如何在其他帐户中将CodeBuild与CodeCommit存储库链接?

时间:2019-05-02 17:56:37

标签: amazon-web-services amazon-iam aws-codebuild aws-codecommit

我正在尝试使用位于另一个AWS账户中的CodeCommit源设置CodeBuild。我相信可以使用AssumeRole完成此操作,但是我没有运气。谁能提供一个示例,说明如何使CodeBuild承担另一个帐户中指定的角色来访问CodeCommit存储库?

当前,我的CodeBuild角色(在22222222帐户中)包括以下策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::11111111:role/Read-CodeCommit"
        }
    ]
}

在帐户11111111中,我具有Read-CodeCommit角色,该角色具有以下策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "codecommit:*"
            ],
            "Resource": "arn:aws:codecommit:us-west-2:11111111:dashboard"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "codecommit:ListRepositories",
            "Resource": "*"
        }
    ]
}

Read-CodeCommit具有以下信任策略:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::22222222:root",
        "Service": "codebuild.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}

0 个答案:

没有答案
相关问题
最新问题