Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Restricting CodeCommit PR merges to non-authors

0

Hello.

Our organization needs to ensure that developers who open a PR into the main branch of a given CodeCommit Repository cannot merge that same PR. How can this be accomplished?

(We already use an approval rule template to ensure that only members of a certain IAM group can approve such PRs, but our SOC Auditor has requested the additional restriction.)

Thanks, – benton

Temas
Herramientas para desarrolladoresSeguridad, identidad y cumplimiento
Etiquetas
AWS CodeCommitPolíticas de IAM
Idioma
English
benton
preguntada hace 5 meses186 visualizaciones
1 Respuesta
0

Hello,

The recommended approach to accomplish this is with the use of Approval Rule templates where until the conditions of the templates are not satisfied, the PR will not be merged.

There is a feature where you can also override approval rules for a pull request[1], however if the OverridePullRequestApprovalRules API call[2] is denied for an IAM user, the user cannot override the rules.

[1] Override approval rules on a pull request - https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-override-approval-rules.html

[2] OverridePullRequestApprovalRules - https://docs.aws.amazon.com/codecommit/latest/APIReference/API_OverridePullRequestApprovalRules.html

Therefore, suggesting you to limit your developers for the above API call, and use Approval Rule templates for controlling who can merge the pull requests.

Hoping that the above helps. Thank you.

AWS
INGENIERO DE SOPORTE
AWS-User-arpit
respondido hace 5 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante