Starting November 7, 2025, you will not be able to create new repository associations in Amazon CodeGuru Reviewer. If you would like to use the service, create repository associations prior to November 7, 2025. To learn about services with capabilities similar to CodeGuru Reviewer, see Amazon CodeGuru Reviewer availability change.
Amazon CodeGuru Reviewer permissions reference
You can use AWS condition keys in your CodeGuru Reviewer policies to express conditions. For a list, see IAM JSON policy elements reference in the IAM User Guide.
You specify the actions in the policy's Action field. To specify an
action, use the codeguru-reviewer: prefix followed by the API operation name (for
example, codeguru-reviewer:AssociateRepository and
codeguru-reviewer:DisassociateRepository). To specify multiple actions in a
single statement, separate them with commas (for example, "Action": [
"codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository" ]).
Using wildcard characters
You specify an Amazon Resource Name (ARN), with or without a wildcard character (*),
as the resource value in the policy's Resource field. You can use a
wildcard to specify multiple actions or resources. For example,
codeguru-reviewer:* specifies all CodeGuru Reviewer actions and
codeguru-reviewer:List* specifies all CodeGuru Reviewer actions that begin with the word
List. The following example refers to all repository associations with
a universally unique identifier (UUID) that begins with PullRequest-GITHUB.
arn:aws:codeguru-reviewer:us-east-2:123456789012:association:PullRequest-GITHUB*
You can use the following table as a reference when you are setting up Authenticating with identities and writing permissions policies that you can attach to an IAM identity (identity-based policies).
| CodeGuru Reviewer API operations | Required permissions (API actions) | Resources |
|---|---|---|
AssociateRepository |
Required to associate a repository with CodeGuru Reviewer. |
|
CreateCodeReview |
Required to create a code review to analyze all code under a specified branch in an associated repository. |
|
DescribeCodeReview |
Required to view information about a code review, including its status. |
|
DescribeRecommendationFeedback |
Required to view customer feedback about a recommendation. |
|
DescribeRepositoryAssociation |
Required to view information about a repository association and its status details. |
|
DisassociateRepository |
Required to remove the association between CodeGuru Reviewer and a repository. |
|
ListCodeReviews |
Required to view the names of all code reviews in the current AWS account that were created in the past 90 days. |
|
ListRecommendationFeedback |
Required to list all users' customer feedback for a code review recommendation. |
|
ListRecommendations |
Required to view a list of all the recommendations for one completed code review. |
|
ListRepositoryAssociations |
Required to list summary information about repository associations. |
|
ListTagsForResource |
Required to list tags associated with an associated repository ARN. |
|
PutRecommendationFeedback |
Required to store feedback for a code review recommendation. |
|
TagResource |
Required for adding one or more tags to an associated repository. |
|
UnTagResource |
Required for removing a tag from an associated repository. |
|
