Permissions required to use the CodePipeline console - Amazon CodePipeline
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Permissions required to use the CodePipeline console

To use CodePipeline in the CodePipeline console, you must have a minimum set of permissions from the following services:

  • Amazon Identity and Access Management

  • Amazon Simple Storage Service

These permissions allow you to describe other Amazon resources for your Amazon account.

Depending on the other services you incorporate into your pipelines, you might need permissions from one or more of the following:

  • Amazon CodeCommit

  • CodeBuild

  • Amazon CloudFormation

  • Amazon CodeDeploy

  • Amazon Elastic Beanstalk

  • Amazon Lambda

  • Amazon OpsWorks

If you create an IAM policy that is more restrictive than the minimum required permissions, the console won't function as intended for users with that IAM policy. To ensure that those users can still use the CodePipeline console, also attach the AWSCodePipeline_ReadOnlyAccess managed policy to the user, as described in Amazon managed policies for Amazon CodePipeline.

You don't need to allow minimum console permissions for users who are making calls to the Amazon CLI or the CodePipeline API.