Aws Toolkit For Jetbrains: User Guide

AWS Toolkit for JetBrains
User Guide
AWS Toolkit for JetBrains User Guide
AWS Toolkit for JetBrains: User Guide

Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
Table of Contents
What is the AWS Toolkit for JetBrains? ................................................................................................. 1
What the AWS Toolkit for JetBrains includes ................................................................................. 1
How to get started .................................................................................................................... 1
What you can do with the AWS Toolkit for JetBrains ...................................................................... 2
Related information ................................................................................................................... 2
Related videos ................................................................................................................... 2
Related webpages .............................................................................................................. 2
Questions and help ............................................................................................................ 2
Report a bug with the AWS Toolkit or make a feature request ................................................. 3
Contribute to the AWS Toolkit ............................................................................................. 3
Key tasks .......................................................................................................................................... 4
Install the AWS Toolkit for JetBrains ............................................................................................ 4
........................................................................................................................................ 4
Update the AWS Toolkit for JetBrains ........................................................................................... 6
Configure the AWS Toolkit for JetBrains to Use an HTTP Proxy ........................................................ 7
Work with connections from the AWS Toolkit for JetBrains to AWS accounts ...................................... 8
Connect to an AWS Account for the first time ........................................................................ 8
Add multiple connections .................................................................................................. 11
Switch between connections .............................................................................................. 13
Change connection settings ............................................................................................... 14
Delete a connection .......................................................................................................... 15
Get the current connection ........................................................................................................ 15
Get the current AWS Region ...................................................................................................... 16
Switch between AWS Regions .................................................................................................... 17
Open AWS Explorer within the AWS Toolkit for JetBrains .............................................................. 18
Work with AWS Serverless Applications ....................................................................................... 19
Create a serverless application ........................................................................................... 19
Deploy a serverless application .......................................................................................... 23
Update the settings for a serverless application ................................................................... 24
Delete a serverless application ........................................................................................... 25
Work with AWS Lambda Functions ............................................................................................. 26
Create a function ............................................................................................................. 27
Run (invoke) or debug the local version of a function ............................................................ 28
Run (invoke) the remote version of a function ...................................................................... 29
Update the configuration for a function .............................................................................. 30
Delete a function ............................................................................................................. 32
Work with AWS CloudFormation stacks ....................................................................................... 32
Create a stack .................................................................................................................. 33
Change stack settings ....................................................................................................... 33
View event logs for a stack ............................................................................................... 33
Deleting a stack ............................................................................................................... 34
Work with Amazon CloudWatch Logs .......................................................................................... 35
Work with Amazon ECS clusters ................................................................................................. 35
Debug code in a cluster .................................................................................................... 36
Working with Amazon EventBridge schemas ................................................................................ 37
Work with Amazon S3 buckets and objects .................................................................................. 37
Work with Amazon RDS ............................................................................................................ 37
Work with Amazon Redshift ...................................................................................................... 37
Setting up ....................................................................................................................................... 39
Installing the AWS Toolkit ......................................................................................................... 39
........................................................................................................................................ 4
Installing AWS Toolkit for JetBrains Early Access Program (EAP) builds .................................... 41
Updating the AWS Toolkit ......................................................................................................... 41
Setting AWS credentials ............................................................................................................ 42
iii
Accessing credentials files .................................................................................................. 43

Getting the current connection .......................................................................................... 46
Adding multiple connections ............................................................................................. 47
Switching between connections ......................................................................................... 49
Changing connection settings ............................................................................................ 49
Deleting a connection ....................................................................................................... 50
Setting an AWS Region ............................................................................................................. 51
Getting the current AWS Region ........................................................................................ 51
Switching AWS Regions ..................................................................................................... 52
HTTP proxy setup ..................................................................................................................... 53
Working with AWS services ................................................................................................................ 54
AWS CloudFormation ................................................................................................................ 54
Viewing event logs for a stack ........................................................................................... 54
Deleting a stack ............................................................................................................... 55
Amazon CloudWatch Logs ......................................................................................................... 56
Viewing CloudWatch log groups and log streams ................................................................. 57
Working with CloudWatch log events .................................................................................. 58
Working with CloudWatch Logs Insights .............................................................................. 60
Amazon ECS ............................................................................................................................ 62
Debugging code in a cluster .............................................................................................. 62
Amazon EventBridge ................................................................................................................. 68
Working with Amazon EventBridge schemas ........................................................................ 68
AWS Lambda ........................................................................................................................... 70
Creating a function ........................................................................................................... 71
Running (invoking) or debugging a local function ................................................................. 72
Running (invoking) a remote function ................................................................................. 73
Changing (updating) function settings ................................................................................ 74
Deleting a function ........................................................................................................... 76
Amazon RDS ............................................................................................................................ 76
Prerequisites for accessing Amazon RDS databases ............................................................... 77
Connecting to an Amazon RDS database ............................................................................. 78
Amazon Redshift ...................................................................................................................... 82
Prerequisites for accessing Amazon Redshift clusters ............................................................ 82
Connecting to an Amazon Redshift cluster .......................................................................... 83
Amazon S3 .............................................................................................................................. 86
Working with Amazon S3 buckets ...................................................................................... 87
Working with Amazon S3 objects ....................................................................................... 88
AWS Serverless ........................................................................................................................ 89
Creating an application ..................................................................................................... 90
Deploying an application ................................................................................................... 94
Changing (updating) application settings ............................................................................. 95
Deleting an application ..................................................................................................... 96
Amazon SQS ............................................................................................................................ 97
Working with Lambda ....................................................................................................... 99
Working with Amazon SNS ................................................................................................ 99
User interface reference .................................................................................................................. 100
AWS Explorer ......................................................................................................................... 100
Create Function dialog box ...................................................................................................... 102
Deploy Serverless Application dialog box ................................................................................... 103
New Project dialog box ........................................................................................................... 105
New Project dialog box (IntelliJ IDEA, PyCharm, and WebStorm) ........................................... 105
New Project dialog box (JetBrains Rider) ........................................................................... 107
Run/Debug Configurations dialog box ....................................................................................... 108
Run/Debug Configurations (local) ..................................................................................... 108
Run/Debug Configurations (remote) .................................................................................. 114
Edit configuration (Amazon ECS cluster) ............................................................................ 116
Update Code dialog box .......................................................................................................... 120
iv
Update Configuration dialog box .............................................................................................. 121

Security ......................................................................................................................................... 124
Data protection ...................................................................................................................... 124
Identity and Access Management .............................................................................................. 125
Compliance Validation ............................................................................................................. 125
Resilience .............................................................................................................................. 126
Infrastructure Security ............................................................................................................. 126
Document history ........................................................................................................................... 127
v
What the AWS Toolkit for JetBrains includes
What is the AWS Toolkit for

JetBrains?
To start using the AWS Toolkit for JetBrains right away, skip ahead to the installation (p. 4) and
first-time connection (p. 8) instructions.
The AWS Toolkit for JetBrains is an open source plugin for the integrated development environments
(IDEs) from JetBrains. The toolkit makes it easier for developers to develop, debug, and deploy serverless
applications that use Amazon Web Services (AWS).
Topics
• What the AWS Toolkit for JetBrains includes (p. 1)
• How to get started (p. 1)
• What you can do with the AWS Toolkit for JetBrains (p. 2)
• Related information (p. 2)
What the AWS Toolkit for JetBrains includes

The AWS Toolkit for JetBrains includes the following specific toolkits:
• AWS Toolkit for CLion (for C & C++ development)

• AWS Toolkit for GoLand (for Go development)
• AWS Toolkit for IntelliJ (for Java development)
• AWS Toolkit for WebStorm (for Node.js development)
• AWS Toolkit for Rider (for .NET development)
• AWS Toolkit for PhpStorm (for PHP development)
• AWS Toolkit for PyCharm (for Python development)
• AWS Toolkit for RubyMine (for Ruby development)
• AWS Toolkit for DataGrip (for database management)
Note
When there are meaningful differences in functionality between the AWS Toolkits for the
supported JetBrains IDEs, we note them in this guide.
You can also use the AWS Toolkit for JetBrains to work with AWS Lambda functions, AWS
CloudFormation stacks, and Amazon Elastic Container Service (Amazon ECS) clusters. The AWS Toolkit
for JetBrains includes features such as AWS credentials management and AWS Region management,
which simplify writing applications for AWS.
How to get started

To start using the AWS Toolkit for JetBrains, follow the installation (p. 4) and first-time
connection (p. 8) instructions.
1
What you can do with the AWS Toolkit for JetBrains
After you install the AWS Toolkit and connect it to an AWS account, you can use it to work with
AWS serverless applications (p. 19), AWS Lambda functions (p. 26), AWS CloudFormation
stacks (p. 32), and Amazon ECS clusters (p. 35) in that account.
For brief instructions about how to use other available AWS Toolkit features, see the key tasks (p. 4).
What you can do with the AWS Toolkit for

JetBrains
You can use the AWS Toolkit for JetBrains to do the following:
• Create (p. 19), deploy (p. 23), change (p. 24), and delete (p. 25) AWS serverless applications
in an AWS account.
• Create (p. 27), run (invoke) and debug locally (p. 28), run (invoke) remotely (p. 29),
change (p. 30), and delete (p. 32) AWS Lambda functions in an AWS account.
• View event logs (p. 33) for and delete (p. 34) AWS CloudFormation stacks in an AWS account.
• Debug code in Amazon ECS (p. 36) clusters in an AWS account. (Debugging code in Amazon ECS
clusters is currently in beta.)
• Work with Amazon EventBridge (p. 37) schemas in an AWS account.
• Switch AWS credentials to connect with a different set of access permissions within the same AWS
account or another one (p. 13).
• Switch to working with AWS resources in a different AWS Region for the connected AWS
account (p. 17).
• Use an HTTP proxy (p. 7) and update it (p. 6) as needed.
Related information
Related videos
• Announcement | Introducing the AWS Toolkit for IntelliJ IDEA (16 minutes, April 2019, YouTube
website)
• Getting Started with the AWS Toolkit for JetBrains (covers the AWS Toolkit for PyCharm only, 2
minutes, November 2018, YouTube website)
• Building Serverless Applications with the AWS Toolkit for JetBrains (covers the AWS Toolkit for
PyCharm only, 6 minutes, November 2018, YouTube website)
Related webpages
• The AWS Toolkit for IntelliJ is Now Generally Available (March 2019, blog post, AWS website)
• AWS Toolkit for IntelliJ – Now generally available (March 2019, blog post, AWS website)
• New – AWS Toolkits for PyCharm, IntelliJ (Preview) (November 2018, blog post, AWS website)
• Introducing the AWS Toolkit for PyCharm (November 2018, blog post, AWS website)
• AWS Toolkit for IntelliJ (part of the AWS Toolkit for JetBrains, AWS website)
• AWS Toolkit for PyCharm (part of the AWS Toolkit for JetBrains, AWS website)
• AWS Toolkit (JetBrains website)
• Develop on AWS with JetBrains Tools (JetBrains website)
2
Questions and help
• All Developer Tools and Products by JetBrains (JetBrains website)
Questions and help

To ask questions or seek help from the AWS developer community, see the following AWS Discussion
Forums:
• C & C++ Development

• Go Development
• Java Development
• JavaScript Development
• .NET Development
• PHP Development
• Python Development
• Ruby Development
(When you enter these forums, AWS might require you to sign in.)
You can also contact us directly.
Report a bug with the AWS Toolkit or make a feature

request
To report a bug with the AWS Toolkit for JetBrains or to make a feature request, go to the Issues tab in
the aws/aws-toolkit-jetbrains repository on the GitHub website. Choose New issue, and then follow the
on-screen instructions to finish making your bug report or feature request. (When you enter this website,
GitHub might require you to sign in.)
Contribute to the AWS Toolkit

We greatly value your contributions to the AWS Toolkit. To begin contributing, read the Contributing
Guidelines in the aws/aws-toolkit-jetbrains repository on the GitHub website. (When you enter this
website, GitHub might require you to sign in.)
3
Install the AWS Toolkit for JetBrains
Key tasks for the AWS Toolkit for

JetBrains
Use the following brief instructions to complete key tasks with the AWS Toolkit for JetBrains.
• Install the AWS Toolkit for JetBrains (p. 4)

• Update the AWS Toolkit for JetBrains (p. 6)
• Configure the AWS Toolkit for JetBrains to use an HTTP proxy (p. 7)
• Work with connections from the AWS Toolkit for JetBrains to AWS accounts (p. 8)
• Get the current AWS Region that the AWS Toolkit for JetBrains is using (p. 16)
• Switch between AWS Regions (p. 17)
• Open AWS Explorer within the AWS Toolkit for JetBrains (p. 18)
• Work with AWS services
• Work with AWS serverless applications (p. 19)
• Work with AWS Lambda functions (p. 26)
• Work with AWS CloudFormation stacks (p. 32)
• Work with Amazon CloudWatch Logs (p. 35)
• Work with Amazon ECS clusters in an account (p. 35)
• Work with Amazon EventBridge schemas (p. 37)
• Work with Amazon S3 buckets and objects (p. 37)
• Work with Amazon RDS databases (p. 37)
• Work with Amazon Redshift clusters and databases (p. 37)

Setting up your AWS account to use AWS Toolkit for JetBrains
1. Create an AWS account, if you don't have an account already.
2. Create an administrator user and group in AWS Identity and Access Management (IAM) in the
account, if you haven't done that already.
Note
We recommend that you create or use a special type of user and group in the account for
the AWS Toolkit for JetBrains to use, which we call an administrator IAM user and group.
Although you can create a regular IAM user and group in the account for the toolkit to use,
this approach might not allow the toolkit to have full access to all of the AWS resources and
AWS serverless applications in that account. We support, but strongly discourage, using an
AWS account root user with the AWS Toolkit for JetBrains.
3. Create an access key for the user, if you don't have an access key for that user already.
Note
An access key contains both an access key ID value and a secret access key value. The AWS
Toolkit for JetBrains needs to use both of these values later. Be sure to store them in a
4
secure location. If you lose them, they're gone forever and can't be retrieved. However, you
can always delete a lost access key, and then create a replacement access key. If you ever
do this, you also need to change your toolkit connection settings (p. 14). We support,
but strongly discourage, creating an access key for an AWS account root user for the AWS
Toolkit for JetBrains to use.
Installing and configuring AWS Toolkit for JetBrains

1. Ensure that a JetBrains IDE supported by AWS Toolkits is installed and running.
2. Open Settings / Preferences.
3. Choose Plugins.
4. On the Marketplace tab, in Search plugins in marketplace, begin entering AWS Toolkit. When AWS
Toolkit by Amazon Web Services is displayed, choose it.
5. Choose Install.
5
Update the AWS Toolkit for JetBrains
Note
To use the AWS Toolkit for JetBrains to work with its available features for AWS
CloudFormation, AWS Lambda, AWS Serverless, and Amazon ECS, you must install version
1.8 or later of the AWS Toolkit.
6. When the Third-party Plugins Privacy Note is displayed, choose Accept.
7. Choose Restart IDE, and when prompted, choose Restart.
8. Before you can use the AWS Toolkit for JetBrains to develop, test, analyze, and deploy AWS
serverless applications or Lambda functions, be sure you have the following tools installed. Install
the tools in this order:
1. AWS Command Line Interface (AWS CLI)

2. Docker (Docker must always be running whenever you develop, test, analyze, or deploy serverless
applications or functions)
3. AWS Serverless Application Model Command Line Interface (AWS SAM CLI)
9. Before you can use the AWS Toolkit for JetBrains to debug code in Amazon ECS clusters, you must
complete additional steps. For instructions, see the prerequisites (p. 62).
10. After you install the AWS Toolkit for JetBrains (and, if you're working with AWS serverless
applications, Lambda functions, or Amazon ECS clusters, you've installed the preceding additional
required tools, in order), connect to an AWS account for the first time (p. 8).
Top (p. 4)
Update the AWS Toolkit for JetBrains

After you install the AWS Toolkit for JetBrains (p. 4), you can check for updates to the toolkit at any
time and install them.
To do this, with IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider already running, do the following:
6
Configure the AWS Toolkit for
JetBrains to Use an HTTP Proxy

2. Choose Updates. (If no updates are displayed, you might need to choose Check new updates.)
3. Follow any on-screen instructions to finish updating the AWS Toolkit for JetBrains.
4. Restart the JetBrains IDE.
Configure the AWS Toolkit for JetBrains to Use an

HTTP Proxy
After you install the AWS Toolkit for JetBrains (p. 4), you can configure it to use an HTTP proxy.
With IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider already running, do one of the following:
• CLion – See Configure HTTP proxy on the CLion help website.

• GoLand – See HTTP Proxy on the GoLand help website.
• IntelliJ IDEA – See HTTP Proxy on the IntelliJ IDEA help website.
• WebStorm – See HTTP Proxy on the WebStorm help website.
• JetBrains Rider – See Configure HTTP Proxy on the JetBrains Rider help website.
• PhpStorm – See HTTP Proxy on the PhpStorm help website.
• PyCharm – See HTTP Proxy on the PyCharm help website.
• RubyMine – See HTTP Proxy on the RubyMine help website.
After you complete the preceding instructions, the toolkit begins using those HTTP proxy settings.
Top (p. 4)
7
Work with connections from the AWS
Toolkit for JetBrains to AWS accounts
Work with connections from the AWS Toolkit for

JetBrains to AWS accounts
After you install the AWS Toolkit for JetBrains (p. 4), use the toolkit to do the following with AWS
accounts:
• Connect to an AWS account for the first time (p. 8)

• Get the current connection (p. 15)
• Add multiple connections (p. 11)
• Switch between connections (p. 13)
• Change connection settings (p. 14)
• Delete a connection (p. 15)
Top (p. 4)
Connect to an AWS Account for the first time

We assume that you already installed the AWS Toolkit for JetBrains (p. 4).Depending on your
connection option, you must have completed the following prerequisites:
• AWS security credentials – Created an access key (which contains both an access key ID value and a
secret access key value) for a user in IAM (which we recommend), or an AWS account root user (which
we strongly discourage). If you don't have an access key for a user in IAM, create one.
• AWS SSO – Configured single sign-on by enabling AWS SSO, managing your identity source, and
assigning SSO access to AWS accounts. For more information on this process, see the Getting started
chapter of the AWS Single Sign-On User Guide.
Note
We recommend storing sensitive credential information, such as named profiles that include
access keys, in the credentials file. Less sensitive configuration options, such as named
profiles that use AWS SSO for authentication, are normally stored in the config file.
You can store all your named profiles in a single file. If you're using both credentials and
config files, credentials is opened by default in the IDE.
If there are credentials in both files for a profile sharing the same name, the keys in the
credentials file take precedence. For more information, see Configuration and credential file
settings in the AWS Command Line Interface User Guide.
• To open the credentials for editing, do one of the following:
• On the status bar, choose AWS: No credentials selected, and then choose Edit AWS Credential
file(s).
8
• Open AWS Explorer (p. 18), if it isn't already open. Choose Configure AWS Connection, and
then choose Edit AWS Credential file(s).
After you open the credentials file, you can edit it to specify access to your AWS account using access
keys or AWS SSO.
Connect with access keys
1. In the file, under [default], for aws_access_key_id, replace [accessKey1] with your
access key ID value (for example, AKIAIOSFODNN7EXAMPLE).
If prompted, choose I want to edit this file anyway, and then choose OK.
2. For aws_secret_access_key, replace [secretKey1] with your secret access key value (for
example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
The final results should look as shown here, following the named profile format.
... Other file contents omitted for brevity ...
9
[default]
# ... Some comments ...
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
# ... Some more comments ...
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Note
The AWS Toolkit for JetBrains currently supports the following configuration variables:
• aws_access_key_id
• aws_secret_access_key
• aws_session_token
• credential_process
• external_id
• mfa_serial
• role_arn
• source_profile
For more information, see AWS CLI configuration variables in the AWS CLI Command
Reference.
3. Save and then close the file. The AWS Toolkit for JetBrains tries to connect to the account by
using the preceding access key.
After connecting, you can use the toolkit to work with AWS resources in that account,
such as AWS serverless (p. 19) applications, AWS Lambda (p. 26) functions, and AWS
CloudFormation (p. 32) stacks.
Connect with AWS SSO
With AWS SSO, you define a named profile in the credentials file or config that you use to
retrieve temporary credentials for your AWS account. The profile definition specifies the SSO user
portal as well as the AWS account and IAM role associated with the user requesting access.
AWS Toolkit for JetBrains calls the AWS CLI login command on your behalf. (The named profile
that you added is passed as an option to login). If the login is successful, your default browser is
launched and verifies your AWS SSO login. You can then start accessing the AWS resources available
in your account.
1. In the credentials/config file, under [default], add a template for a named profile.
You can use an example like the one that follows as a template for a typical AWS SSO profile.
Important
For named profiles, the credentials file uses a different naming format than the
config file. Include the prefix word profile only when configuring a named profile
in the config file. Do not use the word profile when creating an entry in the
credentials file.
... Named profile in credentials file ...
[default]
10
Add multiple connections
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2
... Named profile in config file ...
[profile user1]
region = us-west-2
2. Assign values to the keys that are specific to your SSO configuration:
• sso_start_url – Specifies the URL that points to the organization's AWS SSO user portal.
• sso_region – Specifies the AWS Region that contains the AWS SSO portal host. This is
separate from and can be a different AWS Region than that specified by the default region
parameter.
• sso_account_id – Specifies the AWS account ID that contains the IAM role with the
permission that you want to grant to the associated AWS SSO user.
• sso_role_name – Specifies the friendly name of the IAM role that defines the user's
permissions when using this profile to get credentials through AWS SSO.
• region IAM Specifies the AWS Region that contains the AWS SSO portal host. This is separate
from and can be a different AWS Region than that specified by the default region parameter.
Note
You can also include any other keys and values that are valid in the .aws/
credentials file, such as output or S3. However, you can't include any credential-
related values, such as role_arn or aws_secret_access_key. If you do, the AWS
CLI produces an error.
For more information, see Configuring the AWS CLI to use AWS Single Sign-On in the
AWS Command Line Interface User Guide.
After AWS Toolkit for JetBrains calls the AWS SSO login command on your behalf, a browser
window launches to confirm the SSO login was successful.
You can also have more than one connection (p. 11) available, so that you can switch between
them (p. 13).
After you connect, the AWS Toolkit for JetBrains selects the default AWS Region automatically. You
might need to switch connections to work with different AWS resources (p. 17).
Top (p. 4)

Depending on the additional connection you want to add, you must first have completed one of the
following tasks:
• Created an additional access key (which contains both an access key ID value and a secret access
key value) for a user in IAM (which we recommend) or AWS account root user (which we strongly
discourage). If you don't have an access key for a user IAM already, create one.
11
• Enabled AWS SSO access for the additional user's AWS account.
Note
1. Connect for the first time (p. 8), if you have not done so already.
2. To start editing the credentials file, do one of the following:
• On the status bar, choose AWS Connection Settings, and then choose All Credentials, Edit AWS
Credential file(s).
• Open AWS Explorer (p. 18), if it isn't already open, and then choose Show Options Menu (the
settings icon). Choose AWS Connection Settings, All Credentials, Edit AWS Credential file(s).
3. In the file, add a named profile for each additional connection. Profile names can contain only
the uppercase letters A through Z, the lowercase letters a through z, the numbers 0 through 9,
the hyphen character ( -), and the underscore character ( _). Profile names must be less than 64
characters in length.
Profile with access keys
For example, for a named profile named myuser, use the following format.
12
Switch between connections
[myuser]
Note
The AWS Toolkit for JetBrains currently supports named profiles with only the
following characters: A-Z, a-z, 0-9, underscore (_), and hyphen (-).
Currently, the toolkit supports only the following configuration variables:
• mfa_serial
• role_arn
• source_profile
Reference.
Profile with AWS SSO
With AWS SSO, you can enable multiple connections by adding named profiles that define how
specific accounts are authenticated using single sign-on. Ensure each named profile that you
add to the credentials file has a unique name and assign account-specific values to the SSO
keys. This is shown in the following example.
[profile user2]
region = us-west-2
For more information about the AWS SSO key-value pairs, see defining named profiles for SSO.
4. Save and then close the file. The AWS Toolkit for JetBrains displays the new connection in the AWS
Connection Settings menu in both the status bar and in AWS Explorer.
Now that you have multiple connections, you can switch between them (p. 13).
After you connect, you might need to switch connections to work with (p. 17).
Top (p. 4)
Switch between connections

1. Add multiple connections (p. 11), if you haven't done so already.
2. Do one of the following:
13
Change connection settings
• On the status bar, choose AWS Connection Settings.

• Open AWS Explorer (p. 18), if it isn't already open, and then choose AWS Connection Settings.
3. Choose the named profile to use for the new connection. If it isn't listed, choose All Credentials, and
then choose the named profile to use.
The AWS Toolkit for JetBrains switches to the new connection. This connection is now selected in the
AWS Connection Settings menu in both the status bar and AWS Explorer.
After you connect, you might need to switch to working with AWS resources in that account that are in a
different AWS Region (p. 17).
Top (p. 4)
Change connection settings

• On the status bar, choose AWS Connection Settings, All Credentials, Edit AWS Credential file(s).
settings icon). Then choose AWS Connection Settings, All Credentials, Edit AWS Credential
file(s).
2. Make your changes to the file, and then save and close the file.
14
Delete a connection
Top (p. 4)
Delete a connection
file(s).
2. In the file, completely delete the named profile (specifying access keys or AWS SSO key-value pairs)
for the connection that you want to delete.
3. Save and then close the file. The AWS Toolkit for JetBrains removes the deleted connection from the
AWS Connection Settings menu in both the status bar and in AWS Explorer.
After you delete a connection, you might need to switch to a different connection (p. 13) or connect
for the first time (p. 8) again.
Top (p. 4)
Get the current connection

To check which connection the AWS Toolkit for JetBrains is currently using, do one of the following:
• On the status bar, see the current connection displayed in the AWS Connection Settings area.
15
Get the current AWS Region
• Open AWS Explorer (p. 18), if it's not already open, and then choose Show Options Menu (the
settings icon). Choose AWS Connection Settings. The current connection is selected.
them (p. 13).
Top (p. 4)
Get the current AWS Region

To check which AWS Region the AWS Toolkit for JetBrains is currently using, do one of the following:
• On the status bar, see the current Region displayed in the AWS Connection Settings area.
settings icon). Choose AWS Connection Settings. The current Region is selected.
You can also switch to a different AWS Region (p. 17).
16
Switch between AWS Regions
Top (p. 4)
Switch between AWS Regions

To switch AWS Regions, do one of the following:
• On the status bar, choose AWS Connection Settings, and then choose the AWS Region that you want
to switch to.
• Open AWS Explorer (p. 18), if it isn't already open. Choose Show Options Menu (the settings icon),
and then choose AWS Connection Settings. If the AWS Region that you want to switch to is listed,
choose it. Otherwise, choose All Regions, and then choose the Region to switch to.
17
Open AWS Explorer within the AWS Toolkit for JetBrains
The AWS Toolkit for JetBrains switches to using the new Region. The Region is now selected in the AWS
Connection Settings menu in both the status bar and AWS Explorer.
Top (p. 4)
Open AWS Explorer within the AWS Toolkit for

JetBrains
To complete this procedure, you must first install the AWS Toolkit (p. 4). Then, with IntelliJ IDEA,
PyCharm, WebStorm, or JetBrains Rider already running, do one of the following:
• On the tool window bar, choose AWS Explorer.
• On the View menu, choose Tool Windows, AWS Explorer.
After you open AWS Explorer for the first time, use it to connect to an AWS account for the first
time (p. 8). After that, you can use AWS Explorer to work with AWS Lambda (p. 26) functions and
AWS CloudFormation (p. 32) stacks in the account.
Top (p. 4)
18
Work with AWS Serverless Applications
Work with AWS Serverless Applications

After you install the AWS Toolkit for JetBrains (p. 4) and then use it to connect to an AWS account
for the first time (p. 8), you can use the toolkit to work with AWS serverless applications in an
account, as follows:
• Create a serverless application (p. 19)

• Deploy a serverless application (p. 23)
• Update the settings for a serverless application (p. 24)
• Delete a serverless application (p. 25)
Top (p. 4)
Create a serverless application

To complete this procedure, you must first install the AWS Toolkit for JetBrains (p. 4), and if you
haven't yet, connect to an AWS account for the first time (p. 8).
1. With IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider already running, do one of the following:
• For IntelliJ IDEA or WebStorm, choose File, New, Project.

• For PyCharm, choose File, New Project.
• For JetBrains Rider, choose File, New for a new solution. Or right-click an existing solution in the
Explorer tool window, and then choose Add, New Project.
2. For IntelliJ IDEA, choose AWS, AWS Serverless Application, and then choose Next.
For PyCharm, choose AWS Serverless Application.
19
For WebStorm, choose AWS Serverless Application.
For JetBrains Rider, choose AWS Serverless Application.
20
3. Complete the New Project dialog box (or the New Solution dialog box for JetBrains Rider) (p. 105),
and then choose Finish (for IntelliJ IDEA) or Create (for PyCharm, WebStorm, or JetBrains Rider). The
AWS Toolkit for JetBrains creates the project and adds the serverless application's code files to the
new project.
4. If you're using IntelliJ IDEA, with the Project tool window already open and displaying the project
that contains the serverless application's files, do one of the following:
• For Maven-based projects, right-click the project's pom.xml file, and then choose Add as Maven
Project.
21
• For Gradle-based projects, right-click the project's build.gradle file, and then choose Import
Gradle project.
22
Deploy a serverless application
Complete the Import Module from Gradle dialog box, and then choose OK.
After you create the serverless application, you can run (invoke) or debug the local version of an AWS
Lambda function (p. 28) that is contained in that application.
You can also deploy the serverless application (p. 23). After you deploy it, you can run (invoke) the
remote version of a Lambda function (p. 29) that is part of that deployed application.
Top (p. 4)
Deploy a serverless application

Before you can use this procedure to deploy an AWS serverless application, you must first create the AWS
serverless application (p. 19). Then follow these steps.
Note
To deploy a serverless application that contains an AWS Lambda function, and deploy that
function with any nondefault or optional properties, you must first set those properties in
the function's corresponding AWS Serverless Application Model (AWS SAM) template file (for
example, in a file named template.yaml within the project). For a list of available properties,
see AWS::Serverless::Function in the awslabs/serverless-application-model repository on
GitHub.
1. If you need to switch to a different AWS Region (p. 17) to deploy the serverless application, do
that now.
2. With the Project tool window already open and displaying the project that contains the serverless
application's files, right-click the project's template.yaml file. Then choose Deploy Serverless
Application.
23
Update the settings for a serverless application
3. Complete the Deploy Serverless Application (p. 103) dialog box, and then choose Deploy.
The AWS Toolkit for JetBrains creates a corresponding AWS CloudFormation stack for the
deployment. It also adds the name of the stack to the CloudFormation list in AWS Explorer. If the
deployment fails, you can try to determine why by viewing event logs for the stack (p. 33).
After you deploy it, you can run (invoke) the remote version of an AWS Lambda function (p. 29) that is
part of that deployed application.
Top (p. 4)
Update the settings for a serverless application

Before you can use this procedure to change settings for a serverless application, you must first deploy
the AWS serverless application (p. 23) that you want to change. Then follow these steps.
Note
function with any nondefault or optional properties, you must first set those properties in the
function's corresponding AWS SAM template file (for example, in a file named template.yaml
within the project). For a list of available properties, see AWS::Serverless::Function in the
awslabs/serverless-application-model repository on GitHub.
24
Delete a serverless application
application's files, open the project's template.yaml file. Change the file's contents to reflect the
new settings, and then save and close the file.
2. If you need to switch to a different AWS Region (p. 17) to deploy the serverless application to, do
that now.
3. Right-click the project's template.yaml file, and then choose Deploy Serverless Application.
4. Complete the Deploy Serverless Application (p. 103) dialog box, and then choose Deploy. The AWS
Toolkit for JetBrains updates the corresponding AWS CloudFormation stack for the deployment.
If the deployment fails, you can try to determine why by viewing event logs for the stack (p. 33).
Top (p. 4)
Delete a serverless application

Before you can use this procedure to delete a serverless application, you must first deploy the AWS
serverless application (p. 23) that you want to delete. Then follow these steps.
1. Open AWS Explorer (p. 18), if it isn't already open. If you need to switch to a different AWS
Region (p. 17) that contains the serverless application, do that now.
2. Expand CloudFormation.
25
Work with AWS Lambda Functions
3. Right-click the name of the AWS CloudFormation stack that contains the serverless application you
want to delete, and then choose Delete CloudFormation Stack.
4. Enter the stack's name to confirm the deletion, and then choose OK. If the stack deletion succeeds,
the AWS Toolkit for JetBrains removes the stack name from the CloudFormation list in AWS
Explorer. If the stack deletion fails, you can try to determine why by viewing event logs for the
stack (p. 33).
Top (p. 4)
Work with AWS Lambda Functions

After you install the AWS Toolkit for JetBrains (p. 4) and then use the toolkit to connect to an
AWS account for the first time (p. 8), you can use the toolkit to work with Lambda functions in the
account, as follows.
• Create a function (p. 27)

• Run (invoke) or debug the local version of a function (p. 28)
• Run (invoke) the remote version of a function (p. 29)
• Update the configuration for a function (p. 30)
• Delete a function (p. 32)
Top (p. 4)
26
Create a function
Create a function
You can use the AWS Toolkit for JetBrains to create a Lambda function that is part of an AWS serverless
application (p. 27), or you can create a Lambda function by itself (p. 27).
Create a serverless application that contains a Lambda Function

See the instructions earlier in this topic about creating an AWS serverless application (p. 19).
Top (p. 4)
Create a standalone function

To complete this procedure, you must first install the (p. 4)AWS Toolkit for JetBrains and, if you
haven't yet, connect to an AWS account for the first time (p. 8).
Then with IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider already running, do one of the following:
• Open AWS Explorer (p. 18), if it isn't already open. If you need to switch to a different AWS
Region (p. 17) to create the function in, do that now. Then right-click Lambda, and choose Create
new AWS Lambda.
Complete the Create Function (p. 102) dialog box, and then choose Create Function. The AWS
Toolkit for JetBrains creates a corresponding AWS CloudFormation stack for the deployment, and
adds the function name to the Lambda list in AWS Explorer. If the deployment fails, you can try to
determine why by viewing event logs for the stack (p. 33).
• Create a code file that implements a function handler for Java, Python, Node.js, or C#.
If you need to switch to a different AWS Region (p. 17) to create the remote function to be run
(invoked), do that now. Then in the code file, choose the Lambda icon in the gutter next to the
function handler, and then choose Create new AWS Lambda. Complete the Create Function (p. 102)
dialog box, and then choose Create Function.
Note
If the Lambda icon isn't displayed in the gutter next to the function handler, try displaying it
for the current project by selecting the following box in Settings/Preferences: Tools, AWS,
Project settings, Show gutter icons for all potential AWS Lambda handlers. Also, if the
function handler is already defined in the corresponding AWS SAM template, the Create new
AWS Lambda command won't appear.
After you choose Create Function, the AWS Toolkit for JetBrains creates a corresponding function in
the Lambda service for the connected AWS account. If the operation succeeds, after you refresh AWS
Explorer, the Lambda list displays the name of the new function.
• If you already have a project that contains an AWS Lambda function, and if you need to first switch
to a different AWS Region (p. 17) to create the function in, do that now. Then in the code file
27
Run (invoke) or debug the local version of a function
that contains the function handler for Java, Python, Node.js, or C#, choose the Lambda icon in
the gutter next to the function handler. Choose Create new AWS Lambda, complete the Create
Function (p. 102) dialog box, and then choose Create Function.
Note
Project settings, Show gutter icons for all potential AWS Lambda handlers. Also, the Create
new AWS Lambda command won't be displayed if the function handler is already defined in
the corresponding AWS SAM template.
Explorer, the new function's name appears in the Lambda list.
After you create the function, you can run (invoke) or debug the local version of the function (p. 28) or
run (invoke) the remote version (p. 29).
Top (p. 4)
Run (invoke) or debug the local version of a function

A local version of an AWS Lambda function is a function whose source code already exists on your local
development computer.
To complete this procedure, you must first create the AWS Lambda function (p. 27) that you want to
run (invoke) or debug, if you haven't created it already.
Note
To run (invoke) or debug the local version of a Lambda function, and run (invoke) or
debug that function locally with any nondefault or optional properties, you must first set
those properties in the function's corresponding AWS SAM template file (for example, in
a file named template.yaml within the project). For a list of available properties, see
AWS::Serverless::Function in the awslabs/serverless-application-model repository on GitHub.
• In the code file that contains the function handler for Java, Python, Node.js, or C#, choose the
Lambda icon in the gutter next to the function handler. Choose Run '[Local]' or Debug '[Local]'.
• With the Project tool window already open and displaying the project that contains the function,
open the project's template.yaml file. Choose the Run icon in the gutter next to the function's
resource definition, and then choose Run '[Local]' or Debug '[Local]'.
28
Run (invoke) the remote version of a function
2. Complete the Edit configuration (local function settings) (p. 108) dialog box if it's displayed, and
then choose Run or Debug. Results are displayed in the Run or Debug tool window.
• If the Edit configuration dialog box doesn't appear and you want to change the existing
configuration, first change its configuration (p. 30), and then repeat this procedure from the
beginning.
• If the configuration details are missing, expand Templates, AWS Lambda, and then choose Local.
Choose OK, and then repeat this procedure from the beginning.
Top (p. 4)
Run (invoke) the remote version of a function

A remote version of an AWS Lambda function is a function whose source code already exists inside of the
Lambda service for an AWS account.
To complete this procedure, you must first install the AWS Toolkit for JetBrains (p. 4) and, if you
haven't yet, connect to an AWS account for the first time (p. 8). Then with IntelliJ IDEA, PyCharm,
WebStorm, or JetBrains Rider running, do the following.
Region (p. 17) that contains the function, do that now.
2. Expand Lambda, and confirm that the name of the function is listed. If it is, skip ahead to step 3 in
this procedure.
If the name of the function isn't listed, create the Lambda function (p. 27) that you want to run
(invoke).
If you created the function as part of an AWS serverless application (p. 27), you must also deploy
that application (p. 23).
If you created the function by creating a code file that implements a function handler for Java,
Python, Node.js, or C#, then in the code file, choose the Lambda icon next to the function handler.
Then choose Create new AWS Lambda. Complete the Create Function (p. 102) dialog box, and
then choose Create Function.
3. With Lambda open in AWS Explorer, right-click the name of the function, and then choose Run
'[Remote]'.
29
Update the configuration for a function
4. Complete the Edit configuration (remote function settings) (p. 114) dialog box if it's displayed, and
beginning.
Top (p. 4)

Do one of the following:
• With the code file open that contains the function handler for Java, Python, Node.js, or C#, on the
main menu, choose Run, Edit Configurations. Complete the Run/Debug Configurations (p. 108)
dialog box, and then choose OK.
Region (p. 17) that contains the function, do that now. Expand Lambda, choose the name of the
function to change the configuration for, and then do one of the following:
• Change settings such as the timeout, memory, environment variables, and execution role – Right-
click the name of the function, and then choose Update Function Configuration.
Complete the Update Configuration (p. 121) dialog box, and then choose Update.
30
• Change settings such as the input payload – On the main menu, choose Run, Edit Configurations.
Complete the Run/Debug Configurations (p. 108) dialog box, and then choose OK.
If the configuration details are missing, first expand Templates, AWS Lambda, and then choose
Local (for the local version of the function) or Remote (for the remote version of that same
function). Choose OK, and then repeat this procedure from the beginning.)
• Change settings such as the function handler name or Amazon Simple Storage Service (Amazon
S3) source bucket – Right-click the function name, and then choose Update Function Code.
Complete the Update Code (p. 120) dialog box, and then choose Update.
31
Delete a function
• Change other available property settings that aren't listed in the preceding bullets – Change
those settings in the function's corresponding AWS SAM template file (for example, in a file named
template.yaml within the project).
For a list of available property settings, see AWS::Serverless::Function in the awslabs/serverless-

application-model repository on GitHub.
Top (p. 4)
Delete a function
You can use the AWS Toolkit for JetBrains to delete an AWS Lambda function that is part of an AWS
serverless application (p. 32). Or you can delete a standalone Lambda function (p. 32).
Delete a serverless application that contains a function

See the instructions for deleting a serverless application (p. 25), earlier in this topic.
Top (p. 4)
Delete a standalone function

2. Expand Lambda.
3. Right-click the name of the function to delete, and then choose Delete Function.
4. Enter the function's name to confirm the deletion, and then choose OK. If the function deletion
succeeds, the AWS Toolkit for JetBrains removes the function name from the Lambda list.
Top (p. 4)
Work with AWS CloudFormation stacks

After you install the AWS Toolkit for JetBrains (p. 4) and then use the toolkit to connect to an AWS
account for the first time (p. 8), you can use the toolkit to work with AWS CloudFormation stacks in
the account, as follows:
32
Create a stack
• View event logs for a stack (p. 33)

• Delete a stack (p. 34)
Currently, you can't use the AWS Toolkit for JetBrains to directly create stacks (p. 33) or to change
stack settings (p. 33). However, you can do these tasks indirectly as part of working with AWS
serverless applications and AWS Lambda functions, as follows.
Top (p. 4)
Create a stack
Currently, you can't use the AWS Toolkit for JetBrains to create an AWS CloudFormation stack directly.
However, whenever you use the toolkit to deploy an AWS serverless application (p. 23) or to create
and then deploy an AWS Lambda function (p. 27), the toolkit deploys these by first creating a
corresponding stack in AWS CloudFormation, and then using that stack for the deployment.
Top (p. 4)
Change stack settings

Currently, you can't use the AWS Toolkit for JetBrains to change the settings for an AWS CloudFormation
stack directly. However, you can update the settings for an AWS serverless application (p. 24) that
belongs to a stack, or update the configuration for an AWS Lambda function (p. 30) that belongs to a
stack. Then you deploy that serverless application (p. 23) again or deploy that function, as part of the
lifecycle of running (invoking) the remote version of that function (p. 29), again.
Top (p. 4)
View event logs for a stack

1. Open AWS Explorer (p. 18), if it isn't already open. If the stack is in an AWS Region that's different
from the current one, switch to a different AWS Region (p. 17) that contains it.
3. To view event logs for the stack, right-click the stack's name. The AWS Toolkit for JetBrains displays
the event logs in the CloudFormation tool window.
To hide or show the CloudFormation tool window, on the main menu, choose View, Tool Windows,
CloudFormation.
33
Deleting a stack
Top (p. 4)
Deleting a stack
Region (p. 17) that contains the stack, do that now.
3. Right-click the name of the stack to delete, and then choose Delete CloudFormation Stack.
34
Work with Amazon CloudWatch Logs
4. Enter the stack's name to confirm it's deleted, and then choose OK. If the stack deletion succeeds,
Explorer. If the stack deletion fails, you can troubleshoot by viewing the event logs for the
stack (p. 33).
Top (p. 4)
Work with Amazon CloudWatch Logs

account for the first time (p. 8), you can use the toolkit to work with Amazon CloudWatch Logs in the
• Viewing CloudWatch log groups and log streams (p. 57)

• Working with CloudWatch log events (p. 58)
Top (p. 4)
Work with Amazon ECS clusters

account for the first time (p. 8), you can use the toolkit to work with Amazon ECS clusters in the
35
Debug code in a cluster
Debug code in a cluster

After you complete the prerequisites (p. 62), do the following.
1. Open AWS Explorer (p. 18), if it isn't already open. If the Amazon ECS cluster (p. 65) is in an
AWS Region that's different from the current one, switch to a different AWS Region (p. 17) that
contains it.
2. Expand ECS, and then expand Clusters.
3. Expand your Amazon ECS cluster, right-click your service, and then choose Enable Cloud
Debugging. For example, in the following screenshot, the cluster is named java, and the service is
named java-service.
4. When prompted, choose your Amazon ECS task role (p. 64), and then choose OK.
The status bar displays the message Configuring Cloud Debugging resource. Wait until the Build
Output tab of the Build tool window displays a successful configuration message. (A related pop-up
also is displayed in the lower-right corner.) This will take several minutes.
Note
As you enable code debugging in your AWS account for the first time, the AWS Toolkit for
JetBrains creates an Amazon S3 bucket in your AWS account. The bucket's name follows
the format of do-not-delete-cloud-debug-Region-ID-account-ID. The JetBrains
Toolkit stores information in this bucket to enable code debugging. Do not delete this
bucket or modify its contents. If you do, code debugging might stop working or produce
unexpected results. If you accidentally delete or modify this bucket, the JetBrains Toolkit
will try to recreate the bucket. You can also force the JetBrains Toolkit to recreate the
bucket by choosing Enable Cloud Debugging again as described earlier, or by choosing
Disable Cloud Debugging as described later in this procedure.
5. With the code you want to debug displayed, in the AWS Explorer, expand ECS, expand Clusters,
and then expand your cluster. A service is displayed with a debug icon next to it. This indicates the
service is now enabled for cloud debugging. Right-click the service with the debug icon, and then
choose Debug.
6. Complete the Edit configuration (p. 116) dialog box, and then choose Debug.
Note
To make changes to this configuration later, on the menu bar, choose Run, Edit
Configurations. Then expand Amazon ECS Service Cloud Debug, and choose the service's
name.
7. Use the IDE's built-in debugging tools to debug your code as usual.
36
Working with Amazon EventBridge schemas
8. If you make changes to your code, you can start debugging again. In the AWS Explorer, expand ECS,
expand Clusters, and then expand your cluster. Right-click your service with the debug icon next to
it, and then choose Debug.
9. If you make changes to the associated Dockerfile, you must rebuild and republish the Docker
image, and then repeat this procedure from the beginning.
10. To disable debugging, in the AWS Explorer, expand ECS, expand Clusters, and then expand your
cluster. Right-click your service with the debug icon next to it, and then choose Disable Cloud
Debugging. A pop-up is displayed, confirming that debugging is disabled.
Top (p. 4)

See Working with Amazon EventBridge schemas (p. 68).
Top (p. 4)
Work with Amazon S3 buckets and objects

account for the first time (p. 8), you can use the toolkit to work with Amazon S3 buckets and objects
in the account, as follows.
• Work with Amazon S3 buckets (p. 87)

• Work with Amazon S3 objects (p. 88)
Top (p. 4)
Work with Amazon RDS

account for the first time (p. 8), you can use the toolkit to work with Amazon RDS databases in the
• Confirm prerequisites for accessing Amazon RDS databases (p. 77)

• Connect to an Amazon RDS database (p. 78)
Top (p. 4)
Work with Amazon Redshift

account for the first time (p. 8), you can use the toolkit to work with Amazon Redshift clusters and
databases in the account, as follows.
• Confirm prerequisites for accessing Amazon Redshift clusters and databases (p. 82)
• Connect to a database in an Amazon Redshift cluster (p. 83)
37
Work with Amazon Redshift
Top (p. 4)
38
Installing the AWS Toolkit
Setting up the AWS Toolkit for

JetBrains
Complete the following instructions to set up the AWS Toolkit for JetBrains. These instructions include
installing and updating the AWS Toolkit for JetBrains, connecting the toolkit to an AWS account, setting
the AWS Region for the toolkit to use, and more.
Topics
• Installing the AWS Toolkit for JetBrains (p. 39)
• Updating the AWS Toolkit for JetBrains (p. 41)
• Setting AWS credentials for the AWS Toolkit for JetBrains (p. 42)
• Setting an AWS Region for the AWS Toolkit for JetBrains (p. 51)
• HTTP proxy setup for the AWS Toolkit for JetBrains (p. 53)
Installing the AWS Toolkit for JetBrains

Installing the AWS Toolkit for JetBrains is a two-stage process. First, you configure your AWS account
and permissions so you can interact with AWS services within the JetBrains IDE. Next, you install and
configure the Toolkit as an IDE plugin.
Setting up your AWS account to use AWS Toolkit for JetBrains

1. Create an AWS account, if you don't have an account already.
2. Create an administrator user and group in AWS Identity and Access Management (IAM) in the
account, if you haven't done that already.
Note
We recommend that you create or use a special type of user and group in the account for
the AWS Toolkit for JetBrains to use, which we call an administrator IAM user and group.
Although you can create a regular IAM user and group in the account for the toolkit to use,
this approach might not allow the toolkit to have full access to all of the AWS resources and
AWS serverless applications in that account. We support, but strongly discourage, using an
AWS account root user with the AWS Toolkit for JetBrains.
3. Create an access key for the user, if you don't have an access key for that user already.
Note
An access key contains both an access key ID value and a secret access key value. The AWS
Toolkit for JetBrains needs to use both of these values later. Be sure to store them in a
secure location. If you lose them, they're gone forever and can't be retrieved. However,
you can always delete a lost access key, and then create a replacement access key. If you
ever do this, you also need to change your toolkit connection settings (p. 14). We support,
but strongly discourage, creating an access key for an AWS account root user for the AWS
Toolkit for JetBrains to use.
Installing and configuring AWS Toolkit for JetBrains

1. Ensure that a JetBrains IDE supported by AWS Toolkits is installed and running.
3. Choose Plugins.
39
Installing the AWS Toolkit
4. On the Marketplace tab, in Search plugins in marketplace, begin entering AWS Toolkit. When AWS
Toolkit by Amazon Web Services is displayed, choose it.
5. Choose Install.
Note
To use the AWS Toolkit for JetBrains to work with its available features for AWS
CloudFormation, AWS Lambda, AWS Serverless, and Amazon ECS, you must install version
1.8 or later of the AWS Toolkit.
40
Installing AWS Toolkit for JetBrains
Early Access Program (EAP) builds
6. When the Third-party Plugins Privacy Note is displayed, choose Accept.

7. Choose Restart IDE, and when prompted, choose Restart.
8. Before you can use the AWS Toolkit for JetBrains to develop, test, analyze, and deploy AWS
serverless applications or Lambda functions, be sure you have the following tools installed. Install
the tools in this order:
1. AWS Command Line Interface (AWS CLI)

2. Docker (Docker must always be running whenever you develop, test, analyze, or deploy serverless
applications or functions)
3. AWS Serverless Application Model Command Line Interface (AWS SAM CLI)
9. Before you can use the AWS Toolkit for JetBrains to debug code in Amazon ECS clusters, you must
complete additional steps. For instructions, see the prerequisites (p. 62).
10. After you install the AWS Toolkit for JetBrains (and, if you're working with AWS serverless
applications, Lambda functions, or Amazon ECS clusters, you've installed the preceding additional
required tools, in order), connect to an AWS account for the first time (p. 8).
Installing AWS Toolkit for JetBrains Early Access

Program (EAP) builds
AWS occasionally releases AWS Toolkit for JetBrains preview and experimental plugins and features
through Early Access Program (EAP) builds.
You can automatically get updated EAP builds as they become available, as follows.
1. Make sure a JetBrains IDE supported by AWS Toolkits is running.

3. Choose Plugins.
4. Choose Manage Repositories, Configure Proxy or Install Plugin from Disk (the settings icon).
5. Choose Manage Plugin Repositories.
6. Choose Add (the + icon).
7. Enter the following URL to the EAP repository for the AWS Toolkit for JetBrains: https://
plugins.jetbrains.com/plugins/eap/aws.toolkit. Then press Enter, and choose OK.
8. If prompted, choose Restart IDE. Then when prompted, choose Restart.
• Now, whenever a later EAP build is available, choose Update next to the AWS Toolkit entry in
Plugins. When prompted, choose Restart IDE. Then choose Restart.
9. To remove a reference to the custom repository, in the Preferences dialog box, choose Plugins.
Then choose Manage Repositories, Configure Proxy or Install Plugin from Disk (the settings icon),
Manage Plugin Repositories. Select the URL to the custom repository, and then choose Remove
(the - icon). Then choose OK.
Updating the AWS Toolkit for JetBrains

After you install the AWS Toolkit for JetBrains (p. 4), you can check for updates to the toolkit at any time
and install them.
To do this, with a JetBrains IDE supported by AWS Toolkits already running, do the following.

2. Choose Updates. (If no updates are displayed, you might need to choose Check new updates.)
41
Setting AWS credentials
3. Follow any on-screen instructions to finish updating the AWS Toolkit for JetBrains.
4. Restart the JetBrains IDE.
Setting AWS credentials for the AWS Toolkit for

JetBrains
To access an AWS account by using the AWS Toolkit for JetBrains, you must first connect the toolkit to
that account. There are two options for connecting to your account:
• Add access keys to specify the AWS credentials for the account.
• Add a named profile for the account that will be logged in using AWS Single Sign-On (AWS SSO).
Complete the following procedures to make an initial connection, switch between connections, change
connections, delete connections, and more.
Topics
• Accessing credentials files (p. 43)
• Getting the current connection (p. 46)
• Adding multiple connections (p. 47)
• Switching between connections (p. 49)
• Changing connection settings (p. 49)
• Deleting a connection (p. 50)
42
Accessing credentials files

You should have already installed the AWS Toolkit for JetBrains (p. 4). Depending on your connection
option, you must have completed the following prerequisites:
• AWS security credentials—Created an access key (which contains both an access key ID value and a
secret access key value) for a user in IAM (which we recommend), or an AWS account root user (which
we strongly discourage). If you don't have an access key for a user in IAM, create one.
• AWS SSO—Configured single sign-on by enabling AWS SSO, managing your identity source, and
assigning SSO access to AWS accounts. For more information about this process, see the Getting
started chapter of the AWS Single Sign-On User Guide.
Note
• To open the credentials for editing, do one of the following:
• On the status bar, choose AWS: No credentials selected, and then choose Edit AWS Credential
file(s).
• Open AWS Explorer (p. 18), if it isn't already open. Choose Configure AWS Connection, and then
choose Edit AWS Credential file(s).
43
After you open the credentials file, you can edit it to specify access to your AWS account using access
keys or AWS SSO.
Connect with access keys
1. In the file, under [default], for aws_access_key_id, replace [accessKey1] with your
access key ID value (for example, AKIAIOSFODNN7EXAMPLE).
If prompted, choose I want to edit this file anyway, and then choose OK.
2. For aws_secret_access_key, replace [secretKey1] with your secret access key value (for
example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
The final results should look as shown here, following the named profile format.
[default]
# ... Some comments ...
Note
The AWS Toolkit for JetBrains currently supports the following configuration variables:
• external_id
44
• mfa_serial
• role_arn
• source_profile
Reference.
3. Save and then close the file. The AWS Toolkit for JetBrains tries to connect to the account by
using the preceding access key.
After connecting, you can use the toolkit to work with AWS resources in that account,
such as AWS serverless (p. 19) applications, AWS Lambda (p. 26) functions, and AWS
CloudFormation (p. 32) stacks.
Connect with AWS SSO
With AWS SSO, you define a named profile in the credentials file or config that you use to
retrieve temporary credentials for your AWS account. The profile definition specifies the SSO user
portal as well as the AWS account and IAM role associated with the user requesting access.
AWS Toolkit for JetBrains calls the AWS CLI login command on your behalf. (The named profile
that you added is passed as an option to login). If the login is successful, your default browser is
launched and verifies your AWS SSO login. You can then start accessing the AWS resources available
in your account.
1. In the credentials/config file, under [default], add a template for a named profile.
You can use an example like the one that follows as a template for a typical AWS SSO profile.
Important
For named profiles, the credentials file uses a different naming format than the
config file. Include the prefix word profile only when configuring a named profile
in the config file. Do not use the word profile when creating an entry in the
credentials file.
... Named profile in credentials file ...
[default]
region = us-west-2
... Named profile in config file ...
[profile user1]
region = us-west-2
2. Assign values to the keys that are specific to your SSO configuration:
• sso_start_url – Specifies the URL that points to the organization's AWS SSO user portal.
45
Getting the current connection
• sso_region – Specifies the AWS Region that contains the AWS SSO portal host. This is
separate from and can be a different AWS Region than that specified by the default region
parameter.
• sso_account_id – Specifies the AWS account ID that contains the IAM role with the
permission that you want to grant to the associated AWS SSO user.
• sso_role_name – Specifies the friendly name of the IAM role that defines the user's
permissions when using this profile to get credentials through AWS SSO.
• region IAM Specifies the AWS Region that contains the AWS SSO portal host. This is separate
from and can be a different AWS Region than that specified by the default region parameter.
Note
You can also include any other keys and values that are valid in the .aws/
credentials file, such as output or S3. However, you can't include any credential-
related values, such as role_arn or aws_secret_access_key. If you do, the AWS
CLI produces an error.
For more information, see Configuring the AWS CLI to use AWS Single Sign-On in the
AWS Command Line Interface User Guide.
After AWS Toolkit for JetBrains calls the AWS SSO login command on your behalf, a browser
window launches to confirm the SSO login was successful.
them (p. 13).
After you connect, the AWS Toolkit for JetBrains selects the default AWS Region automatically. You
might need to switch to working with different AWS resources that are in a different Region (p. 17).
Getting the current connection

To check which connection the AWS Toolkit for JetBrains is currently using, do one of the following:
• On the status bar, see the current connection displayed in the AWS Connection Settings area.
• Open AWS Explorer (p. 18), if it's not already open, and then choose Show Options Menu (the settings
icon). Choose AWS Connection Settings. The current connection is selected.
46
Adding multiple connections
them (p. 13).

Depending on the additional connection you want to add, you must first have completed one of the
following tasks:
• Created an additional access key (which contains both an access key ID value and a secret access
key value) for a user in IAM (which we recommend) or AWS account root user (which we strongly
discourage). If you don't have an access key for a user IAM already, create one.
• Enabled AWS SSO access for the additional user's AWS account.
Note
1. Connect for the first time (p. 8), if you have not done so already.
2. To start editing the credentials file, do one of the following:
• On the status bar, choose AWS Connection Settings, and then choose All Credentials, Edit AWS
Credential file(s).
47
settings icon). Choose AWS Connection Settings, All Credentials, Edit AWS Credential file(s).
3. In the file, add a named profile for each additional connection. Profile names can contain only
the uppercase letters A through Z, the lowercase letters a through z, the numbers 0 through 9,
the hyphen character ( -), and the underscore character ( _). Profile names must be less than 64
characters in length.
Profile with access keys
For example, for a named profile named myuser, use the following format.
[myuser]
Note
The AWS Toolkit for JetBrains currently supports named profiles with only the
following characters: A-Z, a-z, 0-9, underscore (_), and hyphen (-).
Currently, the toolkit supports only the following configuration variables:
• mfa_serial
• role_arn
• source_profile
Reference.
48
Switching between connections
Profile with AWS SSO
With AWS SSO, you can enable multiple connections by adding named profiles that define how
specific accounts are authenticated using single sign-on. Ensure each named profile that you
add to the credentials file has a unique name and assign account-specific values to the SSO
keys. This is shown in the following example.
[profile user2]
region = us-west-2
For more information about the AWS SSO key-value pairs, see defining named profiles for SSO.
4. Save and then close the file. The AWS Toolkit for JetBrains displays the new connection in the AWS
Connection Settings menu in both the status bar and in AWS Explorer.
Now that you have multiple connections, you can switch between them (p. 13), if you want.
Switching between connections

1. Add multiple connections (p. 11), if you haven't done so already.
• On the status bar, choose AWS Connection Settings.

• Open AWS Explorer (p. 18), if it isn't already open, and then choose AWS Connection Settings.
3. Choose the named profile to use for the new connection. If it isn't listed, choose All Credentials, and
then choose the named profile to use.
The AWS Toolkit for JetBrains switches to the new connection. This connection is now selected in the
AWS Connection Settings menu in both the status bar and AWS Explorer.
Changing connection settings

49
Deleting a connection
file(s).
2. Make your changes to the file, and then save and close the file.
Deleting a connection
file(s).
50
Setting an AWS Region
2. In the file, completely delete the named profile (specifying access keys or AWS SSO key-value pairs)
for the connection that you want to delete.
3. Save and then close the file. The AWS Toolkit for JetBrains removes the deleted connection from the
AWS Connection Settings menu in both the status bar and in AWS Explorer.
After you delete a connection, you might need to switch to a different connection (p. 13) or connect for
the first time (p. 8) again.
Setting an AWS Region for the AWS Toolkit for

JetBrains
When you configure the AWS Toolkit for JetBrains to connect to an AWS account, the toolkit sets the
default AWS Region automatically. This topic describes how to get the current AWS Region or to change
it.
Topics
• Getting the current AWS Region (p. 51)
• Switching AWS Regions (p. 52)
Getting the current AWS Region

To check which AWS Region the AWS Toolkit for JetBrains is currently using, do one of the following:
• On the status bar, see the current Region displayed in the AWS Connection Settings area.
• Open AWS Explorer (p. 18), if it isn't already open, and then choose Show Options Menu (the settings
icon). Choose AWS Connection Settings. The current Region is selected.
51
Switching AWS Regions
You can also switch to a different AWS Region (p. 17), if you want.
Switching AWS Regions

To change the AWS Region Do one of the following.
• On the status bar, choose AWS Connection Settings, and then choose the AWS Region that you want
to switch to.
• Open AWS Explorer (p. 18), if it isn't already open. Choose Show Options Menu (the settings icon), and
then choose AWS Connection Settings. If the AWS Region that you want to switch to is listed, choose
it. Otherwise, choose All Regions, and then choose the Region to switch to.
52
HTTP proxy setup
The AWS Toolkit switches to using the new Region, which is now selected in the AWS Connection
Settings menu in both the status bar and the AWS Explorer.
HTTP proxy setup for the AWS Toolkit for

JetBrains
After you install the AWS Toolkit for JetBrains (p. 4), you can configure it to use an HTTP proxy. To
do this, you must have a JetBrains IDE supported by AWS Toolkits already running. Then follow the
appropriate instructions for the HTTP proxy you want:
• CLion – See Configure HTTP proxy on the CLion help website.

• GoLand – See HTTP Proxy on the GoLand help website.
• IntelliJ IDEA – See HTTP Proxy on the IntelliJ IDEA help website.
• WebStorm – See HTTP Proxy on the WebStorm help website.
• JetBrains Rider – See Configure HTTP Proxy on the JetBrains Rider help website.
• PhpStorm – See HTTP Proxy on the PhpStorm help website.
• PyCharm – See HTTP Proxy on the PyCharm help website.
• RubyMine – See HTTP Proxy on the RubyMine help website.
After you complete the preceding instructions, the AWS Toolkit for JetBrains begins using those HTTP
proxy settings.
53
AWS CloudFormation
Working with AWS services by using

the AWS Toolkit for JetBrains
The following topics describe how to use the AWS Toolkit for JetBrains to work with AWS services in an
AWS account.
Topics
• Working with AWS CloudFormation by using the AWS Toolkit for JetBrains (p. 54)
• Working with CloudWatch Logs by using the AWS Toolkit for JetBrains (p. 56)
• Working with Amazon Elastic Container Service by Using the AWS Toolkit for JetBrains (p. 62)
• Working with Amazon EventBridge by using the AWS Toolkit for JetBrains (p. 68)
• Working with AWS Lambda by using the AWS Toolkit for JetBrains (p. 70)
• Accessing Amazon RDS by using the AWS Toolkit for JetBrains (p. 76)
• Accessing Amazon Redshift by using the AWS Toolkit for JetBrains (p. 82)
• Working with Amazon S3 by using the AWS Toolkit for JetBrains (p. 86)
• Working with AWS serverless applications by using the AWS Toolkit for JetBrains (p. 89)
• Working with Amazon SQS by using the AWS Toolkit for JetBrains (p. 97)
Working with AWS CloudFormation by using the

The following topics describe how to use the AWS Toolkit for JetBrains to work with AWS
CloudFormation stacks in an AWS account.
Topics
• Viewing event logs for an AWS CloudFormation stack by using the AWS Toolkit for
JetBrains (p. 54)
• Deleting an AWS CloudFormation stack by using the AWS Toolkit for JetBrains (p. 55)
Viewing event logs for an AWS CloudFormation stack

by using the AWS Toolkit for JetBrains
1. Open AWS Explorer (p. 18), if it isn't already open. If the stack is in an AWS Region that's different
from the current one, switch to a different AWS Region (p. 17) that contains it.
3. To view event logs for the stack, right-click the stack's name. The AWS Toolkit for JetBrains displays
the event logs in the CloudFormation tool window.
To hide or show the CloudFormation tool window, on the main menu, choose View, Tool Windows,
CloudFormation.
54
Deleting a stack
Deleting an AWS CloudFormation stack by using the

Region (p. 17) that contains the stack, do that now.
3. Right-click the name of the stack to delete, and then choose Delete CloudFormation Stack.
55
Amazon CloudWatch Logs
4. Enter the stack's name to confirm it's deleted, and then choose OK. If the stack deletion succeeds,
Explorer. If the stack deletion fails, you can troubleshoot by viewing the event logs for the
stack (p. 33).
Working with CloudWatch Logs by using the AWS

Toolkit for JetBrains
Amazon CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and
AWS services that you use, in a single, highly scalable service. You can then easily view them, search
them for specific error codes or patterns, filter them based on specific fields, or archive them securely for
future analysis. For more information, see What Is Amazon CloudWatch Logs? in the Amazon CloudWatch
User Guide.
The following topics describe how to use the AWS Toolkit for JetBrains to work with CloudWatch Logs in
an AWS account.
Topics
• Viewing CloudWatch log groups and log streams by using the AWS Toolkit for JetBrains (p. 57)
• Working with CloudWatch log events in log streams by using the AWS Toolkit for JetBrains (p. 58)
• Working with CloudWatch Logs Insights by using the AWS Toolkit for JetBrains (p. 60)
56
Viewing CloudWatch log groups and log streams
Viewing CloudWatch log groups and log streams by

using the AWS Toolkit for JetBrains
A log stream is a sequence of log events that share the same source. Each separate source of logs into
CloudWatch Logs makes up a separate log stream.
A log group is a group of log streams that share the same retention, monitoring, and access control
settings. You can define log groups and specify which streams to put into each group. There is no limit
on the number of log streams that can belong to one log group.
For more information, see Working with Log Groups and Log Streams in the Amazon CloudWatch User
Guide.
Topics
• Viewing log groups and log streams with the CloudWatch Logs node (p. 57)
• Viewing log streams with the Lambda node (p. 57)
• Viewing log streams with the Amazon ECS node (p. 58)
Viewing log groups and log streams with the CloudWatch Logs
node
1. Open AWS Explorer (p. 18), if it isn't already open.
2. Click the CloudWatch Logs node to expand the list of log groups.
The log groups for the current AWS Region (p. 51) are displayed under the CloudWatch Logs node.
3. To view the log streams in a log group, do one of the following:
• Double-click the name of the log group.

• Right-click the name of the log group, and then choose View Log Streams.
The log group's contents are displayed in the Log Streams pane. For information about interacting
with the log events in each stream, see Working with CloudWatch log events (p. 58).
Viewing log streams with the Lambda node

You can view CloudWatch Logs for AWS Lambda functions by using the Lambda node in AWS Explorer.
Note
You can also view log streams for all AWS services, including Lambda functions, using the
CloudWatch Logs node in AWS Explorer. We recommend using the Lambda node, however, for
an overview of log data specific to Lambda functions.

2. Click the Lambda node to expand the list of Lambda functions.
57
Working with CloudWatch log events
The Lambda functions for the current AWS Region (p. 51) are displayed beneath the Lambda node.
3. Right-click a Lambda function, and then choose View Log Streams.
The log streams for the function are displayed in the Log Streams pane. For information about
interacting with the log events in each stream, see Working with CloudWatch log events (p. 58).
Viewing log streams with the Amazon ECS node

You can view CloudWatch Logs for clusters and containers that are run and maintained in Amazon Elastic
Container Service by using the Amazon ECS node in AWS Explorer
Note
You can also view log groups for all AWS services, including Amazon ECS, using the CloudWatch
Logs node in AWS Explorer. We recommend using the Amazon ECS node, however, for an
overview of log data specific to Amazon ECS clusters and containers.

2. Click the Amazon ECS node to expand the list of Amazon ECS clusters.
The Amazon ECS clusters for the current AWS Region (p. 51) are displayed beneath the Amazon ECS
node.
3. Right-click a cluster, and then choose View Log Streams.
The log streams for the cluster are displayed in the Log Streams pane.
4. To view log streams for a specific container, click a cluster to expand its list of registered containers.
The containers registered for the cluster are displayed beneath.

5. Right-click a container, and then choose View Container Log Stream.
The log streams for the container are displayed in the Log Streams pane. For information about
interacting with the log events for clusters and containers, see Working with CloudWatch log
events (p. 58).
Working with CloudWatch log events in log streams

After you've opened the Log Steams pane, you can access the log events in each stream. Log events are
records of activity recorded by the application or resource being monitored.
Topics
• Viewing and filtering log events in a stream (p. 58)
• Working with log actions (p. 59)
• Exporting CloudWatch log events to a file or an editor (p. 60)
Viewing and filtering log events in a stream

When you open a log stream, the Log Events pane displays that stream's sequence of log events.
1. To find a log stream to view, open the Log Streams pane (see Viewing CloudWatch log groups and
log streams (p. 57)).
58
Working with CloudWatch log events
Note
You can use pattern matching to locate a stream in a list. Click the Log Streams pane and
start entering text. The first log stream name with text that matches yours is highlighted.
You can also reorder the list by clicking the top of the Last Event Time column.
2. Double-click a log stream to view its sequence of log events.
The Log Events pane displays the log events that make up the log stream.
3. To filter the log events according to content, enter text in the Filter logstream field and press
Return.
The results are log events containing text that's a case-sensitive match with your filter text. The filter
searches the complete log stream, including events not displayed on the screen.
Note
You can also use pattern matching to locate a log event in the pane. Click the Log Events
pane and start entering text. The first log event with text that matches yours is highlighted.
Unlike with Filter logstream search, only on-screen events are checked.
4. To filter log events according to time, right-click a log event, and then choose Show Logs Around.
You can select One Minute, Five Minutes, or Ten Minutes. For example, if you select Five Minutes,
the filtered list shows only log events that occurred five minutes before and after the selected entry.
On the left of the Log Events pane, the log actions (p. 59) offer more ways to interact with log events.
Working with log actions

On the left of the Log Events pane, four log actions allow you to refresh, edit, tail, and wrap CloudWatch
log events.
1. To find log events to interact with, open the Log Streams (p. 58) pane.
2. Choose one of the following log actions:
• Refresh – Updates the list with log events that occurred after the Log Events pane was opened.
• Open in Editor – Opens the on-screen log events in the IDE's default editor.
Note
This action exports only on-screen log events to the IDE editor. To view all the stream's
events in the editor, choose the Export Log Stream (p. 60) option.
59
Working with CloudWatch Logs Insights
• Tail logs – Streams new logs events to the Log Events pane. This is a useful feature for continuous
updates on longer-running services such as Amazon EC2 instances and AWS CodeBuild builds.
• Wrap logs – Displays log event text on multiple lines if the size of the pane hides longer entries.
Exporting CloudWatch log events to a file or an editor

Exporting a CloudWatch log stream enables you to open its log events in the IDE's default editor or
download them to a local folder.
1. To find a log stream to access, open the Log Streams (p. 58) pane.
2. Right-click a log stream, and then choose Export Log Stream, Open in Editor or Export Log Stream,
Save to a File.
• Open in Editor –Opens the log events that make up the selected stream in the IDE's default
editor.
Note
This option exports all events in the log stream to the IDE editor.
• Save to a File – Opens the Download Log Stream dialog box. This enables you to select a
download folder and rename the file containing the log events.
Working with CloudWatch Logs Insights by using the

You can use the AWS Toolkit for JetBrains to work with CloudWatch Logs Insights. CloudWatch Logs
Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. For
more information, see Analyzing Log Data with CloudWatch Logs Insights in the Amazon CloudWatch
Logs User Guide.
IAM permissions for CloudWatch Logs Insights

You need the following permissions to run and view CloudWatch Logs Insights query results:
{
"Version": "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"logs:StartQuery",
"logs:GetQueryResults",
"logs:GetLogRecord",
"logs:describeLogGroups",
"logs:describeLogStreams"
],
"Resource" : "*"
}
]
}
The following permission is not required but will allow the AWS Toolkit for JetBrains to automatically
stop any currently running queries when you close the associated results pane or IDE.
60
{
"Version": "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"logs:StopQuery"
],
"Resource" : "*"
}
]
}

To open the CloudWatch Logs Insights query editor
1. Open AWS Explorer (p. 18).

2. Double-click the CloudWatch Logs node to expand the list of log groups.
3. Right-click on the log group you want to open, and then choose Open Query Editor.
To start a CloudWatch Logs Insights query
1. In the Query Log Groups window, change the query parameters as desired.
You can choose a time range by date or relative time.
The Query Log Groups field accepts the CloudWatch Logs Insights Query Syntax. For more
information, see CloudWatch Logs Insights Query Syntax in the Amazon CloudWatch Logs User
Guide.
2. Choose Execute to begin the query.
To save a CloudWatch Logs Insights query
1. Type a query name.

2. Choose Save Query.
The selected log groups and query are saved to your AWS account. Time ranges are not saved.
You can retrieve and reuse saved queries from the CloudWatch Logs Insights AWS Management
Console page.
To retrieve a saved CloudWatch Logs Insights query
1. In the Query Log Groups window, choose Retrieve Saved Queries.

2. Choose the desired query and choose OK.
The selected log groups and query replace anything in the existing dialog.
To navigate through query results
• In the CloudWatch Logs Insights Query Results window, in the top right corner, choose Open Query
Editor.
61
Amazon ECS
To view an individual log record
• In the query results pane, double-click a row to open a new tab with details about that log record.
You can also navigate to the log record's associated log stream by choosing View Log Stream in the
top right corner.
Working with Amazon Elastic Container Service by

Using the AWS Toolkit for JetBrains
The following topics describe how to use the AWS Toolkit for JetBrains to work with Amazon ECS
resources in an AWS account.
Topics
• Debugging code in an Amazon Elastic Container Service cluster by using the AWS Toolkit for
JetBrains (p. 62)
Debugging code in an Amazon Elastic Container

Service cluster by using the AWS Toolkit for JetBrains
You can use the AWS Toolkit for JetBrains to debug code in an Amazon Elastic Container Service
(Amazon ECS) cluster in an AWS account.
Note
Debugging code in Amazon ECS clusters is currently in beta.
This feature is intended for use a development environment. Do not use this in a production
environment. Debugging code in an Amazon ECS cluster changes the state of resources in
your AWS account including, but not limited to, stopping associated Amazon ECS services
and changing their configurations. Also, manually changing the state of resources while code
debugging is enabled could lead to unpredictable results.
Prerequisites
Before you begin debugging your code, you must have the following:
1. The Docker image that you want to use to debug your code. This image can be hosted in either of
the following:
• Your AWS account's Amazon Elastic Container Registry (Amazon ECR).

• To find an existing image in Amazon ECR, see Pulling an Image in the Amazon Elastic Container
Registry User Guide. See also Using Amazon ECR Images with Amazon ECS in the Amazon
Elastic Container Registry User Guide.
• To create a new image in Amazon ECR, see Pushing an Image in the Amazon Elastic Container
Registry User Guide. See also Using Amazon ECR Images with Amazon ECS in the Amazon
Elastic Container Registry User Guide.
• Docker Hub. (Images that are not hosted in Docker Hub—such as microsoft-dotnet-core-runtime—
are not supported.)
• To find an existing image in Docker Hub, see the Explore - Docker Hub on the Docker Hub
website.
• To create a new image in Docker Hub, see the Docker Hub Quickstart on the Docker
Documentation website.
62
Debugging code in a cluster
Note
If you don't already have an image available, we recommend one of the following:
• For Java, use amazoncorretto for the latest version of Amazon Corretto (a no-
cost, multiplatform, production-ready distribution of the Open Java Development Kit
(OpenJDK)), or one of the other amazoncorretto images listed on the Docker Hub
website that is compatible with the code you want to debug.
• For Python, use python for the latest version of Python, or one of the other python
images listed on the Docker Hub website that is compatible with the code you want to
debug.
• For Node.js, use node for the latest version of Node.js, or one of the other node images
listed on the Docker Hub website that is compatible with the code you want to debug.
2. In your AWS account, an AWS Identity and Access Management (IAM) role with AWS permissions
that are needed by the code you want to debug. This role will be used as the task role by Amazon
Elastic Container Service (Amazon ECS). This task role must also have a trust relationship
with the ecs-tasks.amazonaws.com service principal and must contain a reference to the
AmazonSSMManagedInstanceCore AWS managed policy. For more information, see how to set up
the Amazon ECS task role (p. 64).
3. In your AWS account, an Amazon ECS cluster that contains the service you want to debug. For more
information, see how to set up the Amazon ECS cluster (p. 65).
4. In your AWS account, a specific IAM customer managed policy that you add to the appropriate
IAM entity (such as an IAM user, group, or role) that is associated with AWS credentials you specify
when connecting to the AWS Toolkit for JetBrains. For more information, see how to add the IAM
customer managed policy to the IAM entity (p. 65).
5. On your local development machine, a copy of the code you want to debug.
Debugging code
After you complete the preceding prerequisites (p. 62), you can debug your code as follows:
1. Open AWS Explorer (p. 18), if it isn't already open. If the Amazon ECS cluster (p. 65) is in an AWS
Region that's different from the current one, switch to a different AWS Region (p. 17) that contains
it.
2. Expand ECS, and then expand Clusters.
3. Expand your Amazon ECS cluster, right-click your service, and then choose Enable Cloud
Debugging. For example, in the following screenshot, the cluster is named java, and the service is
named java-service.
4. When prompted, choose your Amazon ECS task role (p. 64), and then choose OK.
The status bar displays the message Configuring Cloud Debugging resource. Wait until the Build
Output tab of the Build tool window displays a successful configuration message. (A related pop-up
also is displayed in the lower-right corner.) This will take several minutes.
63
Note
As you enable code debugging in your AWS account for the first time, the AWS Toolkit for
JetBrains creates an Amazon S3 bucket in your AWS account. The bucket's name follows
the format of do-not-delete-cloud-debug-Region-ID-account-ID. The JetBrains
Toolkit stores information in this bucket to enable code debugging. Do not delete this
bucket or modify its contents. If you do, code debugging might stop working or produce
unexpected results. If you accidentally delete or modify this bucket, the JetBrains Toolkit
will try to recreate the bucket. You can also force the JetBrains Toolkit to recreate the
bucket by choosing Enable Cloud Debugging again as described earlier, or by choosing
Disable Cloud Debugging as described later in this procedure.
5. With the code you want to debug displayed, in the AWS Explorer, expand ECS, expand Clusters,
and then expand your cluster. A service is displayed with a debug icon next to it. This indicates the
service is now enabled for cloud debugging. Right-click the service with the debug icon, and then
choose Debug.
6. Complete the Edit configuration (p. 116) dialog box, and then choose Debug.
Note
To make changes to this configuration later, on the menu bar, choose Run, Edit
Configurations. Then expand Amazon ECS Service Cloud Debug, and choose the service's
name.
7. Use the IDE's built-in debugging tools to debug your code as usual.
8. If you make changes to your code, you can start debugging again. In the AWS Explorer, expand ECS,
expand Clusters, and then expand your cluster. Right-click your service with the debug icon next to
it, and then choose Debug.
9. If you make changes to the associated Dockerfile, you must rebuild and republish the Docker
image, and then repeat this procedure from the beginning.
10. To disable debugging, in the AWS Explorer, expand ECS, expand Clusters, and then expand your
cluster. Right-click your service with the debug icon next to it, and then choose Disable Cloud
Debugging. A pop-up is displayed, confirming that debugging is disabled.
Setting up the Amazon ECS task role

Note that the following information applies to permissions that Amazon ECS needs, which is different
from permissions that the AWS Toolkit for JetBrains needs (p. 65).
To debug code in Amazon Elastic Container Service (Amazon ECS) clusters, you must first have
in your AWS account an AWS Identity and Access Management (IAM) role with AWS permissions
that are needed by the code you want to debug. This role will be used as the task role by Amazon
Elastic Container Service (Amazon ECS). This task role must also have a trust relationship
with the ecs-tasks.amazonaws.com service principal and must contain a reference to the
AmazonSSMManagedInstanceCore AWS managed policy.
To create a role that meets these requirements, see Creating a Role for an AWS Service (Console) in the
IAM User Guide, specifying the following settings:
64
1. For Choose the service that will use this role, choose Elastic Container Service.
2. For Select your use case, choose Elastic Container Service Task.
3. For Attach permissions policies, choose AmazonSSMManagedInstanceCore.
To add additional AWS permissions to an existing Amazon ECS task role, see "To change the permissions
allowed by a role (console)" in Modifying a Role (Console) in the IAM User Guide.
Setting up the Amazon ECS cluster

To debug code in Amazon Elastic Container Service (Amazon ECS) clusters, you must first have in your
AWS account an Amazon ECS cluster that contains the service you want to debug.
Setting Up a Fargate Cluster

To quickly create a Fargate cluster, service, and task definition that meets the minimum requirements,
see Getting Started with Amazon ECS using Fargate in the Amazon Elastic Container Service User Guide
for AWS Fargate. The only required settings are in Step 1: Container and Task. Specifically, after you
specify a name for the container, for Container definition, choose Configure. Then specify an Image
that is compatible with the code you want to debug.
Setting Up an Amazon EC2 Cluster

For information on how to create an Amazon EC2 managed cluster, see Getting Started with Amazon
ECS Using Amazon EC2 in the Amazon Elastic Container Service Developer Guide
Note
If you don't already have an image available, we recommend one of the following:
• For Java, use amazoncorretto for the latest version of Amazon Corretto, or one of the other
amazoncorretto images listed on the Docker Hub website that is compatible with the code
you want to debug.
• For Python, use python for the latest version of Python, or one of the other python images
listed on the Docker Hub website that is compatible with the code you want to debug.
• For Node.js, use node for the latest version of Node.js, or one of the other node images listed
on the Docker Hub website that is compatible with the code you want to debug.
For advanced scenarios, you can create a cluster, task definition, and service independently. To do so, see
the following in the Amazon Elastic Container Service Developer Guide:
• Creating a Cluster – For Select cluster template, you can choose either Networking only (for Fargate)
or EC2 Linux + Networking (for EC2).
• Creating a Task Definition – For Select launch type compatibility, choose the corresponding launch
type.
• Creating a Service – For Configure service, choose the corresponding Launch Type.
Adding the IAM customer managed policy

Note that the following information applies to permissions that the AWS Toolkit for JetBrains needs,
which is different from permissions that Amazon ECS needs (p. 64).
When setting up to debug code in Amazon ECS clusters, we strongly recommend that you follow the
AWS security best practice of granting least privilege. Granting least privilege means granting only the
65
permissions required to perform a task. To grant least privilege for debugging code in Amazon ECS
clusters, you must attach a specific IAM customer managed policy as follows to an IAM entity (such as an
IAM user, group, or role). This IAM entity must be associated with the credentials that you specify when
you connect to the AWS Toolkit for JetBrains (p. 42).
In the following policy statement, permission is granted to two Amazon ECS services named
MyService and MyOtherService as well as to two Amazon ECS task roles named MyTaskRole and
MyOtherTaskRole and two Amazon ECS execution task roles named MyExecutionTaskRole and
MyOtherExecutionTaskRole. Change the names of these example services and task roles to match
your own, and then attach this policy to the appropriate IAM entity.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowedECSServices",
"Effect": "Allow",
"Action": [
"ecs:UpdateService"
],
"Resource": [
"arn:aws:ecs:*:*:service/*/cloud-debug-*",
"arn:aws:ecs:*:*:service/*/MyService",
"arn:aws:ecs:*:*:service/*/MyOtherService"
]
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:ListRoles",
"iam:SimulatePrincipalPolicy"
],
"Resource": "*"
},
{
"Sid": "AllowedIAMRoles",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/MyTaskExecutionRole",
"arn:aws:iam::*:role/MyOtherTaskExecutionRole",
"arn:aws:iam::*:role/MyTaskRole",
"arn:aws:iam::*:role/MyOtherRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/
AWSServiceRoleForECS"
]
},
{
66
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::do-not-delete-cloud-debug-*"
},
{
"Effect": "Allow",
"Action": [
"ecs:ListClusters",
"ecs:ListServices",
"ecs:DescribeServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeTaskDefinition",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream"
],
"Resource": [
"arn:aws:logs:*:*:cloud-debug*"
]
},
{
"Effect": "Allow",
"Action": [
"ecs:CreateService",
"ecs:DeleteService"
],
"Resource": "arn:aws:ecs:*:*:service/*/cloud-debug*"
},
{
"Effect": "Allow",
"Action": [
"ecs:RegisterTaskDefinition"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroupAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
67
Amazon EventBridge
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteTargetGroup"
],
"Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/cloud-debug*"
},
{
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:TerminateSession",
"ssm:ResumeSession",
"ssm:DescribeSessions",
"ssm:GetConnectionStatus"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets"
],
"Resource": "*"
}
]
}
You can use tools such as the IAM console within the AWS Management Console to create an IAM
customer managed policy and then add the policy to the appropriate IAM entity (such as an IAM user,
group, or role).
Working with Amazon EventBridge by using the

The following topic describes how to use the AWS Toolkit for JetBrains to work with Amazon
EventBridge schemas in an AWS account.
Topics
• Working with Amazon EventBridge schemas (p. 68)

You can use the AWS Toolkit for JetBrains to work with Amazon EventBridge Schemas as follows.
Note
Working with EventBridge Schemas is currently supported only by the AWS Toolkit for IntelliJ
and the AWS Toolkit for PyCharm.
The following information assumes you have already set up the AWS Toolkit for JetBrains (p. 39).
Contents
• View an available schema (p. 69)
68
• Find an available schema (p. 69)

• Generate code for an available schema (p. 69)
• Create an AWS Serverless Application Model application that uses an available schema (p. 69)
View an available schema

1. With the AWS Explorer (p. 100) tool window displayed, expand Schemas.
2. Expand the name of the registry that contains the schema you want to view. For example, many of
the schemas that AWS supplies are in the aws.events registry.
3. To view the schema in the editor, right-click the title of the schema, and on the context menu,
choose View Schema.
Find an available schema

With the AWS Explorer (p. 100) tool window displayed, do one of the following:
• Begin typing the title of the schema you want to find. The AWS Explorer highlights the titles of
schemas that contain a match.
• Right-click Schemas, and on the context menu, choose Search Schemas. In the Search EventBridge
Schemas dialog box, begin typing the title of the schema you want to find. The dialog box displays the
titles of schemas that contain a match.
• Expand Schemas. Right-click the name of the registry that contains the schema you want to find,
and then choose Search Schemas in Registry. In the Search EventBridge Schemas dialog box, begin
typing the title of the schema you want to find. The dialog box displays the titles of schemas that
contain a match.
To view a schema in the list of matches, do one of the following:
• To display the schema in the editor, in AWS Explorer, right-click the title of the schema, and then
choose View Schema.
• In the Search EventBridge Schemas dialog box, choose the title of the schema to display the schema.
Generate code for an available schema

1. With the AWS Explorer (p. 100) tool window displayed, expand Schemas.
2. Expand the name of the registry that contains the schema you want to generate code for.
3. Right-click the title of the schema, and then choose Download code bindings.
4. In the Download code bindings dialog box, choose the following:
• The Version of the schema to generate code for.

• The supported programming Language and language version to generate code for.
• The File location where you want to store the generated code on the local development machine.
5. Choose Download.
Create an AWS Serverless Application Model application that

uses an available schema
1. On the File menu, choose New, Project.
69
AWS Lambda
2. In the New Project dialog box, choose AWS.

3. Choose AWS Serverless Application, and then choose Next.
4. Specify the following:
• A Project name for the project.

• A Project location on your local development machine for the project.
• A supported AWS Lambda Runtime for the project.
• An AWS Serverless Application Model (AWS SAM) SAM Template for the project. The choices
currently include the following:
• AWS SAM EventBridge Hello World (EC2 Instance State Change) – When deployed, creates an
AWS Lambda function and an associated Amazon API Gateway endpoint in your AWS account.
By default, this function and endpoint respond only to an Amazon EC2 instance status change.
• AWS SAM EventBridge App from Scratch (for any Event trigger from a Schema Registry)
– When deployed, creates an AWS Lambda function and an associated Amazon API Gateway
endpoint in your AWS account. This function and endpoint can respond to events that are
available in the schema you specify.
If you choose this template, you must also specify the following:
• The named profile, Credentials, to use.
• The AWS Region to use.
• The EventBridge Event Schema to use.
• The version of the SDK to use for the project (Project SDK).
After you create an AWS serverless application project, you can do the following:
• Deploy the application (p. 94)

• Change (update) the application's settings (p. 95)
• Delete the deployed application (p. 96)
You can also do the following with Lambda functions that are part of the application:
• Run (invoke) or debug the local version of a function (p. 72)

• Run (invoke) the remote version of a function (p. 73)
• Change a function's settings (p. 74)
• Delete a function (p. 76)
Working with AWS Lambda by using the AWS

The following topics describe how to use the AWS Toolkit for JetBrains to work with AWS Lambda
functions in an AWS account.
Topics
• Creating an AWS Lambda function by using the AWS Toolkit for JetBrains (p. 71)
• Running (invoking) or debugging the local version of an AWS Lambda function by using the AWS
Toolkit for JetBrains (p. 72)
• Running (invoking) the remote version of an AWS Lambda function by using the AWS Toolkit for
JetBrains (p. 73)
70
Creating a function
• Changing (updating) AWS Lambda function settings by using the AWS Toolkit for JetBrains (p. 74)
• Deleting an AWS Lambda function by using the AWS Toolkit for JetBrains (p. 76)
Creating an AWS Lambda function by using the AWS

You can use the AWS Toolkit for JetBrains to create an AWS Lambda function that is part of an AWS
serverless application. Or you can create a standalone Lambda function.
To create a Lambda function that is part of an AWS serverless application, skip the rest of this topic and
see Creating an application (p. 90) instead.
To create a standalone Lambda function, you must first install the AWS Toolkit for JetBrains (p. 4) and,
if you haven't yet, connect to an AWS account for the first time (p. 8). Then, with IntelliJ IDEA, PyCharm,
WebStorm, or JetBrains Rider already running, do one of the following:
Region (p. 17) to create the function in, do that now. Then right-click Lambda, and choose Create new
AWS Lambda.
Complete the Create Function (p. 102) dialog box, and then choose Create Function. The AWS
Toolkit for JetBrains creates a corresponding AWS CloudFormation stack for the deployment, and
adds the function name to the Lambda list in AWS Explorer. If the deployment fails, you can try to
determine why by viewing event logs for the stack (p. 33).
• Create a code file that implements a function handler for Java, Python, Node.js, or C#.
If you need to switch to a different AWS Region (p. 17) to create the remote function to be run
(invoked), do that now. Then in the code file, choose the Lambda icon in the gutter next to the
function handler, and then choose Create new AWS Lambda. Complete the Create Function (p. 102)
dialog box, and then choose Create Function.
Note
Project settings, Show gutter icons for all potential AWS Lambda handlers. Also, if the
function handler is already defined in the corresponding AWS SAM template, the Create new
AWS Lambda command won't appear.
Explorer, the Lambda list displays the name of the new function.
• If you already have a project that contains an AWS Lambda function, and if you need to first switch
to a different AWS Region (p. 17) to create the function in, do that now. Then in the code file
71
Running (invoking) or debugging a local function
that contains the function handler for Java, Python, Node.js, or C#, choose the Lambda icon in
the gutter next to the function handler. Choose Create new AWS Lambda, complete the Create
Function (p. 102) dialog box, and then choose Create Function.
Note
Project settings, Show gutter icons for all potential AWS Lambda handlers. Also, the Create
new AWS Lambda command won't be displayed if the function handler is already defined in
the corresponding AWS SAM template.
Explorer, the new function's name appears in the Lambda list.
After you create the function, you can run (invoke) or debug the local version of the function (p. 28) or
run (invoke) the remote version (p. 29).
Running (invoking) or debugging the local version of

an AWS Lambda function by using the AWS Toolkit
for JetBrains
To complete this procedure, you must create the AWS Lambda function (p. 27) that you want to run
(invoke) or debug, if you have not created it already.
Note
To run (invoke) or debug the local version of a Lambda function, and run (invoke) or
debug that function locally with any nondefault or optional properties, you must first set
those properties in the function's corresponding AWS SAM template file (for example, in
a file named template.yaml within the project). For a list of available properties, see
AWS::Serverless::Function in the awslabs/serverless-application-model repository on GitHub.
• In the code file that contains the function handler for Java, Python, Node.js, or C#, choose the
Lambda icon in the gutter next to the function handler. Choose Run '[Local]' or Debug '[Local]'.
• With the Project tool window already open and displaying the project that contains the function,
open the project's template.yaml file. Choose the Run icon in the gutter next to the function's
resource definition, and then choose Run '[Local]' or Debug '[Local]'.
72
Running (invoking) a remote function
2. Complete the Edit configuration (local function settings) (p. 108) dialog box if it's displayed, and
beginning.
Running (invoking) the remote version of an AWS

Lambda function by using the AWS Toolkit for
JetBrains
A remote version of an AWS Lambda function is a function whose source code already exists inside of the
Lambda service for an AWS account.
To complete this procedure, you must first install the (p. 4)AWS Toolkit for JetBrains and, if you haven't
yet, connect to an AWS account for the first time (p. 8). Then with IntelliJ IDEA, PyCharm, WebStorm, or
JetBrains Rider running, do the following.
2. Expand Lambda, and confirm that the name of the function is listed. If it is, skip ahead to step 3 in
this procedure.
If the name of the function isn't listed, create the Lambda function (p. 27) that you want to run
(invoke).
If you created the function as part of an AWS serverless application (p. 27), you must also deploy
that application (p. 23).
If you created the function by creating a code file that implements a function handler for Java,
Python, Node.js, or C#, then in the code file, choose the Lambda icon next to the function handler.
Then choose Create new AWS Lambda. Complete the Create Function (p. 102) dialog box, and
then choose Create Function.
3. With Lambda open in AWS Explorer, right-click the name of the function, and then choose Run
'[Remote]'.
73
Changing (updating) function settings
4. Complete the Edit configuration (remote function settings) (p. 114) dialog box if it's displayed, and
beginning.
Changing (updating) AWS Lambda function settings

To use the AWS Toolkit for JetBrains to change (update) the settings for an AWS Lambda function, do
one of the following.
• With the code file open that contains the function handler for Java, Python, Node.js, or C#, on the
main menu, choose Run, Edit Configurations. Complete the Run/Debug Configurations (p. 108)
dialog box, and then choose OK.
Region (p. 17) that contains the function, do that now. Expand Lambda, choose the name of the
function to change the configuration for, and then do one of the following:
• Change settings such as the timeout, memory, environment variables, and execution role – Right-
click the name of the function, and then choose Update Function Configuration.
Complete the Update Configuration (p. 121) dialog box, and then choose Update.
74
Changing (updating) function settings
• Change settings such as the input payload – On the main menu, choose Run, Edit Configurations.
Complete the Run/Debug Configurations (p. 108) dialog box, and then choose OK.
If the configuration details are missing, first expand Templates, AWS Lambda, and then choose
Local (for the local version of the function) or Remote (for the remote version of that same
function). Choose OK, and then repeat this procedure from the beginning.)
• Change settings such as the function handler name or Amazon Simple Storage Service (Amazon
S3) source bucket – Right-click the function name, and then choose Update Function Code.
Complete the Update Code (p. 120) dialog box, and then choose Update.
75
Deleting a function
• Change other available property settings that aren't listed in the preceding bullets – Change
those settings in the function's corresponding AWS SAM template file (for example, in a file named
template.yaml within the project).
For a list of available property settings, see AWS::Serverless::Function in the awslabs/serverless-

application-model repository on GitHub.
Deleting an AWS Lambda function by using the AWS

You can use the AWS Toolkit to delete an AWS Lambda function that is part of an AWS serverless
application, or you can delete a standalone Lambda function.
To delete a Lambda function that is part of an AWS serverless application, skip the rest of this topic and
see Deleting an application (p. 96) instead.
To delete a standalone Lambda function, do the following.
2. Expand Lambda.
3. Right-click the name of the function to delete, and then choose Delete Function.
4. Enter the function's name to confirm the deletion, and then choose OK. If the function deletion
succeeds, the AWS Toolkit for JetBrains removes the function name from the Lambda list.
Accessing Amazon RDS by using the AWS Toolkit

for JetBrains
Using Amazon Relational Database Service (Amazon RDS), you can provision and manage SQL relational
database systems in the cloud. Using AWS Toolkit for JetBrains, you can connect to and interact with the
following Amazon RDS database engines:
• Aurora – A MySQL and PostgreSQL-compatible relational database built for the cloud. For more
information, see the Amazon Aurora User Guide.
76
Prerequisites for accessing Amazon RDS databases
• MySQL – Amazon RDS supports several major versions of the open-source relational database. For
more information, see MySQL on Amazon RDS in the Amazon RDS User Guide.
• PostgreSQL – Amazon RDS supports several major version of the open-source object-relational
database. For more information, see PostgreSQL on Amazon RDS in the Amazon RDS User Guide.
The following topics describe the prerequisites for accessing RDS databases and how to use AWS Toolkit
for JetBrains to connect to a database instance.
Topics
• Prerequisites for accessing Amazon RDS databases (p. 77)
• Connecting to an Amazon RDS database (p. 78)
Prerequisites for accessing Amazon RDS databases

Before you can connect to an Amazon RDS database using AWS Toolkit for JetBrains, you need to
complete the following tasks:
• Create a DB instance and set up its authentication method (p. 77)

• Download and install DataGrip (p. 78)
Creating an Amazon RDS DB instance and configuring an

authentication method
AWS Toolkit for JetBrains enables you to connect to an Amazon RDS DB instance that's already been
created and configured in AWS. A DB instance is an isolated database environment running in the cloud
that can contain multiple user-created databases. For information about creating DB instances for the
supported database engines, see Getting started with Amazon RDS resources in the Amazon RDS User
Guide.
When connecting to a database using AWS Toolkit for JetBrains, users can choose to authenticate using
IAM credentials or Secrets Manager. The following table describes key features and information resources
for both options:
Authentication methods How it works More information
Connect with IAM credentials With IAM database • Identity and access
authentication, you don't need management in Amazon RDS
to store user credentials in the in the Amazon RDS User Guide.
database because authentication • AWS Knowledge Center
is managed externally using article: How do I allow users
AWS Identity and Access to authenticate to an Amazon
Management (IAM) credentials. RDS MySQL DB instance using
their IAM credentials?
By default, IAM database
authentication is disabled on
DB instances. You can enable
IAM database authentication (or
disable it again) using the AWS
Management Console, AWS CLI,
or the API.
77
Connecting to an Amazon RDS database
Connect with AWS Secrets A database administrator can • What is AWS Secrets Manager?
Manager store credentials for a database in the AWS Secrets Manager
as a secret in Secrets Manager. User Guide.
Secrets Manager encrypts and • Tutorial: Rotating a secret for
stores the credentials within the an AWS database in the AWS
secret as the protected secret Secrets Manager User Guide.
text.
• AWS Security Blog: Rotate
When an application with Amazon RDS database
permissions accesses the credentials automatically with
database, Secrets Manager Secrets Manager.
decrypts the protected secret
text and returns it over a secured
channel. The client parses the
returned credentials, connection
string, and any other required
information and then uses
that information to access the
database.
Working with Amazon RDS databases using DataGrip

After you've connected to an Amazon RDS data source, you can start interacting with it. By using
DataGrip from JetBrains, you can carry out database tasks such as writing SQL, running queries, and
importing/exporting data. Features provided by DataGrip are also available in the database plugin for a
range of JetBrains IDEs. For information about DataGrip, see https://www.jetbrains.com/datagrip/.

With AWS Explorer, you can select an Amazon RDS database, choose an authentication method, and
then configure the connection settings. After you've successfully tested the connection, you can start
interacting with the data source using JetBrains DataGrip.
Important
Ensure that you've completed the prerequisites (p. 77) to enable users to access and interact
with Amazon RDS databases.
Select a tab for instructions on connecting to a database instance using your preferred authentication
method.
Connect with IAM credentials

2. Click the Amazon RDS node to expand the list of supported database engines.
3. Click a supported database engine (Aurora, MySQL, or PostgreSQL) node to expand the list of
available database instances.
Note
If you select Aurora, you can choose between expanding a MySQL cluster and a
PostgreSQL cluster.
4. Right-click a database and choose Connect with IAM credentials.
Note
You can also choose Copy Arn to add the database's Amazon Resource Name (ARN) to
your clipboard.
78
5. In the Data Sources and Drivers dialog box, do the following to ensure a database connection
can be opened:
• In the Imported Data Sources pane, confirm that the correct the correct data source is
selected.
• If a message indicates that you need to Download missing driver files, choose Go to Driver
(the wrench icon) to download the required files.
6. In the General tab of the Settings pane, confirm that the following fields display the correct
values:
• Host/Port – The endpoint and port used for connections to the database. For Amazon RDS
databases hosted in the AWS Cloud, endpoints always end with rds.amazon.com. If you're
connecting to a DB instance through a proxy, use these fields to specify the proxy's connection
details.
• Authentication – AWS IAM (authentication using IAM credentials).
• User – The name of your database user account.
• Credentials – The credentials used to access your AWS account.
• Region – The AWS Region where the database is hosted.
• RDS Host/Port – The endpoint and port for the database as listed in the AWS Management
Console. If you're using a different endpoint to connect to a DB instance, specify the proxy's
connection details in the Host/Port fields (described previously).
• Database – The name of the database.
• URL – The URL that the JetBrains IDE will use to connect to the database.
79
Note
For a full description of the connection settings that you can configure using the Data
sources and drivers dialog box, see the documentation for the JetBrains IDE that you're
using.
7. To verify the connection settings are correct, choose Test Connection.
A green check mark indicates a successful test.

8. Choose Apply to apply your settings, and then choose OK to start working with the data source.
The Database tool window opens. This displays the available data sources as a tree with nodes
representing database elements such as schemas, tables, and keys.
Important
To use the Database tool window, you must first download and install DataGrip from
JetBrains. For more information, see https://www.jetbrains.com/datagrip/.
Connect with Secrets Manager

2. Click the Amazon RDS node to expand the list of supported database engines.
3. Click a supported database engine (Aurora, MySQL, or PostgreSQL) node to expand the list of
available database instances.
Note
If you select Aurora, you can choose between expanding a MySQL cluster and a
PostgreSQL cluster.
4. Right-click a database and choose Connect with Secrets Manager.
Note
You can also choose Copy Arn to add the database's Amazon Resource Name (ARN) to
your clipboard.
5. In the Select a Database Secret dialog box, use the drop-down field to pick credentials for the
database, and then choose Create.
can be opened:
• In the Imported Data Sources pane, confirm that the correct the correct data source is
selected.
7. In the General tab of the Settings pane, confirm that the following fields display the correct
values:
• Host/Port – The endpoint and port used for connections to the database. For Amazon RDS
databases hosted in the AWS Cloud, endpoints always end with rds.amazon.com. If you're
connecting to a database through a proxy database, use these fields to specify the proxy's
connection details.
• Authentication – SecretsManager Auth (authentication using AWS Secrets Manager).
• Secret Name/ARN – The name and ARN of the secret containing authentication credentials.
To override the connection settings in the Host/Port fields, select the Use the url and port
from the secret check box.
• Database – The name of the database instance you selected in AWS Explorer.
80
Note
If you're using Secrets Manager for authentication, there are no fields for a user name
and password for the database. This information is contained in the encrypted secret
data portion of a secret.
Note
using.

Important
81
Amazon Redshift
Accessing Amazon Redshift by using the AWS

An Amazon Redshift data warehouse is an enterprise-class relational database query and management
system. With AWS Toolkit for JetBrains, you can connect to and interact with Amazon Redshift clusters.
An Amazon Redshift cluster consists of a collection of nodes that enables clients to query databases
hosted on that cluster.
The following topics describe the prerequisites for accessing Amazon Redshift clusters and how to use
AWS Toolkit for JetBrains to connect to a database in a cluster.
Topics
• Prerequisites for accessing Amazon Redshift clusters (p. 82)
• Connecting to an Amazon Redshift cluster (p. 83)
Prerequisites for accessing Amazon Redshift clusters

Before you start can interacting with an Amazon Redshift cluster using AWS Toolkit for JetBrains, you
need to complete the following tasks:
• Create an Amazon Redshift cluster and set up its authentication method (p. 82)
• Download and install DataGrip (p. 83)
Creating an Amazon Redshift cluster and configuring an

authentication method
AWS Toolkit for JetBrains enables you to connect to an Amazon Redshift cluster that's already created
and configured in AWS. Each cluster contains one or more databases. For information about creating and
configuring Amazon Redshift clusters, see Getting started with Amazon Redshift in the Amazon Redshift
Getting Started.
When connecting to a cluster using AWS Toolkit for JetBrains, users can choose to authenticate using
IAM credentials or AWS Secrets Manager. The following table describes key features and information
resources for both options:
Connect with IAM credentials With IAM database • Identity and access
authentication, you don't need management in Amazon
to store user credentials in the Redshift in the Amazon
database because authentication Redshift Cluster Management
is managed externally using Guide.
AWS Identity and Access
Management (IAM) credentials.
By default, IAM database

authentication is disabled
on database instances. You
can enable IAM database
authentication (or disable
it again) using the AWS
82
Connecting to an Amazon Redshift cluster

Management Console, AWS CLI,
or the API.
Connect with AWS Secrets A database administrator can • What is AWS Secrets Manager?
Manager; store credentials for a database in the AWS Secrets Manager
as a secret in Secrets Manager. User Guide.
Secrets Manager encrypts and • Rotating secrets for Amazon
stores the credentials within the Redshift in the AWS Secrets
secret as the protected secret Manager User Guide.
text.
• AWS Security Blog: How to
When an application with rotate Amazon DocumentDB
permissions accesses the and Amazon Redshift
database, Secrets Manager credentials in Secrets
decrypts the protected secret Manager.
text and returns it over a secured
channel. The client parses the
returned credentials, connection
string, and any other required
information and then uses
that information to access the
database.
Working with Amazon RDS databases using DataGrip

After you've connected to a database in Amazon Redshift cluster, you can start interacting with it. Using
DataGrip from JetBrains, you can carry out database tasks such as writing SQL, running queries, and
importing/exporting data. Features provided by DataGrip are also available in the database plugin for a
range of JetBrains IDEs. For information about DataGrip, see https://www.jetbrains.com/datagrip/.

With AWS Explorer, you can select an Amazon Redshift cluster, choose an authentication method, and
then configure the connection settings. After you've successfully tested the connection, you can start
interacting with the data source using JetBrains DataGrip.
Important
Ensure that you've completed the prerequisites (p. 82) to enable users to access and interact
with Amazon Redshift clusters and databases.
Select a tab for instructions on connecting to a cluster using your preferred authentication method.
Connect with IAM credentials

2. Click the Amazon Redshift node to expand the list of available clusters.
3. Right-click a cluster and choose Connect with IAM credentials.
Note
You can also choose Copy Arn to add the cluster's Amazon Resource Name (ARN) to
your clipboard.
can be opened:
• In the Imported Data Sources pane, confirm that the correct data source is selected.
83
5. On the General tab of the Settings pane, confirm that the following fields display the correct
values:
• Host/Port – The endpoint and port used for connections to the cluster. For Amazon Redshift
clusters hosted in the AWS Cloud, endpoints always end with redshift.amazon.com.
• Authentication – AWS IAM (authentication using IAM credentials).
• User – The name of your database user account.
• Cluster ID – The ID of the cluster you selected in AWS Explorer.
• Database – The name of the database in the cluster you'll connect to.
• URL – The URL that the JetBrains IDE will use to connect to the cluster's database.
Note
using.

84
Important
Connect with Secrets Manager

2. Click the Amazon Redshift node to expand the list of available clusters.
3. Right-click a cluster and choose Connect with Secrets Manager.
Note
You can also choose Copy Arn to add the cluster's Amazon Resource Name (ARN) to
your clipboard.
4. In the Select a Database Secret dialog box, use the drop-down field to pick credentials for the
database, and then choose Create.
can be opened:
• In the Imported Data Sources, confirm that the correct the correct data source is selected.
• If a message appears in the dialog box to Download missing driver files, choose Go to Driver
6. On the General tab of the Settings pane, confirm that the following fields display the correct
values:
• Host/Port – The endpoint and port used for connections to the cluster. For Amazon Redshift
clusters hosted in the AWS Cloud, endpoints always end with redshift.amazon.com.
• Authentication – SecretsManager Auth (authentication using AWS Secrets Manager).
• Credentials – The credentials used to connect to the AWS account.
• Region – The AWS Region where the cluster is hosted.
• Secret Name/ARN – The name and ARN of the secret containing authentication credentials.
If you want to override the connection settings in the Host/Port fields, select the Use the url
and port from the secret check box.
• Database – The name of the database in the cluster you'll connect to.
Note
If you're using AWS Secrets Manager for authentication, there are no fields for
specifying a user name and password for the cluster. This information is contained in
the encrypted secret data portion of a secret.
85
Amazon S3
Note
using.

Important
Working with Amazon S3 by using the AWS Toolkit

for JetBrains
The following topics describe how to use the AWS Toolkit for JetBrains to work with Amazon S3 buckets
and objects in an AWS account.
Topics
• Working with Amazon S3 buckets by using the AWS Toolkit for JetBrains (p. 87)
86
Working with Amazon S3 buckets
• Working with Amazon S3 objects by using the AWS Toolkit for JetBrains (p. 88)
Working with Amazon S3 buckets by using the AWS

Every object you store in Amazon S3 resides in a bucket. You can use buckets to group related objects in
the same way that you use a directory to group files in a file system.
Topics
• Creating an Amazon S3 bucket (p. 87)
• Viewing Amazon S3 buckets (p. 87)
• Deleting an Amazon S3 bucket (p. 87)
Creating an Amazon S3 bucket

2. Right-click the Amazon S3 node and choose Create S3 Bucket.
3. In the Create S3 Bucket dialog box, enter a name for the bucket.
Note
Because Amazon S3 allows your bucket to be used as a URL that can be accessed publicly,
the bucket name that you choose must be globally unique. If some other account has
already created a bucket with the name that you chose, you must use another name. For
more information, see Bucket Restrictions and Limitations in the Amazon Simple Storage
Service Developer Guide.
4. Choose Create.
Viewing Amazon S3 buckets

2. Click the Amazon S3 node to expand the list of buckets.
• The S3 buckets for the current AWS Region (p. 51) are displayed beneath the Amazon S3 node.
Deleting an Amazon S3 bucket

1. Open AWS Explorer (p. 18), if it isn't already.
2. Click the Amazon S3 node to expand the list of buckets.
3. Right-click the bucket to delete, and then choose Delete S3 Bucket.
87
Working with Amazon S3 objects
4. Enter the bucket's name to confirm the deletion, and then choose OK.
• If the bucket contains objects, the bucket is emptied before deletion. A notification is displayed
after the deletion is complete.
Working with Amazon S3 objects by using the AWS

Objects are the fundamental entities stored in Amazon S3. Objects consist of object data and metadata.
Topics
• Viewing an object in an Amazon S3 bucket (p. 88)
• Opening an object in the IDE (p. 88)
• Uploading an object (p. 89)
• Downloading an object (p. 89)
• Deleting an object (p. 89)
Viewing an object in an Amazon S3 bucket

This procedure opens the S3 Bucket Viewer. You can use it to view, upload, download, and delete objects
grouped by folders in an Amazon S3 bucket.

2. To view a bucket's objects, do one of the following:
• Double-click the name of the bucket.

• Right-click the name of the bucket, and then choose View Bucket.
The S3 Bucket Viewer displays information about the bucket's name, Amazon Resource Name (ARN), and
creation date. The objects and folders in the bucket are available in the pane beneath.
Opening an object in the IDE

If the object in an Amazon S3 bucket is a file type recognized by the IDE, you can download a read-only
copy and open it in the IDE.
1. To find an object to download, open the S3 Bucket Viewer (see Viewing an object in an Amazon S3
bucket (p. 88)).
2. Double-click the name of the object.
88
AWS Serverless
The file opens in the default IDE window for that file type.
Uploading an object
1. To find the folder you want to upload objects to, open the S3 Bucket Viewer (see Viewing an object
in an Amazon S3 bucket (p. 88)).
2. Right-click the folder, and then choose Upload.
3. In the dialog box, select the files to upload.
Note
You can upload multiple files at once. You can't upload directories.
4. Choose OK.
Downloading an object
1. To find a folder to download objects from, open the S3 Bucket Viewer (see Viewing an object in an
Amazon S3 bucket (p. 88)).
2. Choose a folder to display its objects.
3. Right-click an object, and then choose Download.
4. In the dialog box, select the download location.
Note
If you're downloading multiple files, ensure you select the path name instead of the folder.
You can't download directories.
5. Choose OK.
Note
If a file already exists in the download location, you can overwrite it or leave it in place by
skipping the download.
Deleting an object
1. To find the object to delete, open the S3 Bucket Viewer (see Viewing an object in an Amazon S3
bucket (p. 88)).
2. After you select the object, delete it by doing one of the following:
• Press Delete.
• Right-click, and then choose Delete.
Note
You can select and delete multiple objects at once.
3. To confirm the deletion, choose Delete.
Working with AWS serverless applications by using

The following topics describe how to use the AWS Toolkit for JetBrains to work with AWS serverless
applications in an AWS account.
Topics
89
Creating an application
• Creating an AWS serverless application by using the AWS Toolkit for JetBrains (p. 90)
• Deploying an AWS serverless application by using the AWS Toolkit for JetBrains (p. 94)
• Changing (updating) AWS Serverless application settings by using the AWS Toolkit for
JetBrains (p. 95)
• Deleting an AWS serverless application by using the AWS Toolkit for JetBrains (p. 96)
Creating an AWS serverless application by using the

To complete this procedure, you must first install the AWS Toolkit (p. 4) and, if you haven't yet, connect
to an AWS account for the first time (p. 8). Then with IntelliJ IDEA, PyCharm, WebStorm, or JetBrains
Rider already running, do the following.
1. With IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider already running, do one of the following:
• For IntelliJ IDEA or WebStorm, choose File, New, Project.

• For PyCharm, choose File, New Project.
• For JetBrains Rider, choose File, New for a new solution. Or right-click an existing solution in the
Explorer tool window, and then choose Add, New Project.
2. For IntelliJ IDEA, choose AWS, AWS Serverless Application, and then choose Next.
For PyCharm, choose AWS Serverless Application.
90
For WebStorm, choose AWS Serverless Application.
For JetBrains Rider, choose AWS Serverless Application.
91
3. Complete the New Project dialog box (or the New Solution dialog box for JetBrains Rider) (p. 105),
and then choose Finish (for IntelliJ IDEA) or Create (for PyCharm, WebStorm, or JetBrains Rider). The
AWS Toolkit for JetBrains creates the project and adds the serverless application's code files to the
new project.
4. If you're using IntelliJ IDEA, with the Project tool window already open and displaying the project
that contains the serverless application's files, do one of the following:
• For Maven-based projects, right-click the project's pom.xml file, and then choose Add as Maven
Project.
92
• For Gradle-based projects, right-click the project's build.gradle file, and then choose Import
Gradle project.
93
Deploying an application
Complete the Import Module from Gradle dialog box, and then choose OK.
After you create the serverless application, you can run (invoke) or debug the local version of an AWS
Lambda function (p. 28) that is contained in that application.
You can also deploy the serverless application (p. 23). After you deploy it, you can run (invoke) the
remote version of a Lambda function (p. 29) that is part of that deployed application.
Deploying an AWS serverless application by using the

To complete this procedure, you must first create the AWS serverless application (p. 19) that you want to
deploy, if you haven't created it already.
Note
function with any nondefault or optional properties, you must first set those properties in
the function's corresponding AWS Serverless Application Model (AWS SAM) template file (for
example, in a file named template.yaml within the project). For a list of available properties,
see AWS::Serverless::Function in the awslabs/serverless-application-model repository on
GitHub.
1. If you need to switch to a different AWS Region (p. 17) to deploy the serverless application, do that
now.
application's files, right-click the project's template.yaml file. Then choose Deploy Serverless
Application.
94
Changing (updating) application settings
3. Complete the Deploy Serverless Application (p. 103) dialog box, and then choose Deploy.
The AWS Toolkit for JetBrains creates a corresponding AWS CloudFormation stack for the
deployment. It also adds the name of the stack to the CloudFormation list in AWS Explorer. If the
deployment fails, you can try to determine why by viewing event logs for the stack (p. 33).
After you deploy it, you can run (invoke) the remote version of an AWS Lambda function (p. 29) that is
part of that deployed application.
Changing (updating) AWS Serverless application

settings by using the AWS Toolkit for JetBrains
You must first deploy the AWS serverless application (p. 23) that you want to change, if you haven't
deployed it already.
Note
function with any nondefault or optional properties, you must first set those properties in the
function's corresponding AWS SAM template file (for example, in a file named template.yaml
within the project). For a list of available properties, see AWS::Serverless::Function in the
awslabs/serverless-application-model repository on GitHub.
95
Deleting an application
application's files, open the project's template.yaml file. Change the file's contents to reflect the
new settings, and then save and close the file.
2. If you need to switch to a different AWS Region (p. 17) to deploy the serverless application to, do
that now.
3. Right-click the project's template.yaml file, and then choose Deploy Serverless Application.
4. Complete the Deploy Serverless Application (p. 103) dialog box, and then choose Deploy. The AWS
Toolkit for JetBrains updates the corresponding AWS CloudFormation stack for the deployment.
If the deployment fails, you can try to determine why by viewing event logs for the stack (p. 33).
Deleting an AWS serverless application by using the

Before deleting an AWS serverless application, you must first deploy it (p. 23).
Region (p. 17) that contains the serverless application, do that now.
96
Amazon SQS
3. Right-click the name of the AWS CloudFormation stack that contains the serverless application you
want to delete, and then choose Delete CloudFormation Stack.
4. Enter the stack's name to confirm the deletion, and then choose OK. If the stack deletion succeeds,
Explorer. If the stack deletion fails, you can try to determine why by viewing event logs for the
stack (p. 33).
Working with Amazon SQS by using the AWS

The following topics describe how to use the AWS Toolkit for JetBrains to work with Amazon SQS.
Standard and FIFO (First-In-Last-Out) are the two kinds of messages you can send using Amazon SQS in
the AWS Toolkit for JetBrains.
To create an Amazon SQS queue
1. Open JetBrains.
2. Open AWS Explorer within the AWS Toolkit for JetBrains (p. 18).
3. Open the context (right-click) menu for SQS, and choose Create Queue....
4. Provide a queue name and choose the queue type (either Standard or FIFO. For more information
on queue types, see the following topics in the Amazon Simple Queue Service Developer Guide:
• Amazon SQS standard queues

• Amazon SQS FIFO (First-In-First-Out) queues
97
Amazon SQS
5. Choose Create.
To view Amazon SQS messages
1. Open JetBrains.
3. Choose the Amazon SQS drop-down arrow to expand your list of queues.
4. Open the context (right-click) menu for that queue and choose View Messages.
5. Choose View Messages to view the messages in this queue. Up to ten messages will be polled.
Messages are immediately returned to the queue after being shown. For information about polling,
see Amazon SQS short and long polling in the Amazon Simple Queue Service Developer Guide.
To edit Amazon SQS queue properties
1. Open JetBrains.
4. Open the context (right-click) menu for the queue that you want to edit and choose Edit Queue
Properties....
5. In the Edit Queue Properties dialog box that opens, review and modify your queue properties. For
more information on Amazon SQS properties, see Configuring queue parameters (console) in the
Amazon Simple Queue Service Developer Guide.
To send Standard messages
1. Open JetBrains.
4. Open the context (right-click) menu for that queue and choose Send a message.
5. Populate the message and choose Send. After you send the message, you see a confirmation that
includes the message ID.
To send FIFO messages
1. Open JetBrains.
4. Open the context (right-click) menu for that queue and choose Send a message.
5. Populate the message, group id, and an optional deduplication id.
Note
If no deduplication id is provided, one will be generated.
6. Choose Send. After you send the message, you see a confirmation that includes the message ID.
To delete an Amazon SQS queue
1. To verify that a queue is empty before you delete it, see COnfirming that a queue is empty in the
Amazon Simple Queue Service Developer Guide.
2. Open JetBrains.
98
Working with Lambda
4. Open the context (right-click) menu for on SQS, and choose Delete Queue....
5. Confirm that you want to delete the queue, and choose OK in the deletion dialog box.
Topics
• Using Amazon SQS with AWS Lambda in the AWS Toolkit for JetBrains (p. 99)
• Using Amazon SQS with Amazon SNS in the AWS Toolkit for JetBrains (p. 99)
Using Amazon SQS with AWS Lambda in the AWS

The following procedure details how to configure Amazon SQS queues as Lambda triggers in the AWS
Toolkit for JetBrains.
To configure an Amazon SQS queue as a Lambda triggers
1. Open JetBrains.
4. Open the context (right-click) menu for the queue you want to use and choose Configure Lambda
Trigger.
5. In the dialog box, from the drop-down menu, choose the Lambda function that you want to trigger.
6. Choose Configure.
7. If the Lambda function lacks the necessary IAM permissions for Amazon SQS to run it, the toolkit
generates a minimal policy that you can add to the IAM role for the Lambda function.
Choose Add Policy.
After you configure your queue, you get a status message about the applied changes, including any
applicable error messages.
Using Amazon SQS with Amazon SNS in the AWS

The following procedure details how to subscribe Standard Amazon SQS queues to Amazon SNS topics
using the AWS Toolkit for JetBrains.
Note
You can't subscribe FIFO Amazon SQS queues to Amazon SNS topics.
To subscribe a Standard Amazon SQS queue to an Amazon SNS topic
1. Open JetBrains.
4. Open the context (right-click) menu for that queue and choose Subscribe to SNS topic....
5. In the dialog box, from the drop-down menu, choose an Amazon SNS topic, and then choose
Subscribe.
99
AWS Explorer
User interface reference for the AWS

For help working with the AWS Toolkit for JetBrains user interface, see the following topics.
Topics
• AWS Explorer (p. 100)
• Create Function dialog box (p. 102)
• Deploy Serverless Application dialog box (p. 103)
• New Project dialog box (p. 105)
• Run/Debug Configurations dialog box (p. 108)
• Update Code dialog box (p. 120)
• Update Configuration dialog box (p. 121)
AWS Explorer
AWS Explorer provides convenient access to several features in the AWS Toolkit for JetBrains. These
include managing connections from the toolkit to AWS accounts, switching AWS Regions, working with
AWS Lambda functions and AWS CloudFormation stacks in accounts, and more.
To open AWS Explorer, with the AWS Toolkit for JetBrains installed (p. 4) and with IntelliJ IDEA, PyCharm,
WebStorm, or JetBrains Rider running, do one of the following:
• On the tool window bar, choose AWS Explorer.
100
AWS Explorer
• On the main menu, choose View, Tool Windows, AWS Explorer.
In AWS Explorer, choose the settings icon (Show Options Menu) for the following options:
AWS Connection Settings
Contains the following options:

• AWS Regions list – The AWS Toolkit for JetBrains uses the selected Region. To have the toolkit use
a different Region, choose another listed Region.
• Recent Credentials list – Lists recent connections made from the AWS Toolkit for JetBrains to
AWS accounts. The toolkit uses the selected connection. To have the toolkit use a different recent
connection, choose that connection's name.
• All Credentials – Lists all available connections that you can make from the AWS Toolkit for
JetBrains to AWS accounts. The toolkit uses the selected connection. To have the toolkit use a
different connection, choose that connection's name. To do other connection tasks (p. 8), choose
AWS Edit Credential file(s).
Note
The AWS Connection Settings area in the status bar displays the AWS account connection
and Region that the AWS Toolkit for JetBrains is currently using.
Choose this area to view the same AWS Connection Settings options as the Show Options
Menu.
View Documentation
Goes to the AWS Toolkit for JetBrains User Guide (this guide).
View Source on GitHub
Goes to the aws/aws-toolkit-jetbrains repository on the GitHub website.

View Mode
Adjusts the AWS Explorer tool window so that you can quickly access it and save space when you
work in the editor or other tool windows.
For IntelliJ IDEA view modes, see Tool window view modes on the IntelliJ IDEA Help website.
For PyCharm view modes, see Tool window view modes on the PyCharm Help website.
For WebStorm view modes, see Tool window view modes on the WebStorm Help website.
101
Create Function dialog box
For JetBrains Rider view modes, see Tool window view modes on the JetBrains Rider Help website.
Move to
Moves the AWS Explorer tool window to a different location in IntelliJ IDEA, PyCharm, WebStorm, or
JetBrains Rider.
Resize
Changes the size of the AWS Explorer tool window.

Remove from Sidebar
Removes the AWS Explorer tool window from the tool window bar. To display it again, on the main
menu bar, choose View, Tool Windows, AWS Explorer.
You can also use AWS Explorer to work with Lambda functions (p. 26) and work with AWS
CloudFormation stacks (p. 32) in AWS accounts.
Create Function dialog box

The Create Function dialog box in the AWS Toolkit for JetBrains is displayed when you create a
standalone AWS Lambda function (p. 27).
The Create Function dialog box contains the following items:
Name
(Required) The function's name. This can contain only the uppercase letters A through Z, the
lowercase letters a through z, the numbers 0 through 9, hyphens (-), and underscores (_). The name
must be less than 64 characters in length.
Description
(Optional) Any meaningful description about the function.

Handler
(Required) The ID of the corresponding function handler for Java, Python, Node.js, or C#.
102
Deploy Serverless Application dialog box
Runtime
(Required) The ID of the Lambda runtime to use.

Timeout (seconds)
(Required) The amount of time that Lambda allows a function to run before stopping it. Specify an
amount up to 900 seconds (15 minutes).
Memory (MB)
(Required) The amount of memory available to the function as it runs. Specify an amount between
128 MB and 3,008 MB in 64-MB increments.
Environment Variables
(Optional) Any environment variables for the Lambda function to use, specified as key-value pairs.
To add, change, or delete environment variables, choose the folder icon, and then follow the on-
screen instructions.
IAM Role
(Required) Choose an available Lambda execution role in the connected AWS account for Lambda
to use for the function. To create an execution role in the account and have Lambda use that role
instead, choose Create, and then follow the on-screen instructions.
Enable AWS X-Ray
(Optional) If selected, Lambda enables AWS X-Ray to detect, analyze, and optimize performance
issues with the function. X-Ray collects metadata from Lambda and any upstream or downstream
services that make up your function. X-Ray uses this metadata to generate a detailed service
graph that shows performance bottlenecks, latency spikes, and other issues that impact function
performance.
Source Bucket
(Required) Choose an available Amazon Simple Storage Service (Amazon S3) bucket in the
connected AWS account for the AWS Serverless Application Model (AWS SAM) command line
interface (CLI) to use to deploy the function to Lambda. To create an Amazon S3 bucket in the
account and have the AWS SAM CLI use that one instead, choose Create, and then follow the on-

The Deploy Serverless Application dialog box in the AWS Toolkit for JetBrains is displayed when you
deploy an AWS serverless application (p. 23).
103
The Deploy Serverless Application dialog box contains the following items:
Create Stack
(Required) Provide the name of the stack for the AWS Serverless Application Model (AWS SAM)
command line interface (CLI) to create in AWS CloudFormation for the connected AWS account. The
AWS SAM CLI then uses this stack to deploy the AWS serverless application.
Update Stack
(Required) Choose the name of an existing AWS CloudFormation stack in the connected AWS
account for the AWS SAM CLI to use to deploy the AWS serverless application.
Note
Either Create Stack or Update Stack is required, but not both.
Template Parameters
(Optional) Any parameters that the AWS Toolkit for JetBrains detects in the corresponding project's
template.yaml file. To specify a value for a parameter, choose the box in the Value column next
to the parameter, enter the value, and then press Enter. For more information, see Parameters in the
AWS CloudFormation User Guide.
S3 Bucket
(Required) Choose an existing Amazon Simple Storage Service (Amazon S3) bucket in the connected
AWS account for the AWS SAM CLI to use to deploy the AWS serverless application. To create an
Amazon S3 bucket in the account and have the AWS SAM CLI use that bucket instead, choose Create,
and then follow the on-screen instructions.
104
New Project dialog box
ECR Repository
(Required for Image package type only) Choose an existing Amazon Elastic Container Registry
(Amazon ECR) repository URI in the connected AWS account for the AWS SAM CLI to use to deploy
the AWS serverless application. For information about AWS Lambda package types, see Lambda
deployment packages in the AWS Lambda Developer Guide.
Require confirmation before deploying
(Optional) If selected, instructs AWS CloudFormation to wait for you to finish creating or updating
the corresponding stack by executing the stack's current change set in AWS CloudFormation. If you
don't execute this change set, the AWS serverless application doesn't move on to the deployment
phase.
Build function inside a container
(Optional) If selected, the AWS SAM CLI builds any of the serverless application's functions inside of
a Lambda-like Docker container locally before deployment. This is useful if the function depends on
packages that have natively compiled dependencies or programs. For more information, see Building
applications in the AWS Serverless Application Model Developer Guide.
New Project dialog box

The New Project dialog box in the AWS Toolkit for JetBrains is displayed when you create an AWS
serverless application (p. 19).
Topics
• New Project dialog box (IntelliJ IDEA, PyCharm, and WebStorm) (p. 105)
• New Project dialog box (JetBrains Rider) (p. 107)
New Project dialog box (IntelliJ IDEA, PyCharm, and

WebStorm)
Note
The following screenshot shows the New Project dialog box for IntelliJ IDEA, but the field
descriptions also apply to PyCharm and WebStorm.
105
New Project dialog box (IntelliJ
IDEA, PyCharm, and WebStorm)
The New Project dialog box contains the following items:
Project name
(Required) The name of the project.

Project location
(Required) The location where IntelliJ IDEA creates the project.

Package Type
(Required) The AWS Lambda function's deployment package type, which can be either Zip or
Image. For information about the difference between Zip and Image package types, see Lambda
Runtime

SAM Template
(Required) The name of the AWS Serverless Application Model (AWS SAM) template to use.
106
New Project dialog box (JetBrains Rider)
Project SDK
(Required) The Java development kit (JDK) to use. For more information, see Java Development Kit
(JDK) on the IntelliJ IDEA Help website.
New Project dialog box (JetBrains Rider)

Note
When you create a new solution, this dialog box contains the title New Solution instead of New
Project. However, the dialog box's contents are the same.
The New Project dialog box contains the following items:
Solution name
(Required) The name of the solution.

Project name
(Required) The name of the project.

Solution directory
(Required) The path to the solution's directory.

Put solution and project in the same directory
(Optional) If selected, puts the solution's files in the same location as the project's files.
107
Run/Debug Configurations dialog box
Create repository
(Optional) If selected, creates a remote repository for the project with the specified provider.
Package Type
(Required) The Lambda function's package type, which can be either Zip or Image. For information
about the difference between Zip and Image package types, see Lambda deployment packages in
the AWS Lambda Developer Guide.
Runtime

SAM Template
(Required) The name of the AWS SAM template to use.

Resulting project structure
(Non-editable) The paths for the created project's directories and files.
Run/Debug Configurations dialog box

The Run/Debug Configurations dialog box in the AWS Toolkit for JetBrains is displayed whenever you
want to alter the run/debug configurations, whether locally, remotely, or in an Amazon Elastic Container
Service (Amazon ECS) cluster.
Topics
• Run/Debug Configurations dialog box (local function settings) (p. 108)
• Run/Debug Configurations dialog box (remote function settings) (p. 114)
• Edit configuration dialog box (Amazon ECS cluster) (p. 116)
Run/Debug Configurations dialog box (local function

settings)
This dialog box is displayed whenever you update settings for the local version of an AWS Lambda
function.
Note
To update settings for the remote version of that same function (the function's source code is
in Lambda in your AWS account), see Run/Debug Configurations dialog box (remote function
settings) (p. 114) instead.
This dialog box contains three tabs: Configuration, SAM CLI, and AWS Connection.
108
Run/Debug Configurations (local)
The Configuration tab of the Run/Debug Configurations dialog box for local function settings contains
the following items:
Name
(Required) The name of this configuration.

Allow parallel run / Allow running in parallel
(Optional) If selected, allows IntelliJ IDEA, PyCharm, WebStorm, or JetBrains Rider to launch as many
1
instances of the configuration to run in parallel as needed.
From handler / From template
(Required) Depending on which option you choose, you must configure additional settings.
109
Runtime

Handler
(Required for the From handler option) The identifier of the corresponding function handler for
Java, Python, Node.js, or C#.
Timeout (seconds)
(Required for the From handler option) The amount of time that Lambda allows a function to run
before stopping it. Specify an amount up to 900 seconds (15 minutes).
Memory (MB)
(Required for the From handler option) The amount of memory available to the function as it runs.
Specify an amount between 128 MB and 3,008 MB in 64-MB increments.
(Optional for the From handler option) Any environment variables for the Lambda function to use,
specified as key-value pairs. To add, change, or delete environment variables, choose the folder icon,
and then follow the on-screen instructions.
Template
(Required for the From template option) The location and file name of the AWS Serverless
Application Model (AWS SAM) template (for example, template.yaml) to use for this
configuration, and the resource in that template to associate with this configuration.
File
(Required) The location and file name of the event data to pass to the function, in JSON format.
For event data examples, see Invoke the Lambda function in the AWS Lambda Developer Guide and
Generating sample event payloads in the AWS Serverless Application Model Developer Guide.
Text
(Required) The event data to pass to the function, in JSON format. For event data examples, see
Invoke the Lambda function in the AWS Lambda Developer Guide and Generating sample event
payloads in the AWS Serverless Application Model Developer Guide.
Note
Either File or Text is required, but not both.
Before launch: window
2
(Optional) Lists any tasks that must be performed before starting this configuration.
Notes
1
For more information, see the following:
• For IntelliJ IDEA, see Common options on the IntelliJ IDEA Help website.
• For PyCharm, see Common options on the PyCharm Help website.
• For WebStorm, see Common options on the WebStorm Help website.
• For JetBrains Rider, see Common options on the JetBrains Rider Help website.
2
• For IntelliJ IDEA, see Before Launch options on the IntelliJ IDEA Help website.
• For PyCharm, see Before Launch options on the PyCharm Help website.
• For WebStorm, see Before Launch options on the WebStorm; Help website.
110
• For JetBrains Rider, see Before Launch options on the JetBrains Rider Help website.
The SAM CLI tab of the Run/Debug Configurations dialog box for local function settings contains the
following items:
Name

1
111
Build function inside a container
(Optional) If selected, the AWS SAM CLI builds any of the serverless application's functions inside of
a Lambda-like Docker container locally before deployment. This is useful if the function depends on
packages that have natively compiled dependencies or programs. For more information, see Building
applications in the AWS Serverless Application Model Developer Guide.
Skip checking for newer container images
(Optional) If selected, the AWS SAM CLI skips pulling down the latest Docker image for the runtime
that is specified on the Configuration tab.
Docker Network
(Optional) The name or ID of an existing Docker network for Lambda Docker containers to connect
to, with the default bridge network. If not specified, the Lambda containers connect only to the
default bridge Docker network.
Before launch: window
2
Notes
1
2
112
The AWS Connection tab of the Run/Debug Configurations dialog box for local function settings
contains the following items:
Credentials
(Required) The name of the existing AWS account connection (p. 8) to use.
Region
(Required) The name of the AWS Region (p. 17) to use for the connected account.
Notes
1
113
Run/Debug Configurations (remote)
2
Run/Debug Configurations dialog box (remote

function settings)
This dialog box displays whenever you update settings for the remote version of an AWS Lambda
function (the function's source code is in Lambda in your AWS account).
Note
To update settings for the local version of that same function, see Run/Debug Configurations
dialog box (local function settings) (p. 108) instead.
Although the name of the dialog box is Run/Debug Configurations, you cannot use the AWS
Toolkit for JetBrains to debug the remote version of a Lambda function. You can only run the
function.
114
Run/Debug Configurations (remote)
The Run/Debug Configurations dialog box for remote function settings contains the following items:
Name

Share / Share through VCS
1
(Optional) If selected, makes this configuration available to other team members.
1
Credentials
Region
Function
(Required) The name of the Lambda function to use.
115
Edit configuration (Amazon ECS cluster)
File
(Required) The location and file name of the event data to pass to the function, in JSON format.
For event data examples, see Invoke the Lambda function in the AWS Lambda Developer Guide and
Generating sample event payloads in the AWS Serverless Application Model Developer Guide.
Text
(Required) The event data to pass to the function, in JSON format. For event data examples, see
Invoke the Lambda function in the AWS Lambda Developer Guide and Generating sample event
payloads in the AWS Serverless Application Model Developer Guide.
Note
Either File or Text is required, but not both.
Before launch: Activate tool window

2
Show this page
2
(Optional) If selected, displays these configuration settings prior to starting this configuration.
Activate tool window
2
(Optional) If selected, opens the Run or the Debug tool window when you start this configuration.
Notes
1
2
Edit configuration dialog box (Amazon ECS cluster)

The Edit configuration dialog box contains two tabs: Configuration and AWS Connection.
116
The Configuration tab of the Edit configuration dialog box contains the following items:
Name

1
1
Cluster
(Required) The name of the Amazon Elastic Container Service (Amazon ECS) cluster to debug.
Service
(Required) The name of the Amazon ECS service in the cluster to debug.
Add Container
Adds a container to this configuration. Optional if at least one tab is already visible. Each tab
represents a separate container.
117
The following items apply to the selected container: Platform, Remote Debug Port, Start
Command, Artifacts Mappings, and Port Mappings.
Platform
(Required) The debug platform to use.

Remote Debug Port
(Optional) The port to attach to the debugger. Generally, you shouldn't specify this unless your
service uses ports 20020-20030. If it does, specify that port here so that the container doesn't try to
bind ports that might otherwise be in use elsewhere.
Start Command
(Required) The command to start your program so that the debugger can attach to it. For Java, it
should start with java and contain no debugger information, such as -Xdebug. For Python, it must
start with python, python2, or python3, followed by the path and name of the file to run.
Artifacts Mappings
(Required) A Local Path on your local development machine that maps to a Remote Path within the
container. You must map all code and artifacts that you plan to run. To specify a local and remote
path mapping, choose Add (the + icon).
Port Mappings
(Optional) A Local Port on your local development machine that maps to a Remote Port within the
container. This enables local ports to communicate directly with ports on a remote resource. For
example, for the command curl localhost:3422, port 3422 maps to some service. To specify a
local and remote port mapping, choose Add (the + icon).
2
Show this page
2
(Optional) If selected, displays these configuration settings before starting this configuration.
2
(Optional) If selected, opens the Run or Debug tool window when you start this configuration.
Notes
1
2
118
The AWS Connection tab of the Edit configuration dialog box contains the following items:
Name

Credentials
Region
1
1
2
119
Update Code dialog box
Show this page

2
(Optional) If selected, displays these configuration settings before starting this configuration.
2
(Optional) If selected, opens the Run or Debug tool window when you start this configuration.
Notes
1
2
Update Code dialog box

The Update Code dialog box in the AWS Toolkit for JetBrains is displayed whenever you update an AWS
Lambda function (p. 23).
The Update Code dialog box contains the following items:
Handler
(Required) The ID of the corresponding Lambda function handler for Java, Python, Node.js, or C#.
Source Bucket
(Required for Zip package type only) Choose an existing Amazon Simple Storage Service (Amazon
S3) bucket in the connected AWS account for the AWS Serverless Application Model (AWS SAM)
command line interface (CLI) to use to deploy the function to Lambda. To create an Amazon S3
bucket in the account and have the AWS SAM CLI use that bucket instead, choose Create, and
then follow the on-screen instructions. For information about Lambda package types, see Lambda
120
Update Configuration dialog box
ECR Repository
(Required for Image package type only) Choose an existing Amazon Elastic Container Registry
(Amazon ECR) repository in the connected AWS account for the AWS SAM CLI to use to deploy the
function to Lambda.

The Update Configuration dialog box in the AWS Toolkit for JetBrains is displayed whenever you update
the configuration for an AWS Lambda function (p. 30). The information that you provide differs slightly
depending on whether the project's Lambda function is of package type Zip or Image.
The Update Configuration dialog box for the Zip package type:
The Update Configuration dialog box for the Image package type:
121
The Update Configuration dialog box contains the following items:
Name
(Required) The function's name. Can contain only the uppercase letters A through Z, the lowercase
letters a through z, the numbers 0 through 9, hyphens (-), and underscores (_). The name must be
less than 64 characters in length.
Description
(Optional) Any meaningful description about the function.

Package Type
(Required) The Lambda function's package type, which can be either Zip or Image.
Handler
(Required for Zip packages only) The ID of the corresponding Lambda function handler for Java,
Python, Node.js, or C#.
Runtime
(Required for Zip packages only) The ID of the Lambda runtime to use.
Timeout (seconds)
(Required) The amount of time that Lambda allows a function to run before stopping it. Specify an
amount up to 900 seconds (15 minutes).
Memory (MB)
(Required) The amount of memory available to the function as it runs. Specify an amount between
128 MB and 3,008 MB in 64-MB increments.
(Optional) Any environment variables for the Lambda function to use, specified as key-value pairs.
To add, change, or delete environment variables, choose the folder icon, and then follow the on-
122
IAM Role
(Required) Choose an available Lambda execution role in the connected AWS account for Lambda
to use for the function. To create an execution role in the account and have Lambda use that role
instead, choose Create, and then follow the on-screen instructions.
Enable AWS X-Ray
(Optional) If selected, Lambda enables AWS X-Ray to detect, analyze, and optimize performance
issues with the function. X-Ray collects metadata from Lambda and any upstream or downstream
services that make up your function. X-Ray uses this metadata to generate a detailed service
graph that shows performance bottlenecks, latency spikes, and other issues that impact function
performance.
123
Data protection
Security for this AWS Product or

Service
Cloud security at Amazon Web Services (AWS) is the highest priority. As an AWS customer, you benefit
from a data center and network architecture that is built to meet the requirements of the most
security-sensitive organizations. Security is a shared responsibility between AWS and you. The Shared
Responsibility Model describes this as Security of the Cloud and Security in the Cloud.
Security of the Cloud – AWS is responsible for protecting the infrastructure that runs all of the services
offered in the AWS Cloud and providing you with services that you can use securely. Our security
responsibility is the highest priority at AWS, and the effectiveness of our security is regularly tested and
verified by third-party auditors as part of the AWS Compliance Programs.
Security in the Cloud – Your responsibility is determined by the AWS service you are using, and other
factors including the sensitivity of your data, your organization’s requirements, and applicable laws and
regulations.
This AWS product or service follows the shared responsibility model through the specific Amazon Web
Services (AWS) services it supports. For AWS service security information, see the AWS service security
documentation page and AWS services that are in scope of AWS compliance efforts by compliance
program.
Topics
• Data protection in AWS Toolkit for JetBrains (p. 124)
• Identity and Access Management for this AWS Product or Service (p. 125)
• Compliance Validation for this AWS Product or Service (p. 125)
• Resilience for this AWS Product or Service (p. 126)
• Infrastructure Security for this AWS Product or Service (p. 126)
Data protection in AWS Toolkit for JetBrains

The AWS shared responsibility model applies to data protection in AWS Toolkit for JetBrains. As
described in this model, AWS is responsible for protecting the global infrastructure that runs all
of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on
this infrastructure. This content includes the security configuration and management tasks for the
AWS services that you use. For more information about data privacy, see the Data Privacy FAQ. For
information about data protection in Europe, see the AWS Shared Responsibility Model and GDPR blog
post on the AWS Security Blog.
For data protection purposes, we recommend that you protect AWS account credentials and set up
individual user accounts with AWS Identity and Access Management (IAM). That way each user is given
only the permissions necessary to fulfill their job duties. We also recommend that you secure your data
in the following ways:
• Use multi-factor authentication (MFA) with each account.

• Use SSL/TLS to communicate with AWS resources. We recommend TLS 1.2 or later.
• Set up API and user activity logging with AWS CloudTrail.
124
Identity and Access Management
• Use AWS encryption solutions, along with all default security controls within AWS services.
• Use advanced managed security services such as Amazon Macie, which assists in discovering and
securing personal data that is stored in Amazon S3.
• If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command
line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints,
see Federal Information Processing Standard (FIPS) 140-2.
We strongly recommend that you never put sensitive identifying information, such as your customers'
account numbers, into free-form fields such as a Name field. This includes when you work with AWS
Toolkit for JetBrains or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that
you enter into AWS Toolkit for JetBrains or other services might get picked up for inclusion in diagnostic
logs. When you provide a URL to an external server, don't include credentials information in the URL to
validate your request to that server.
Identity and Access Management for this AWS

Product or Service
AWS Identity and Access Management (IAM) is an Amazon Web Services (AWS) service that helps
an administrator securely control access to AWS resources. IAM administrators control who can be
authenticated (signed in) and authorized (have permissions) to use resources in AWS services. IAM is an
AWS service that you can use with no additional charge.
To use this AWS product or service to access AWS, you need an AWS account and AWS credentials. To
increase the security of your AWS account, we recommend that you use an IAM user to provide access
credentials instead of using your AWS account credentials.
For details about working with IAM, see AWS Identity and Access Management.
For an overview of IAM users and why they are important for the security of your account, see AWS
Security Credentials in the Amazon Web Services General Reference.
program.
Compliance Validation for this AWS Product or

Service
program.
The security and compliance of AWS services is assessed by third-party auditors as part of multiple AWS
compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others. AWS provides a frequently
updated list of AWS services in scope of specific compliance programs at AWS Services in Scope by
Compliance Program.
Third-party audit reports are available for you to download using AWS Artifact. For more information,
see Downloading Reports in AWS Artifact.
125
Resilience
For more information about AWS compliance programs, see AWS Compliance Programs.
Your compliance responsibility when using this AWS product or service to access an AWS service is
determined by the sensitivity of your data, your organization’s compliance objectives, and applicable
laws and regulations. If your use of an AWS service is subject to compliance with standards such as
HIPAA, PCI, or FedRAMP, AWS provides resources to help:
• Security and Compliance Quick Start Guides – Deployment guides that discuss architectural
considerations and provide steps for deploying security-focused and compliance-focused baseline
environments on AWS.
• Architecting for HIPAA Security and Compliance Whitepaper – A whitepaper that describes how
companies can use AWS to create HIPAA-compliant applications.
• AWS Compliance Resources – A collection of workbooks and guides that might apply to your industry
and location.
• AWS Config – A service that assesses how well your resource configurations comply with internal
practices, industry guidelines, and regulations.
• AWS Security Hub – A comprehensive view of your security state within AWS that helps you check your
compliance with security industry standards and best practices.
Resilience for this AWS Product or Service

The Amazon Web Services (AWS) global infrastructure is built around AWS Regions and Availability
Zones.
AWS Regions provide multiple physically separated and isolated Availability Zones, which are connected
with low-latency, high-throughput, and highly redundant networking.
With Availability Zones, you can design and operate applications and databases that automatically fail
over between Availability Zones without interruption. Availability Zones are more highly available, fault
tolerant, and scalable than traditional single or multiple data center infrastructures.
For more information about AWS Regions and Availability Zones, see AWS Global Infrastructure.
program.
Infrastructure Security for this AWS Product or

Service
program.
126
Document history for the AWS

Toolkit for JetBrains User Guide
The following table lists key documentation updates for the AWS Toolkit for JetBrains User Guide.
For a detailed list of changes to the AWS Toolkit for JetBrains, see the .changes directory in the aws/aws-
toolkit-jetbrains repository on the GitHub website.
update-history-change update-history-description update-history-date
Working with Lambda Using the AWS Toolkit to December 1, 2020

container images with work with AWS Lambda
serverless applications now container images with serverless
available (p. 127) applications is now available.
Working with CloudWatch Logs Using the AWS Toolkit for November 24, 2020
Insights now available (p. 127) JetBrains to work with
CloudWatch Logs Insights is now
available.
Working with Amazon SQS now Using the AWS Toolkit for November 24, 2020
available (p. 127) JetBrains to work with Amazon
Simple Queue Service (Amazon
SQS) is now available.
Working with Amazon RDS Using the AWS Toolkit to September 23, 2020
and Amazon Redshift now work with Amazon Relational
available (p. 127) Database Service (Amazon RDS)
and Amazon Redshift is now
available.
Support for AWS SSO now Support for AWS Single Sign- September 23, 2020
available (p. 127) On now available in the AWS
Toolkit.
AWS Toolkits now available AWS Toolkits are now available May 28, 2020
for four more JetBrains as plugins for four additional
IDEs (p. 127) JetBrains IDEs:
• AWS Toolkit for CLion (for C &

C++ development)
• AWS Toolkit for GoLand (for
Go development)
• AWS Toolkit for PhpStorm
(for PHP development)
• AWS Toolkit for RubyMine (for
Ruby development)
Working with CloudWatch Logs Using the AWS Toolkit to work April 15, 2020
now available (p. 127) with Amazon CloudWatch Logs
is now available.
127
Working with Amazon S3 Using the AWS Toolkit to work March 27, 2020
buckets and objects now with Amazon Simple Storage
available (p. 127) Service (Amazon S3) buckets and
objects is now available.
Working with EventBridge Using the AWS Toolkit to work December 2, 2019
Schemas now with Amazon EventBridge
available (p. 127) Schemas is now available.
Debugging code in Amazon Using the AWS Toolkit to November 25, 2019
ECS clusters now available in debug code in Amazon Elastic
beta (p. 127) Container Service (Amazon ECS)
clusters is now available in beta.
AWS Toolkit for Rider now The AWS Toolkit for Rider is now November 25, 2019
available (p. 127) available.
AWS Toolkit for WebStorm now The AWS Toolkit for WebStorm October 23, 2019
available (p. 127) is now available.
AWS Toolkit for IntelliJ now The AWS Toolkit for IntelliJ is March 27, 2019
generally available (p. 127) now generally available. The
corresponding documentation
has been refreshed accordingly.
Initial release (p. 127) This is the initial release of November 27, 2018
User Guide. The AWS Toolkit
for PyCharm is now generally
available. The AWS Toolkit
for IntelliJ is still in Developer
Preview.
128

Aws Toolkit For Jetbrains: User Guide

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

Aws Toolkit For Jetbrains: User Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aws Toolkit For Jetbrains: User Guide

Uploaded by

Copyright:

Available Formats

AWS Toolkit for JetBrains

AWS Toolkit for JetBrains: User Guide

Accessing credentials ﬁles .................................................................................................. 43

Update Conﬁguration dialog box .............................................................................................. 121

What is the AWS Toolkit for

What the AWS Toolkit for JetBrains includes

• AWS Toolkit for CLion (for C & C++ development)

How to get started

What you can do with the AWS Toolkit for

• All Developer Tools and Products by JetBrains (JetBrains website)

Questions and help

• C & C++ Development

You can also contact us directly.

Report a bug with the AWS Toolkit or make a feature

Contribute to the AWS Toolkit

Key tasks for the AWS Toolkit for

• Install the AWS Toolkit for JetBrains (p. 4)

Install the AWS Toolkit for JetBrains

Installing and conﬁguring AWS Toolkit for JetBrains

1. AWS Command Line Interface (AWS CLI)

Update the AWS Toolkit for JetBrains

1. Open Settings / Preferences.

Conﬁgure the AWS Toolkit for JetBrains to Use an

• CLion – See Conﬁgure HTTP proxy on the CLion help website.

Work with connections from the AWS Toolkit for

• Connect to an AWS account for the ﬁrst time (p. 8)

Connect to an AWS Account for the ﬁrst time

• To open the credentials for editing, do one of the following:

Connect with access keys

... Other file contents omitted for brevity ...

... Other file contents omitted for brevity ...

Connect with AWS SSO

... Named profile in credentials file ...

... Named profile in config file ...

... Other file contents omitted for brevity ...

Add multiple connections

Proﬁle with access keys

... Other file contents omitted for brevity ...

... Other file contents omitted for brevity ...

Switch between connections

• On the status bar, choose AWS Connection Settings.

Change connection settings

Get the current connection

Get the current AWS Region

You can also switch to a diﬀerent AWS Region (p. 17).

Switch between AWS Regions

Open AWS Explorer within the AWS Toolkit for

• On the tool window bar, choose AWS Explorer.

• On the View menu, choose Tool Windows, AWS Explorer.

Work with AWS Serverless Applications

• Create a serverless application (p. 19)

Create a serverless application

• For IntelliJ IDEA or WebStorm, choose File, New, Project.

For PyCharm, choose AWS Serverless Application.

For WebStorm, choose AWS Serverless Application.

For JetBrains Rider, choose AWS Serverless Application.

Deploy a serverless application