/CodeCommitBranchProtectionRule

Code Commit Branch Protection Rule

Create a code commit repository and then create a new branch where developer can make their changes and can create a pull request

image

Then go to this option to create a request approval.

image

Create a template -

image

Now make changes in the Branch and create the PR

It will ask Shruti.Vij IAM user to review and approve the changes.

  • Approve the request

Note - You can not approve your own created PR.

Security Policy to restrict the Actions on the Specified Branches

Create a IAM policy and attach it to the user , you want to restrict the actions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "codecommit:GitPush",
                "codecommit:DeleteBranch",
                "codecommit:PutFile",
                "codecommit:MergeBranchesByFastForward",
                "codecommit:MergeBranchesBySquash",
                "codecommit:MergeBranchesByThreeWay",
                "codecommit:MergePullRequestByFastForward",
                "codecommit:MergePullRequestBySquash",
                "codecommit:MergePullRequestByThreeWay"
            ],
            "Resource": "<REPO-ARN>",
            "Condition": {
                "StringEqualsIfExists": {
                    "codecommit:References": [
                        "refs/heads/main",
                        "refs/heads/uat",
                        "refs/heads/prod"
                    ]
                },
                "Null": {
                    "codecommit:References": false
                }
            }
        }
    ]
}

It will restrict the user to perform these actions.