AWS CodeCommit (IAM)

aws devops

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.

Common permissions

codecommit:GetBranchcodecommit:GetCommitcodecommit:GetFilecodecommit:PutFilecodecommit:CreateBranchcodecommit:ListBranchescodecommit:GetRepositorycodecommit:ListRepositories

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codecommit:GetBranch",
        "codecommit:GetCommit",
        "codecommit:GetFile",
        "codecommit:PutFile",
        "codecommit:CreateBranch",
        "codecommit:ListBranches",
        "codecommit:GetRepository",
        "codecommit:ListRepositories"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid codecommit:* — grants full control including delete and modify of repositories and branches
Avoid codecommit:DeleteRepository unless explicitly needed for repository cleanup

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/codecommit/codecommit.json ↗

API

full doc /v1/iam/codecommit