AWS CodeCommit
User Guide (API Version 2015-04-13)

Configure Cross-Account Access to an AWS CodeCommit Repository

You can configure access to AWS CodeCommit repositories for IAM users and groups in another AWS account. This is often referred to as cross-account access. This section provides examples and step-by-step instructions for configuring cross-account access for a repository named MySharedDemoRepo in the US East (Ohio) Region in an AWS account (referred to as AccountA) to IAM users who belong to an IAM group named DevelopersWithCrossAccountRepositoryAccess in another AWS account (referred to as AccountB).

This section is divided into three parts:

  • Actions for the Administrator in AccountA.

  • Actions for the Administrator in AccountB.

  • Actions for the repository user in AccountB.

To configure cross-account access:

  • The administrator in AccountA signs in as an IAM user with the permissions required to create and manage repositories in AWS CodeCommit and create roles in IAM. If you are using managed policies, apply IAMFullAccess and AWSCodeCommitFullAccess to this IAM user.

    The example account ID for AccountA is 111122223333.

  • The administrator in AccountB, signs in as an IAM user with the permissions required to create and manage IAM users and groups, and to configure policies for users and groups. If you are using managed policies, apply IAMFullAccess to this IAM user.

    The example account ID for AccountB is 888888888888.

  • The repository user in AccountB, to emulate the activities of a developer, signs in as an IAM user who is a member of the IAM group created to allow access to the AWS CodeCommit repository in AccountA. This account must be configured with:

    For more information, see IAM users.