Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Block read access to a branch in a CodeCommit Repository

0

I have created a repository in CodeCommit. It has one master branch and a few other branches such as module-1, module-2, module-3, module-4, and module-5. I have created 3 groups(org-1, org-2, org-3) and each group has 10 users. Now I am trying to figure out to achieve the following level of restriction.

module-1 - org-1 users only - view and modify

module-2 - org-2 users only - view and modify

module-3 - org-3 users only - view and modify

module-4 - org-1 users and org-2 users only - view and modify

module-5 - all group users can access - read-only

I am trying to enforce policies but can not achieve this. I can block write access successfully, but when it comes to blocking read access for a particular branch and making a branch invisible for a certain user group, cannot achieve that. Can you please help me with this scenario? Thanks in advance.

Themen
EntwicklertoolsSicherheit, Identität & Konformität
Tags
AWS CodeCommitIAM-Richtlinien
Sprache
English
rePost-User-9954439
gefragt vor 2 Jahren620 Aufrufe
1 Antwort
0

Hello,

Review the IAM actions for CodeCommit [1] and you will see access control at the branch level is limited to write actions only. Unfortunately, read actions are limited to just the repository and cannot get more granular. If you wish to control read access, it will be necessary to break out the branches to separate repositories.

[1] https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscodecommit.html

AWS
Justin G
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt