AWS CodeCommit IAM最低权限
列出所有的repo,但是只有特定的repo拥有所有读取权限,最低限度的create branch / merge branch / git push / create pull request 权限
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codecommit:ListRepositories"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"codecommit:ListRepositoriesForApprovalRuleTemplate",
"codecommit:GetApprovalRuleTemplate",
"codecommit:ListApprovalRuleTemplates",
"codecommit:CreateBranch",
"codecommit:GetTree",
"codecommit:ListPullRequests",
"codecommit:GetBlob",
"codecommit:GetReferences",
"codecommit:CreateCommit",
"codecommit:GetPullRequestApprovalStates",
"codecommit:DescribeMergeConflicts",
"codecommit:ListTagsForResource",
"codecommit:BatchDescribeMergeConflicts",
"codecommit:GetCommentsForComparedCommit",
"codecommit:ListFileCommitHistory",
"codecommit:GetCommentReactions",
"codecommit:GetCommit",
"codecommit:GetComment",
"codecommit:GetCommitHistory",
"codecommit:GetCommitsFromMergeBase",
"codecommit:BatchGetCommits",
"codecommit:DescribePullRequestEvents",
"codecommit:CreatePullRequest",
"codecommit:GetPullRequest",
"codecommit:MergeBranchesBySquash",
"codecommit:ListAssociatedApprovalRuleTemplatesForRepository",
"codecommit:ListBranches",
"codecommit:GetPullRequestOverrideState",
"codecommit:GetRepositoryTriggers",
"codecommit:GitPull",
"codecommit:BatchGetRepositories",
"codecommit:GetCommentsForPullRequest",
"codecommit:GetObjectIdentifier",
"codecommit:CancelUploadArchive",
"codecommit:GetFolder",
"codecommit:BatchGetPullRequests",
"codecommit:GetFile",
"codecommit:GetUploadArchiveStatus",
"codecommit:EvaluatePullRequestApprovalRules",
"codecommit:GetDifferences",
"codecommit:GetRepository",
"codecommit:GetBranch",
"codecommit:GetMergeConflicts",
"codecommit:GetMergeCommit",
"codecommit:GitPush",
"codecommit:GitClone",
"codecommit:GetMergeOptions"
],
"Resource": [
"arn:aws:codecommit:ap-southeast-1:11111:test2",
"arn:aws:codecommit:ap-southeast-1:11111:test3"
]
}
]
} 
Facebook评论