Junior developers should not have ability to push to the master branch.<\/p>\n
In AWS console:<\/p>\n
1. Create a group Modify the policy:<\/p>\n 3. Add user to the junior-devs group<\/p>\n After user is added to the junior-devs group with attached policy he can’t push to the master branch: <\/p>\n Triggers and notifications<\/span><\/p>\n To create a notification we click on:<\/p>\n To create trigger:<\/p>\n After creating a trigger we can see our rule in the To create a rrule in CloudWatch:<\/p>\n By creating a notification rules in CodeCommit we can automate whatever is happening in our repository stright to automation pipeline which is SNS, SQS, Lambda etc. From CodeCommit you are able to setup notification, triggers and cloud watch events rules to build some automation directly to SNS, Lambda etc.<\/p>\n <\/p>\n Lambda<\/span><\/p>\n We will create a function from scratch:<\/p>\n Creating a trigger:<\/p>\n Let’s add some code. To do that refresh the lambda page.<\/p>\n From refrence link (6) copy code of lambda for python:<\/p>\n Now click on Deploy and then Test.<\/p>\n Now click again Test. There is an error in test but everything is ok.<\/p>\n <\/p>\n <\/p>\n Reference links:<\/strong><\/p>\n junior-devs<\/code>
\n2. Add inline policy for this group
\nCopy from
\nhttps:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/how-to-conditional-branch.html<\/a>
\nAnd paste to:
\nIAM -> groups -> junior-devs -> inline policies -> click here -><\/code>
\n-> custom policy -> select -> paste to Policy Dokument -> policy name = CannotPushToMasterInCodecommit -> ApplyPolicy<\/code><\/p>\n{\r\n\"Version\": \"2012-10-17\",\r\n\"Statement\": [\r\n{\r\n\"Effect\": \"Deny\",\r\n\"Action\": [\r\n\"codecommit:GitPush\",\r\n\"codecommit:DeleteBranch\",\r\n\"codecommit:PutFile\",\r\n\"codecommit:MergeBranchesByFastForward\",\r\n\"codecommit:MergeBranchesBySquash\",\r\n\"codecommit:MergeBranchesByThreeWay\",\r\n\"codecommit:MergePullRequestByFastForward\",\r\n\"codecommit:MergePullRequestBySquash\",\r\n\"codecommit:MergePullRequestByThreeWay\"\r\n],\r\n\"Resource\": \"arn:aws:codecommit:*:*:*\",\r\n\"Condition\": {\r\n\"StringEqualsIfExists\": {\r\n\"codecommit:References\": [\r\n\"refs\/heads\/master\"\r\n]\r\n},\r\n\"Null\": {\r\n\"codecommit:References\": false\r\n}\r\n}\r\n}\r\n]\r\n}<\/pre>\n
\n# switch to master branch<\/p>\ngit checkout -f master\r\n\r\nmc (editing index.html file)\r\n\r\ngit status\r\n# On branch master\r\n# Changes not staged for commit:\r\n# (use \"git add <file>...\" to update what will be committed)\r\n# (use \"git checkout -- <file>...\" to discard changes in working directory)\r\n#\r\n# modified: index.html\r\n#\r\nno changes added to commit (use \"git add\" and\/or \"git commit -a\")\r\n\r\n[root@miro my-webpage]# git add index.html\r\n\r\n[root@miro my-webpage]# git commit -m \"modified index to 4\"\r\n[master eccfeda] modified index to 4\r\n1 file changed, 1 insertion(+), 1 deletion(-)\r\n[root@miro my-webpage]# git push origin master\r\nUsername for 'https:\/\/git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702\r\nPassword for 'https:\/\/stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com':\r\nCounting objects: 5, done.\r\nDelta compression using up to 2 threads.\r\nCompressing objects: 100% (3\/3), done.\r\nWriting objects: 100% (3\/3), 289 bytes | 0 bytes\/s, done.\r\nTotal 3 (delta 2), reused 0 (delta 0)\r\nTo https:\/\/git-codecommit.eu-central-1.amazonaws.com\/v1\/repos\/my-webpage\r\n! [remote rejected] master -> master (You don't have permission to push changes to this branch.)\r\nerror: failed to push some refs to 'https:\/\/git-codecommit.eu-central-1.amazonaws.com\/v1\/repos\/my-webpage'<\/pre>\n
Repostitory_name -> Settings -> Notifications -> Create Notification rule -> Notification name -> Events that trigger notification -> Create target -> Tarhet type (SNS Topic) -> Topic Name -> Create -> Submmit<\/code><\/p>\nRepostitory_name -> Settings -> Triggers -> Create trigger -> Trigger name -> Events -> Push to existing branch -> Service details -> choose Amazon SNS -> SNS Topic (choose name) -> Create trigger<\/code><\/p>\nCloudWatch -> Events -> Rules.<\/code>This one CloudWatch notification rule (<\/code>awscodestarnotifications-rule<\/code>) is what allows for all notification rules in CodeCommit.<\/p>\nEvents->Rules -> Create rule -> Service Name (CodeCommit) -> Event Type (for ex. Repository State Change)<\/code><\/p>\nTargets -> SNS Topic -> Topic -> name<\/code><\/p>\nLambda -> Create function -> Function name (lambda-codecommit) -> Runtime (Python 2.7) -> Change default execution role -> Execution role -> Create a new role with basic Lambda permissions -> Create function<\/code><\/p>\nLambda -> Functions -> lambda-codecommit -> Add trigger -> TriggerConfiguration -> CodeCommit -> Repository name (my-webpage) -> Trigger name (MyLambdaTrigger) -> Events (All repository events) -> Branch names (All branches) -> Add<\/span><\/code><\/p>\nimport json\r\nimport boto3\r\n\r\ncodecommit = boto3.client('codecommit')\r\n\r\ndef lambda_handler(event, context):\r\n#Log the updated references from the event\r\nreferences = { reference['ref'] for reference in event['Records'][0]['codecommit']['references'] }\r\nprint(\"References: \" + str(references))\r\n\r\n#Get the repository from the event and show its git clone URL\r\nrepository = event['Records'][0]['eventSourceARN'].split(':')[5]\r\ntry:\r\nresponse = codecommit.get_repository(repositoryName=repository)\r\nprint(\"Clone URL: \" +response['repositoryMetadata']['cloneUrlHttp'])\r\nreturn response['repositoryMetadata']['cloneUrlHttp']\r\nexcept Exception as e:\r\nprint(e)\r\nprint('Error getting repository {}. Make sure it exists and that your repository is in the same region as this function.'.format(repository))\r\nraise e<\/pre>\nEvent template (AWS Code Commit Repository) -> Event name -> MySampleCodeCommit -> Create<\/code><\/p>\n\n