AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2025-03-30 · Documentation low

File: codepipeline/latest/userguide/action-reference-CodestarConnectionSource.md

Summary

Added 'Service role permissions: CodeConnections action' section with required IAM policy for CodeConnections

Security assessment

Provides security documentation about required permissions for third-party connections without addressing a specific security issue

Diff

diff --git a/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.md b/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.md
index b71aa8d4d..7d096cafc 100644
--- a/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.md
+++ b/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.md
@@ -5 +5 @@
-Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesAction declarationInstalling the installation app and creating a connectionSee also
+Action typeConfiguration parameters Input artifactsOutput artifactsOutput variablesService role permissions: CodeConnections actionAction declarationInstalling the installation app and creating a connectionSee also
@@ -99,0 +100,2 @@ Even if the Region is not enabled, third-party providers can still share your da
+  * Service role permissions: CodeConnections action
+
@@ -241,0 +244,15 @@ The name of the repository where the commit that triggered the pipeline was made
+## Service role permissions: CodeConnections action
+
+For CodeConnections, the following permission is required to create pipelines with a source that uses a connection, such as Bitbucket Cloud.
+    
+    
+    {
+        "Effect": "Allow",
+        "Action": [
+            "codeconnections:UseConnection"
+        ],
+        "Resource": "resource_ARN"
+    },
+
+For more information about the IAM permissions for connections, see [Connections permissions reference](https://docs.aws.amazon.com/dtconsole/latest/userguide/security-iam.html#permissions-reference-connections).
+