeploy:StopDeployment

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codedeploy:ListApplications",
        "codedeploy:GetApplication",
        "codedeploy:CreateDeployment",
        "codedeploy:GetDeployment",
        "codedeploy:ListDeployments",
        "codedeploy:GetDeploymentGroup",
        "codedeploy:ListDeploymentGroups",
        "codedeploy:StopDeployment"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid codedeploy:* — grants full control including delete and modify of applications and deployment groups
Avoid codedeploy:DeleteApplication and codedeploy:DeleteDeploymentGroup unless explicitly needed for cleanup

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/codedeploy/codedeploy.json ↗

API

full doc /v1/iam/codedeploy