@shinyaz

DevOps Agent IAM action prefix is aidevops, not devops-agent

1 min read
#aws#devops-agent#iam

Tried writing an IAM policy with devops-agent:* and got permission errors.

The correct prefix is aidevops. The boto3 client name is devops-agent, but IAM actions are aidevops:GetAgentSpace and so on.

Python
client = boto3.client("devops-agent")  # client name
# IAM actions are aidevops:ListBacklogTasks
IAM Policy
{
  "Effect": "Allow",
  "Action": "aidevops:*",
  "Resource": "*"
}

Also, as of AWS CLI v2.34.16, there is no aws devops-agent subcommand — it was added in v2.34.20. Update to the latest version to use the CLI. The IAM permissions page lists all available actions.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more