A team is developing an application and the code is managed in a repository in AWS CodeCommit.
The developers push code in their own branches.
When the code is ready for release, only a senior team member is allowed to merge the other branches into master.
The merging event then triggers a pipeline for the deployment in production.
You need to make sure that the team members are allowed to push or merge code to all the branches except the master branch.
Which of the following options describes the correct method?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
An IAM policy can be used to limit pushes and merges to a branch in CodeCommit.
Please check the reference in.
https://docs.aws.amazon.com/codecommit/latest/userguide/auth-and-access-control-iam-identity-based-access-control.html#identity-based-policies-example-4.Option A is CORRECT: This IAM policy does not allow the team members to push and merge codes to the master branch.
However operations on other branches are allowed.
Option B is incorrect: In AWS CodeCommit management console, you cannot add team members as viewers or editors.
Option C is incorrect: This IAM policy is incorrect as it does not deny the team members to push/merge codes to the master branch of the repository.
Option D is incorrect: Because CodeCommit does not have a resource policy that you can attach.
The correct answer is A. Create an IAM group that includes the team members and attach the below policy.
Explanation:
To implement the required access control in AWS CodeCommit, we need to create an IAM group that includes the team members who are allowed to push or merge code to all the branches except the master branch. We also need to attach a specific IAM policy to this group that provides the necessary permissions.
Option A provides the correct IAM policy that we need to attach to the IAM group. The policy allows the team members to perform Git push and merge actions on all the branches except the master branch. It uses a condition that restricts the access to the master branch only if the reference of the Git operation is "refs/heads/master". This means that the team members are allowed to push or merge code to any branch that does not have the "refs/heads/master" reference.
Option B is not correct because it suggests configuring the team members as viewers in the master branch and editors in the dev branch. This configuration does not fulfill the requirement of allowing the team members to push or merge code to all the branches except the master branch.
Option C is not correct because it suggests denying access to the entire repository for Git push and merge actions. This would prevent the team members from pushing or merging code to any branch, including the ones they are allowed to access.
Option D is not correct because it suggests using a resource policy that denies access to the entire repository for Git push and merge actions for the group named "Development". This would prevent all members of the group, including the senior team member who is allowed to merge the master branch, from pushing or merging code to any branch of the repository.
In summary, option A provides the correct IAM policy that fulfills the requirement of allowing the team members to push or merge code to all the branches except the master branch.