Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Restricting CodeCommit PR merges to non-authors

0

Hello.

Our organization needs to ensure that developers who open a PR into the main branch of a given CodeCommit Repository cannot merge that same PR. How can this be accomplished?

(We already use an approval rule template to ensure that only members of a certain IAM group can approve such PRs, but our SOC Auditor has requested the additional restriction.)

Thanks, – benton

Tópicos
Ferramentas do desenvolvedorSegurança, identidade e conformidade
Tags
AWS CodeCommitPolíticas do IAM
Idioma
English
benton
feita há 5 meses186 visualizações
1 Resposta
0

Hello,

The recommended approach to accomplish this is with the use of Approval Rule templates where until the conditions of the templates are not satisfied, the PR will not be merged.

There is a feature where you can also override approval rules for a pull request[1], however if the OverridePullRequestApprovalRules API call[2] is denied for an IAM user, the user cannot override the rules.

[1] Override approval rules on a pull request - https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-override-approval-rules.html

[2] OverridePullRequestApprovalRules - https://docs.aws.amazon.com/codecommit/latest/APIReference/API_OverridePullRequestApprovalRules.html

Therefore, suggesting you to limit your developers for the above API call, and use Approval Rule templates for controlling who can merge the pull requests.

Hoping that the above helps. Thank you.

AWS
ENGENHEIRO DE SUPORTE
AWS-User-arpit
respondido há 5 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante