AWS CodeCommit IAM最低权限

列出所有的repo,但是只有特定的repo拥有所有读取权限,最低限度的create branch / merge branch / git push / create pull request 权限

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "codecommit:ListRepositories"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "codecommit:ListRepositoriesForApprovalRuleTemplate",
                "codecommit:GetApprovalRuleTemplate",
                "codecommit:ListApprovalRuleTemplates",
                "codecommit:CreateBranch",
                "codecommit:GetTree",
                "codecommit:ListPullRequests",
                "codecommit:GetBlob",
                "codecommit:GetReferences",
                "codecommit:CreateCommit",
                "codecommit:GetPullRequestApprovalStates",
                "codecommit:DescribeMergeConflicts",
                "codecommit:ListTagsForResource",
                "codecommit:BatchDescribeMergeConflicts",
                "codecommit:GetCommentsForComparedCommit",
                "codecommit:ListFileCommitHistory",
                "codecommit:GetCommentReactions",
                "codecommit:GetCommit",
                "codecommit:GetComment",
                "codecommit:GetCommitHistory",
                "codecommit:GetCommitsFromMergeBase",
                "codecommit:BatchGetCommits",
                "codecommit:DescribePullRequestEvents",
                "codecommit:CreatePullRequest",
                "codecommit:GetPullRequest",
                "codecommit:MergeBranchesBySquash",
                "codecommit:ListAssociatedApprovalRuleTemplatesForRepository",
                "codecommit:ListBranches",
                "codecommit:GetPullRequestOverrideState",
                "codecommit:GetRepositoryTriggers",
                "codecommit:GitPull",
                "codecommit:BatchGetRepositories",
                "codecommit:GetCommentsForPullRequest",
                "codecommit:GetObjectIdentifier",
                "codecommit:CancelUploadArchive",
                "codecommit:GetFolder",
                "codecommit:BatchGetPullRequests",
                "codecommit:GetFile",
                "codecommit:GetUploadArchiveStatus",
                "codecommit:EvaluatePullRequestApprovalRules",
                "codecommit:GetDifferences",
                "codecommit:GetRepository",
                "codecommit:GetBranch",
                "codecommit:GetMergeConflicts",
                "codecommit:GetMergeCommit",
                "codecommit:GitPush",
                "codecommit:GitClone",
                "codecommit:GetMergeOptions"
            ],
            "Resource": [
                "arn:aws:codecommit:ap-southeast-1:11111:test2",
                "arn:aws:codecommit:ap-southeast-1:11111:test3"
            ]
        }
    ]
}

Loading

Facebook评论