AWS CodeCommit | Security Flashcards
Can I get a history of AWS CodeCommit Git operations and API calls made in my account for security analysis and operational troubleshooting purposes?
Security
AWS CodeCommit | Developer Tools
Yes. To receive a history of CodeCommit Git operations and API calls made in your account, you simply turn on AWS CloudTrail in the AWS Management Console. The logging of individual commits within a Git push is not currently supported. Visit the CloudTrail user guide to learn more.
Can I use AWS Identity and Access Management (IAM) to manage access to AWS CodeCommit?
Security
AWS CodeCommit | Developer Tools
Yes. AWS CodeCommit supports resource-level permissions. For each AWS CodeCommit repository, you can specify which users can perform which actions. You can also specify AWS multi-factor authentication (MFA) for a CodeCommit action. This allows you to add an extra level of protection for destructive actions such as deleting repositories. In addition to the AWS CodeCommit APIs, you can also specify git pull and git push as actions to control access from Git clients. For example, you can create a read-only user for a repository by allowing that user access to git pull but not git push on the repository. For more information on using IAM with AWS CodeCommit, see Access Permissions Reference. For more information on authenticating API access using MFA, see Configuring MFA-Protected API Access.
What communication protocols are supported by AWS CodeCommit?
Security
AWS CodeCommit | Developer Tools
You can use either the HTTPS or SSH protocols or both to communicate with AWS CodeCommit. To use HTTPS, first install the AWS CLI. The AWS CLI installs a Git credential helper that can be configured with AWS credentials. It automatically signs all HTTPS requests to AWS CodeCommit using the Signature Version 4 signing specification. To use SSH, users create their own public-private key pairs and add their public keys to their IAM users. The private key encrypts the communication with AWS CodeCommit. For step-by-step instructions on setting up HTTPS and SSH access, see the Setting up AWS CodeCommit page.
What ports should I open in my firewall for access to AWS CodeCommit?
Security
AWS CodeCommit | Developer Tools
You will have to open outbound access to an AWS CodeCommit service endpoint on port 22 (SSH) or port 443 (HTTPS).
How do I encrypt my repository in AWS CodeCommit?
Security
AWS CodeCommit | Developer Tools
Repositories are automatically encrypted at rest. No customer action is required. AWS CodeCommit uses AWS Key Management Service (KMS) to encrypt repositories. When you create your first repository, an AWS-managed CodeCommit key is created under your AWS account. For details, see Encryption for AWS CodeCommit Repositories.