AWS CodePipeline (IAM)

aws devops

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines.

Common permissions

codepipeline:ListPipelinescodepipeline:GetPipelinecodepipeline:GetPipelineStatecodepipeline:StartPipelineExecutioncodepipeline:StopPipelineExecutioncodepipeline:GetPipelineExecutioncodepipeline:ListActionExecutionscodepipeline:ListPipelineExecutions

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codepipeline:ListPipelines",
        "codepipeline:GetPipeline",
        "codepipeline:GetPipelineState",
        "codepipeline:StartPipelineExecution",
        "codepipeline:StopPipelineExecution",
        "codepipeline:GetPipelineExecution",
        "codepipeline:ListActionExecutions",
        "codepipeline:ListPipelineExecutions"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid codepipeline:* — grants full control including pipeline deletion and configuration changes
Avoid codepipeline:DeletePipeline and codepipeline:UpdatePipeline — can break continuous delivery workflows

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/codepipeline/codepipeline.json ↗

API

full doc /v1/iam/codepipeline