Authenticating with CodeWhisperer and AWS Toolkit
To use CodeWhisperer with the AWS Toolkit for Visual Studio Code, you must establish an authenticated connection to AWS (but you don't need an AWS account). This page describes each method of authenticating with the AWS Toolkit, and how each one relates to CodeWhisperer.
AWS IAM Identity Center (successor to AWS Single Sign-On)
IAM Identity Center expands the capabilities of IAM to provide a central place that brings together administration of users and their access to AWS accounts and cloud applications. Users in IAM Identity Center are managed by a corporate IT or cloud administrator, or by the administrator of the organizationโs identity provider, such as Okta, Ping, or Azure.
When using CodeWhisperer, you should authenticate with IAM Identity Center if you are an enterprise developer. That is, you are working with CodeWhisperer as an employee of an organization that has an AWS account. Before you can authenticate using IAM Identity Center, your administrator must add you as a user.
Learn more about IAM Identity Center
Learn about setting up CodeWhisperer for enterprise developers
Builder ID
AWS Builder ID is a personal profile for builders. It represents you as a person, outside the scope of your company or school. You can sign up for AWS Builder ID with your name and email.
When using CodeWhisperer, you should authenticate with Builder ID if you are an individual developer. That is, you are working on a personal project, or if your organization does not authenticate to AWS using IAM Identity Center.
Learn about setting up CodeWhisperer for individual developers
AWS Identity and Access Management
AWS Identity and Access Management is a web service that helps you securely control access to AWS resources. Using IAM, you manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when a principal uses an IAM entity (user or role) to make a request. CodeWhisperer, when used with AWS Toolkit, does not support authentication with IAM. However, IAM credentials are required to use CodeWhisperer with Lambda or AWS Cloud9.
Switching between authentication methods
Although CodeWhisperer does not support authentication with IAM, you may use IAM to access other AWS services from inside the same IDE. However, in such cases, your access to CodeWhisperer will still be managed through either IAM Identity Center or Builder ID.
For example, suppose that you are using CodeWhisperer in AWS Toolkit for Visual Studio Code, and you are authenticated with Builder ID. Then you decide to switch tasks, but without leaving JetBrains. Now you want to invoke a Lambda function in your AWS account. However, access to Lambda requires IAM credentials. Therefore, you must switch profiles within JetBrains, from your Builder ID profile to another profile that authenticates using your IAM credentials.
In such cases, the IDE presents an alert, reminding you that you are switching to a service with a different method of authentication. You will also have the option to stay connected to CodeWhisperer (using Builder ID or IAM Identity Center) while simultaneously using another service that you are connected to using IAM.
