AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS CodeCommit

AWS CodeCommit (service prefix: codecommit) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS CodeCommit

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
BatchGetPullRequests [permission only] Returns information about one or more pull requests in an AWS CodeCommit repository. Read

repository*

BatchGetRepositories Get information about multiple repositories. Read

repository*

CancelUploadArchive [permission only] Required to cancel the uploading of an archive to a pipeline. Read

repository*

CreateBranch Create a branch in an AWS CodeCommit repository. Write

repository*

CreatePullRequest Creates a pull request in the specified repository. Write

repository*

CreateRepository Create a new AWS CodeCommit repository. Write

repository*

DeleteBranch Delete a branch in an AWS CodeCommit repository. Write

repository*

DeleteCommentContent Deletes the content of a comment made on a change, file, or commit in a repository. Write

repository*

DeleteRepository Delete an AWS CodeCommit repository. Write

repository*

DescribePullRequestEvents Returns information about one or more pull request events. Read

repository*

GetBlob View the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console. Read

repository*

GetBranch Get details about a branch in an AWS CodeCommit repository. Read

repository*

GetComment Returns the content of a comment made on a change, file, or commit in a repository. Read

repository*

GetCommentsForComparedCommit Returns information about comments made on the comparison between two commits. Read

repository*

GetCommentsForPullRequest Returns comments made on a pull request. Read

repository*

GetCommit Returns information about a commit, including commit message and committer information. Read

repository*

GetCommitHistory [permission only] Returns information about the history of commits in a repository. Read

repository*

GetCommitsFromMergeBase [permission only] Returns information about the difference between commits in the context of a potential merge. Read

repository*

GetDifferences Enables the user to view information about the differences in a valid commit specifier (such as a branch, tag, HEAD, commit ID or other fully qualified reference). Results can be limited to a specified path. Read

repository*

GetMergeConflicts Returns information about merge conflicts between the before and after commit IDs for a pull request in a repository. Read

repository*

GetObjectIdentifier [permission only] Resolve blobs, trees, and commits to their identifier. Read

repository*

GetPullRequest Gets information about a pull request in a specified repository. Read

repository*

GetReferences [permission only] Get details about references in an AWS CodeCommit repository. Read

repository*

GetRepository Get information about a single AWS CodeCommit repository. Read

repository*

GetRepositoryTriggers Gets information about triggers configured for a repository. Read

repository*

GetTree [permission only] View the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console. Read

repository*

GetUploadArchiveStatus [permission only] Required to determine the status of an archive upload: whether it is in progress, complete, cancelled, or if an error occurred. Read

repository*

GitPull [permission only] Pull information from an AWS CodeCommit repository to a local repo. Read

repository*

GitPush [permission only] Push information from a local repo to an AWS CodeCommit repository. Write

repository*

ListBranches Get a list of branches in an AWS CodeCommit repository. List

repository*

ListPullRequests Returns a list of pull requests for a specified repository. The return list can be refined by pull request status or pull request author ARN. List

repository*

ListRepositories Gets information about one or more repositories. List
MergePullRequestByFastForward Closes a pull request and attempts to merge the source commit of a pull request into the specified destination branch for that pull request at the specified commit using the fast-forward merge option. Write

repository*

PostCommentForComparedCommit Posts a comment on the comparison between two commits. Write

repository*

PostCommentForPullRequest Posts a comment on a pull request. Write

repository*

PostCommentReply Posts a comment in reply to an existing comment on a comparison between commits or a pull request. Write

repository*

PutFile Enables the user to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch. Write

repository*

PutRepositoryTriggers Replaces all triggers for a repository. This can be used to create or delete triggers. Write

repository*

TestRepositoryTriggers Tests the functionality of repository triggers by sending information to the trigger target. Write

repository*

UpdateComment Replaces the contents of a comment. Write

repository*

UpdateDefaultBranch Change the default branch in an AWS CodeCommit repository. Write

repository*

UpdatePullRequestDescription Replaces the contents of the description of a pull request. Write

repository*

UpdatePullRequestStatus Updates the status of a pull request. Write

repository*

UpdatePullRequestTitle Replaces the title of a pull request. Write

repository*

UpdateRepositoryDescription Change the description of an AWS CodeCommit repository. Write

repository*

UpdateRepositoryName Change the name of an AWS CodeCommit repository. Write

repository*

UploadArchive [permission only] Allows the service role for AWS CodePipeline to upload repository changes into a pipeline. Write

repository*

Resources Defined by CodeCommit

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
repository arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}

Condition Keys for AWS CodeCommit

CodeCommit has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.