Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Restricting CodeCommit PR merges to non-authors

0

Hello.

Our organization needs to ensure that developers who open a PR into the main branch of a given CodeCommit Repository cannot merge that same PR. How can this be accomplished?

(We already use an approval rule template to ensure that only members of a certain IAM group can approve such PRs, but our SOC Auditor has requested the additional restriction.)

Thanks, – benton

Argomenti
Strumenti per sviluppatoriSicurezza, identità e conformità
Tag
AWS CodeCommitPolitiche IAM
Lingua
English
benton
posta 5 mesi fa186 visualizzazioni
1 Risposta
0

Hello,

The recommended approach to accomplish this is with the use of Approval Rule templates where until the conditions of the templates are not satisfied, the PR will not be merged.

There is a feature where you can also override approval rules for a pull request[1], however if the OverridePullRequestApprovalRules API call[2] is denied for an IAM user, the user cannot override the rules.

[1] Override approval rules on a pull request - https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-override-approval-rules.html

[2] OverridePullRequestApprovalRules - https://docs.aws.amazon.com/codecommit/latest/APIReference/API_OverridePullRequestApprovalRules.html

Therefore, suggesting you to limit your developers for the above API call, and use Approval Rule templates for controlling who can merge the pull requests.

Hoping that the above helps. Thank you.

AWS
TECNICO DI SUPPORTO
AWS-User-arpit
con risposta 5 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente