We are trying to implement protected branches in CodeCommit. Protected branches do not allow to alter the commit history by force-pushing non-fast-forward changes. The codecommit:MergePullRequestByFastForward IAM action applies to the console and API only, while all Git client write operations are permitted via the codecommit:GitPush IAM action. Since codecommit:GitPush lacks a condition keys to limit clients to fast-forward pushes only, there is no way to protect a branch without denying all Git client write access for it and use solely API actions to manage this branch instead. There are certain Git-Workflows and automations that do not rely on concepts like merge/pull requests and thus do not require API/console access, which are blocked by this.
I would like to request an IAM condition key to restrict Git clients to fast-forward pushes for protected branches.
I'm aware that this is a service side feature request, but the support directed me here anyway. Please review Case ID 171696449600152 for this.
We are trying to implement protected branches in CodeCommit. Protected branches do not allow to alter the commit history by force-pushing non-fast-forward changes. The
codecommit:MergePullRequestByFastForwardIAM action applies to the console and API only, while all Git client write operations are permitted via thecodecommit:GitPushIAM action. Sincecodecommit:GitPushlacks a condition keys to limit clients to fast-forward pushes only, there is no way to protect a branch without denying all Git client write access for it and use solely API actions to manage this branch instead. There are certain Git-Workflows and automations that do not rely on concepts like merge/pull requests and thus do not require API/console access, which are blocked by this.I would like to request an IAM condition key to restrict Git clients to fast-forward pushes for protected branches.
I'm aware that this is a service side feature request, but the support directed me here anyway. Please review Case ID 171696449600152 for this.