- 최신
- 최다 투표
- 가장 많은 댓글
CodeCommit access is managed through IAM policies, more specifically so called Identity-based policies (see IAM policy overview). These policies allows a user to call the CodeCommit APIs.
In the context of the Identity Center, these policies exist in so called Permission Sets, which can have inline-policies, customer managed policies and AWS managed policies attached to them.
When granting permission to a user or group, you assign them to an AWS account and select a permission set that has the required policy documents, which in your case for example allows them to call the CodeCommit APIs in the specified AWS account. See the Assign user access section in our docs.
This in turn creates a corresponding IAM role in the target account with the policy documents. Your user can then assume this role through the Identity Center login portal (you can find the link for that in the Identity Center settings -> Identity source tab -> "AWS access portal URL") or the aws cli.
Once the user has assumed the role through the Identity Center, they can interact with CodeCommit by navigating to it in the AWS console or call the APIs directly by using the cli.
Hope this helps: https://repost.aws/knowledge-center/assign-user-access-aws-sso, in particular this sub link: https://docs.aws.amazon.com/singlesignon/latest/userguide/assignuserstoapp.html
관련 콘텐츠
- AWS 공식업데이트됨 3년 전