

Amazon CodeCatalyst is no longer open to new customers. Existing customers can continue to use the service as normal. For more information, see [How to migrate from CodeCatalyst](migration.md).

# Adding the account connection and IAM roles to your deploy environment
<a name="ipa-connect-account-addroles-env"></a>

To access AWS resources, such as Amazon ECS or AWS Lambda resources for deployments, CodeCatalyst build and deploy actions require IAM roles with permissions to access those resources. With the **Space administrator** or **Power user** role, you can connect your CodeCatalyst account to the AWS account where your resources are created. You then add the IAM role to your account connection. For deploy actions, you must then add the IAM role to a CodeCatalyst environment.

You must add the IAM roles that you want to use with deployment environments in your projects. Adding the roles to the account connection does not add the roles and the connection to the project deploy environments. To add your account connection and IAM roles to your deploy environment, make sure that the account connection and roles are created as detailed in [Step 4: Add IAM roles to your connection](ipa-connect-account-create.md#ipa-connect-account-linkedroles). 

Then, use the **Environments** page in the CodeCatalyst console to add your account connection and IAM role to a deploy environment in a project.

**Note**  
You only add an IAM role to an environment if the IAM role is used for a CodeCatalyst action that requires an IAM role. All workﬂow actions that require IAM roles, including build actions, must use a CodeCatalyst environment.

To add your account connection and IAM roles to your deploy environment

1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).

1. Navigate to the project with the deployment environment where you want to add the account connection and IAM roles.

1. Expand **CI/CD**, and then choose **Environments**.

1. Choose your environment, and then the additional tabs display.

1. Choose the **AWS account connections** tab. Under **Connection name**, the accounts that have been added to the environment, if any, are listed.

1. Choose **Associate AWS account**. The **Associate AWS account with <environment\_name>** page displays.

1. Under **Connection**, choose the name of the account connection with the IAM roles that you want to add. Choose **Associate**.