By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

IAM Policies

AWS CodeCommit: Deny Write Access to Specific Branches in a Repository.

An IAM policy that denies a user the ability to change or push changes to a specific branch in a specific AWS CodeCommit repository.

Premium: 15-minute comprehensive assessment for your AWS Organization and Accounts
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "codecommit:GitPush",
                "codecommit:DeleteBranch",
                "codecommit:PutFile",
                "codecommit:MergePullRequestByFastForward"
            ],
            "Resource": [
                "arn:aws:codecommit:::"
            ],
            "Effect": "Deny",
            "Condition": {
                "StringEqualsIfExists": {
                    "codecommit:References": [
                        "refs/heads/master"
                    ]
                },
                "Null": {
                    "codecommit:References": false
                }
            }
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field