codecommit pricing question (multiple roles for each IAM User)

0

my client has around 400 repositories, there are 2 roles for each repository (so around 800 roles), the client has 700 users (so 700 IAM users) that access these repos, on average each user access around 7-8 repos, so each user reach these repos with around 15 different roles. it's unclear to me how the pricing apply.. is my client going to pay for 700 users, or is going to pay for 700 users * 15 average roles = 10,500 ??

thanks.

profile pictureAWS
질문됨 2년 전305회 조회
2개 답변
0
수락된 답변

Dear Corey, My client (I'm an AWS SA) went live and after a deep dive with the service team we clarified the cost.

The bottom line:

  • if they use IAM they pay for Users not by role
  • for federated users, If the customer is using these APIs to obtain credentials, then is one user per role:
    • assume-role
    • get-federation-token
  • If the customer is using any of these APIs to obtain credentials, then the number of users depends on attributes made within their API request.
    • assume-role-with-saml
    • assume-role-with-web-identity

in this case if the Saml data contains a subject which contains a name identifier (e.g., name.lastname@myclient.com). this means that the bill would be based on the number of unique SAML users who assume roles and use CodeCommit (not based on the number of roles they assume).

Bottom line, the last case is the most common one and my customer is paying for each user, despite the number of roles they assume.

Antonio

profile pictureAWS
답변함 일 년 전
0

The bad answer ($10,500), and it also gets worse: if other identities (EC2 instances via instance roles, other AWS services integrated with CodeCommit, etc) are making git / CLI / API requests to CodeCommit, they count as an active user for that month.

As per the pricing docs:

An active user is any unique AWS identity (IAM user/role, federated user, or root account) that accesses AWS CodeCommit repositories during the month, either through Git requests or by using the AWS Management Console, AWS CLI or AWS SDKs. AWS identities that are created through your use of other AWS Services, such as AWS CodeBuild and AWS CodePipeline, as well as servers accessing CodeCommit using a unique AWS identity, count as active users. There is no charge for a user if that user does not access AWS CodeCommit during the month. Storage includes the full space required to retain the repository data.

profile picture
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인