AmazonCodeCommit 的托管策略 - Amazon CodeCommit
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AmazonCodeCommit 的托管策略

要向用户、组和角色添加权限,与自己编写策略相比,使用 Amazon 托管策略更简单。创建仅为团队提供所需权限的 IAM 客户托管策略需要时间和专业知识。要快速入门,您可以使用我们的 Amazon 托管策略。这些策略涵盖常见使用案例,可在您的 Amazon Web Services 账户 中使用。有关 Amazon 托管策略的更多信息,请参阅 IAM 用户指南中的Amazon 托管策略

Amazon 服务负责维护和更新 Amazon 托管策略。您无法更改 Amazon 托管策略中的权限。服务偶尔会向 Amazon 托管策略添加额外权限以支持新功能。此类更新会影响附加策略的所有身份(用户、组和角色)。当启动新功能或新操作可用时,服务最有可能会更新 Amazon 托管策略。服务不会从 Amazon 托管策略中删除权限,因此策略更新不会破坏您的现有权限。

此外,Amazon 还支持跨多种服务的工作职能的托管策略。例如,ReadOnlyAccess Amazon 托管策略提供对所有 Amazon 服务和资源的只读访问权限。当服务启动新功能时,Amazon会为新操作和资源添加只读权限。有关工作职能策略的列表和说明,请参阅 IAM 用户指南中的适用于工作职能的 Amazon 托管策略

Amazon通过提供由创建和管理的独立 IAM 策略来满足许多常用案例的要求。Amazon这些 Amazon 托管策略将授予针对常用案例的必要权限。CodeCommit 托管策略还提供在其他服务(如 IAM、Amazon SNS 和 Amazon CloudWatch Events)中执行操作的权限,这是授予了相关策略的用户职责所必需的。例如,AWSCodeCommitFullAccess 策略是管理级用户策略,允许具有此策略的用户为存储库创建和管理 CloudWatch 事件规则(名称前缀为的规则)。codecommit) 和 Amazon SNS 主题,用于有关存储库相关事件(名称前缀为的主题)的通知codecommit),以及在 CodeCommit 中管理仓库。

以下Amazon托管策略(您可以将它们附加到您的账户中的用户)特定于 CodeCommit。

Amazon托管策略:AWSCodeCommitFullAccess

您可以将 AWSCodeCommitFullAccess 策略附加得到 IAM 身份。此策略授予对 CodeCommit 的完全访问权限。此策略只应授予您希望对 CodeCommit 存储库及您的 Amazon Web Services 账户中的相关资源具有完全控制权限 (包括删除存储库的能力) 的管理级用户。

AAWSCodeCommitFullAccess 策略包含以下策略语句:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:*" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }

Amazon托管策略:AWSCodeCommitPowerUser

您可以将 AWSCodeCommitPowerUser 策略附加得到 IAM 身份。此策略允许用户访问 CodeCommit 和存储库相关资源的所有功能,但不允许删除 CodeCommit 存储库或在其他中创建或删除存储库相关资源。AmazonAmazon CloudWatch Events 等服务。建议对大多数用户应用此策略。

AAWSCodeCommitPowerUser 策略包含以下策略语句:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }

Amazon托管策略:AWSCodeCommitReadOnly

您可以将 AWSCodeCommitReadOnly 策略附加得到 IAM 身份。此策略授予对 CodeCommit 和其他存储库相关的资源的只读访问权限Amazon以及创建和管理其自己的 CodeCommit 相关资源 (如供其 IAM 用户在访问存储库时使用的 Git 凭证和 SSH 密钥) 的能力。针对希望向其授予读取存储库内容的能力但不能对内容进行任何更改的用户,应用此策略。

AAWSCodeCommitReadOnly 策略包含以下策略语句:

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Describe*", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:GitPull" ], "Resource":"*" }, { "Sid":"CloudWatchEventsCodeCommitRulesReadOnlyAccess", "Effect":"Allow", "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Resource":"arn:aws:events:*:*:rule/codecommit*" }, { "Sid":"SNSSubscriptionAccess", "Effect":"Allow", "Action":[ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource":"*" }, { "Sid":"LambdaReadOnlyListAccess", "Effect":"Allow", "Action":[ "lambda:ListFunctions" ], "Resource":"*" }, { "Sid":"IAMReadOnlyListAccess", "Effect":"Allow", "Action":[ "iam:ListUsers" ], "Resource":"*" }, { "Sid":"IAMReadOnlyConsoleAccess", "Effect":"Allow", "Action":[ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials", "iam:GetSSHPublicKey" ], "Resource":"arn:aws:iam::*:user/${aws:username}" }, { "Sid":"CodeStarNotificationsReadOnlyAccess", "Effect":"Allow", "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Resource":"*", "Condition":{ "StringLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*" } } }, { "Sid":"CodeStarNotificationsListAccess", "Effect":"Allow", "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource":"*" }, { "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }

CodeCommit 托管策略和通知

Amazon CodeCommit 支持通知功能,可以向用户通知存储库的重要更改。CodeCommit 的托管策略包含通知功能的策略语句。有关更多信息,请参阅什么是通知?

完全访问托管策略中的通知的相关权限

AWSCodeCommitFullAccess 托管策略包含以下语句,以允许对通知进行完全访问。应用了此托管策略的用户还可以创建和管理 Amazon SNS 主题以进行通知、为用户订阅和取消订阅主题、列出要选择作为通知规则目标的主题以及列出。Amazon Chatbot为 Slack 配置的客户端。

{ "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit:*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource," "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }

只读托管策略中的通知的相关权限

AWSCodeCommitReadOnlyAccess 托管策略包含以下语句,以允许对通知进行只读访问。应用此托管策略的用户可以查看资源的通知,但无法创建、管理或订阅这些通知。

{ "Sid": "CodeStarNotificationsPowerUserAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit:*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource": "*" }

其他托管策略中的通知的相关权限

AWSCodeCommitPowerUser 托管策略包含以下语句,以允许用户创建、编辑和订阅通知。用户无法删除通知规则或管理资源的标签。

{ "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }

有关 IAM 和通知的更多信息,请参阅适用于 AWS CodeStar 通知的 Identity and Access Management.

Amazon CodeCommitAmazon CodeGuru Reviewer

CodeCommit 支持 Amazon CodeGuru Reviewer,后者是一个自动代码审查服务,它使用程序分析和机器学习来检测 Java 或 Python 代码中的常见问题并推荐修复方法。CodeCommit 的托管策略包含 CodeGuru Reviewer 功能的策略语句。有关更多信息,请参阅 。什么是 Amazon CodeGuru Reviewer.

在 awscodeCommit FullAccess 中与 CodeCodeGuru Reviewer 相关的权限

这些区域有:AWSCodeCommitFullAccess托管策略包含以下语句,以允许 CodeGuru Reviewer 与 CodeCommit 存储库关联和取消关联。应用了此托管策略的用户还可以查看 CodeCommit 存储库与 CodeGuru Reviewer 之间的关联状态,并查看拉取请求的审查作业状态。

{ "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }

在 awscodeCommit PowerUser 中与 CodeCodeGuru Reviewer 相关的权限

这些区域有:AWSCodeCommitPowerUser托管策略包含以下语句,以允许用户将存储库与 CodeGuru Reviewer 关联和取消关联,并查看拉取请求的审查作业状态。

{ "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }

在 awscodeCommit ReadOnly 中与 CodeCodeGuru Reviewer 相关的权限

这些区域有:AWSCodeCommitReadOnlyAccess托管策略包含以下语句,以允许对 CodeGuru Reviewer 关联状态进行只读访问,并查看拉取请求的审查作业状态。应用了此托管策略的用户无法关联或取消关联存储库。

{ "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }

Amazon CodeGuru Reviewer 服务相关角色

将存储库与 CodeGuru Reviewer 关联时,系统会创建一个服务相关角色,以便 CodeGuru Reviewer 能检测拉取请求中 Java 或 Python 代码的问题并推荐修复方法。Amazon CodeGurureViewer 的服务相关角色命名为 Amazon SERVICENEROE。有关更多信息,请参阅 。将服务相关角色用于 Amazon CodeGuru Reviewer.

有关更多信息,请参阅 IAM 用户指南中的Amazon托管策略

CodeCommit 更新为Amazon托管策略

查看有关更新的详细信息Amazon从该服务开始跟踪这些更改开始,这些更改开始是 CodeCommit 需的。要获得有关此页面更改的自动提示,请订阅上的 RSS 源。Amazon CodeCommit 用户指南文档历史记录.

更改 描述 日期

Amazon托管策略:AWSCodeCommitReadOnly – 对现有策略的更新

CodeCommit 从策略中删除了重复的权限。

AWSCodeCommitReadOnly 已更改为删除重复的权限,"iam:ListAccessKeys".

2021 年 8 月 18 日

CodeCommit 开始跟踪更改

CodeCommit 开始跟踪其更改Amazon托管策略。

2021 年 8 月 18 日