Apply the IAM policy to an IAM group or role
To create a conditional policy for branches
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Policies.
Choose Create policy.
Choose JSON, and then paste the following example policy. Replace the value of Resource with the ARN of the repository that contains the branch for which you want to restrict access. Replace the value of codecommit:References with a reference to the branch or branches to which you want to restrict access. For example, this policy denies pushing commits, merging branches, deleting branches, merging pull requests, and adding files to a branch named main and a branch named prod in a repository named MyDemoRepo:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"codecommit:GitPush",
"codecommit:GetBranch",
"codecommit:GetCommit"
],
"Resource": "arn:aws:codecommit:us-east-2:111111111111:MyDemoRepo",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": true
}
}
},
{
"Sid": "Statement2",
"Effect": "Deny",
"Action": [
"codecommit:GitPush",
"codecommit:GetBranch",
"codecommit:GetCommit"
],
"Resource": "arn:aws:codecommit:us-east-2:111111111111:MyDemoRepo",
"Condition": {
"StringEqualsIfExists": {
"codecommit:References": [
"refs/heads/prod"
]
},
"Null": {
"codecommit:References": "false"
},
"Bool": {
"aws:MultiFactorAuthPresent": true
}
}
}
]
}
Top comments (0)