我是CodeCommit的新手。我正在寻找一种方法来限制用户在远程创建分支,但允许他将文件推送到分支。
我创建了一个 IAM 策略来拒绝创建分支,但我允许他将文件推送到分支。
IAM 策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"codecommit:CreateBranch",
"codecommit:MergeBranchesByFastForward",
"codecommit:MergeBranchesBySquash",
"codecommit:MergeBranchesByThreeWay",
"codecommit:DeleteBranch"
],
"Resource": "arn:aws:codecommit:us-east-2:*********:MyTestReo",
"Condition": {
"ForAnyValue:StringEqualsIfExists": {
"codecommit:References": "refs/heads/myBranchName"
}
}
}
]
}
但是用户能够使用以下命令创建分支。
git checkout -b <branchname>
git add . && git commit -m "message"
git push --set-upstream origin <branchname>
请尝试以下 IAM 策略:
{
"Sid": "VisualEditor",
"Effect": "Deny",
"Action": [
"codecommit:CreateBranch",
"codecommit:MergeBranchesByFastForward",
"codecommit:MergeBranchesBySquash",
"codecommit:MergeBranchesByThreeWay",
"codecommit:DeleteBranch"
],
"Resource": [
"arn:aws:codecommit:us-east-2:*********:MyTestReo"
],
"Condition": {
"StringEqualsIfExists": {
"codecommit:References": [
"refs/heads/myBranchName"
]
},
"Null": {
"codecommit:References": false
}
}
}