本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 受管理的政策 CodeCommit
若要新增使用者、群組和角色的權限,使用 AWS 受管理的原則比自己撰寫原則更容易。建立 IAM 客戶受管政策需要時間和專業知識,而受管政策可為您的團隊提供其所需的許可。若要快速開始使用,您可以使用我們的 AWS 受管政策。這些政策涵蓋常見的使用案例,並可在您的 AWS 帳戶中使用。如需 AWS 受管政策的詳細資訊,請參閱 IAM 使用者指南中的AWS 受管政策。
AWS 服務會維護和更新 AWS 受管理的策略。您無法變更 AWS 受管理原則中的權限。服務偶爾會在 AWS 受管政策中新增其他許可以支援新功能。此類型的更新會影響已連接政策的所有身分識別 (使用者、群組和角色)。當新功能啟動或新操作可用時,服務很可能會更新 AWS 受管政策。服務不會從 AWS 受管理的政策移除權限,因此政策更新不會破壞您現有的權限。
此外,還 AWS 支援跨多個服務之工作職能的受管理原則。例如,ReadOnlyAccess AWS 受管理的策略提供對所有 AWS 服務和資源的唯讀存取權。當服務啟動新功能時,會為新作業和資源新 AWS 增唯讀權限。如需任務職能政策的清單和說明,請參閱 IAM 使用者指南中有關任務職能的AWS 受管政策。
AWS 透過提供由建立和管理的獨立 IAM 政策來解決許多常見使用案例 AWS。這些 AWS 受管理的原則會授與常見使用案例所需的權限。的受管政策 CodeCommit 還提供許可,以便在其他服務 (例如 IAM、Amazon SNS 和 Amazon E CloudWatch vents) 中執行操作,視已授予相關政策的使用者責任所需。例如,該 AWSCodeCommitFullAccess 政策是一個管理層級的使用者政策,允許具有此政策的使用者為存放庫建立和管理 CloudWatch 事件規則 (名稱前綴為的規則codecommit) 和 Amazon SNS 主題,以取得有關儲存庫相關事件 (名稱前綴為的主題codecommit) 的通知,以及管理中的存放庫。 CodeCommit
下列 AWS 受管理的策略 (您可以附加至帳戶中的使用者) 是特定的 CodeCommit。
主題
AWS 受管理的策略: AWSCodeCommitFullAccess
您可將 AWSCodeCommitFullAccess 政策連接到 IAM 身分。此政策授予的完整存取權限 CodeCommit。僅將此政策套用至您想要授予對 Amazon Web Services 帳戶中 CodeCommit 儲存庫和相關資源 (包括刪除存放庫的能力) 的完整控制權的管理層級使用者。
該 AWSCodeCommitFullAccess 策略包含以下政策聲明:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:*" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }
AWS 受管理的策略: AWSCodeCommitPowerUser
您可將 AWSCodeCommitPowerUser 政策連接到 IAM 身分。此政策允許使用者存取 CodeCommit 與儲存庫相關的所有功能,但不允許使用者刪除 CodeCommit 儲存庫或在其他服務 (例如 Amazon Events) 中建立或刪除儲存庫相關資源。 AWS CloudWatch 建議將此政策套用到大多數使用者。
該 AWSCodeCommitPowerUser 策略包含以下政策聲明:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }
AWS 受管理的策略: AWSCodeCommitReadOnly
您可將 AWSCodeCommitReadOnly 政策連接到 IAM 身分。此政策授予對其他 AWS 服務中資源的唯讀存取權 CodeCommit 和存放庫相關資源,以及建立和管理自己相 CodeCommit關資源的能力 (例如 Git 登入資料和讓 IAM 使用者在存取儲存庫時使用的 SSH 金鑰)。將此政策套用至使用者,以授予他們讀取儲存庫內容的權利 (但不得變更內容)。
該 AWSCodeCommitReadOnly 策略包含以下政策聲明:
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Describe*", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:GitPull" ], "Resource":"*" }, { "Sid":"CloudWatchEventsCodeCommitRulesReadOnlyAccess", "Effect":"Allow", "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Resource":"arn:aws:events:*:*:rule/codecommit*" }, { "Sid":"SNSSubscriptionAccess", "Effect":"Allow", "Action":[ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource":"*" }, { "Sid":"LambdaReadOnlyListAccess", "Effect":"Allow", "Action":[ "lambda:ListFunctions" ], "Resource":"*" }, { "Sid":"IAMReadOnlyListAccess", "Effect":"Allow", "Action":[ "iam:ListUsers" ], "Resource":"*" }, { "Sid":"IAMReadOnlyConsoleAccess", "Effect":"Allow", "Action":[ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials", "iam:GetSSHPublicKey" ], "Resource":"arn:aws:iam::*:user/${aws:username}" }, { "Sid":"CodeStarNotificationsReadOnlyAccess", "Effect":"Allow", "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Resource":"*", "Condition":{ "StringLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*" } } }, { "Sid":"CodeStarNotificationsListAccess", "Effect":"Allow", "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource":"*" }, { "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }
CodeCommit 受管理的策略和通知
AWS CodeCommit 支持通知,它可以通知用戶存儲庫的重要更改。 CodeCommit 包含通知功能的政策聲明的受管理策略。如需詳細資訊,請參閱什麼是通知?。
完整存取受管政策中的通知相關許可
AWSCodeCommitFullAccess 受管政策包含下列陳述式,允許對通知的完整存取權限。套用此受管政策的使用者也可以針對通知建立和管理 Amazon SNS 主題、訂閱和取消訂閱使用者主題、列出要選擇作為通知規則目標的主題,以及列出針對 Slack 設定的用 AWS Chatbot
戶端。
{ "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit:*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource," "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Resource": "*" }
唯讀受管政策中的通知相關許可
AWSCodeCommitReadOnlyAccess 受管政策包含下列陳述式,允許對通知的唯讀存取權限。適用此受管政策的使用者可以檢視資源的通知,但無法建立、管理或訂閱通知。
{ "Sid": "CodeStarNotificationsPowerUserAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit:*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource": "*" }
其他受管政策中的通知相關許可
AWSCodeCommitPowerUser 受管政策包含下列陳述式,允許使用者建立、編輯和訂閱通知。使用者無法刪除通知規則或管理資源的標籤。
{ "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition" : { "StringLike" : {"codestar-notifications:NotificationsForResource" : "arn:aws:codecommit*"} } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Resource": "*" }
如需 IAM 和通知的詳細資訊,請參閱通知的 Identity and Access Management。AWS CodeStar
AWS CodeCommit 受管政策和 Amazon CodeGuru 審閱者
CodeCommit 支援 Amazon CodeGuru Reviewer,這是一種自動化程式碼檢閱服務,可使用程式分析和機器學習來偵測常見問題,並在 Java 或 Python 程式碼中建議修正程式。 CodeCommit 包含 CodeGuru 審核者功能的原則陳述式的受管理原則。如需詳細資訊,請參閱什麼是 Amazon CodeGuru 審核者。
中與 CodeGuru 審核者相關的權限 AWSCodeCommitFullAccess
AWSCodeCommitFullAccess受管理的政策包含下列陳述式,可讓 CodeGuru 審核者與儲存庫產生關聯,以及取消關聯 CodeCommit 性。套用此受管理原則的使用者也可以檢視 CodeCommit儲存庫與 CodeGuru Reviewer 之間的關聯狀態,以及檢視提取要求的檢閱工作狀態。
{ "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }
中與 CodeGuru 審核者相關的權限 AWSCodeCommitPowerUser
AWSCodeCommitPowerUser受管理的原則包含下列陳述式,可讓使用者將儲存區域與 CodeGuru Reviewer 產生關聯,並取消關聯性、檢視關聯狀態,以及檢視提取要求的檢閱工作狀態。
{ "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }
中與 CodeGuru 審核者相關的權限 AWSCodeCommitReadOnly
AWSCodeCommitReadOnlyAccess受管理的原則包含下列陳述式,可讓您以唯讀方式存取「 CodeGuru 審核者」關聯狀態,並檢視提取要求的檢閱工作狀態。套用此受管原則的使用者無法建立或取消儲存庫的關聯。
{ "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }
Amazon CodeGuru 審核者服務連結角色
當您將儲存庫與 CodeGuru 審核者建立關聯時,會建立服務連結角色,以便 CodeGuru 審核者可以偵測問題,並針對提取要求中的 Java 或 Python 程式碼建議修正程式。服務連結角色名為 AWSServiceRoleForAmazonCodeGuruReviewer。如需詳細資訊,請參閱為 Amazon CodeGuru 審核者使用服務連結角色。
如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策。
CodeCommit AWS 受管理策略的更新
檢視 CodeCommit 自此服務開始追蹤這些變更以來的 AWS 受管理策略更新詳細資料。如需有關此頁面變更的自動警示,請在訂閱 RSS 摘要AWS CodeCommit 使用者指南文件歷史記錄。
| 變更 | 描述 | 日期 |
|---|---|---|
|
AWS 受管理的策略: AWSCodeCommitFullAccess和 AWS 受管理的策略: AWSCodeCommitPowerUser — 更新現有政策 |
CodeCommit 為這些策略添加了權限,以支持使用的其他通知類型 AWS Chatbot。 AWSCodeCommitPowerUser 和 AWSCodeCommitFullAccess 原則已變更為新增權限 |
2023 年 5 月 16 日 |
|
AWS 受管理的策略: AWSCodeCommitReadOnly – 更新現有政策 |
CodeCommit 從策略中移除重複的權限。 AWSCodeCommitReadOnly 已變更為移除重複的權限, |
2021 年 8 月 18 日 |
|
CodeCommit 開始追蹤變更 |
CodeCommit 開始追蹤其 AWS 受管理策略的變更。 |
2021 年 8 月 18 日 |
