Home › Forums › AWS › AWS Certified Developer Associate › grant the developers access to CodeCommit
-
grant the developers access to CodeCommit
-
The scenario is like :
“A development team has several developers where each of them has a corresponding IAM user. It is your primary responsibility to grant the developers access to CodeCommit to enable them to fully utilize the code repositories on their local computers.
Which of the following should you implement to grant access to your developers (Select TWO)”
IMO the whole setup is a bit weird, as it doesn’t look like a good practice to have someone else generate the public/private key that the developers should be using (how do you get the private key securely to the developer?).
The scenario should be that you give the developers the required IAM rights (at least iam:CreateServiceSpecificCredential & iam:UploadSSHPublicKey), for them to use the iam cli to:Generate HTTPS Git credentials: aws iam create-service-specific-credential
Upload SSH key: aws iam upload-ssh-public-key
(generate the ssh key via openssl)
What do you think?
Cheers,
Robert -
Hi Robert,
For this scenario, the provided answers are:
– Generate HTTPS Git credentials.
– Generate new SSH keys and associate the public SSH key to each of your developer’s IAM user.
Different companies have various development processes and access provision procedures. I understand your point that some companies allow their developers to generate the SSH key themselves. However, there are some companies, that only allow the Administrator to generate the SSH keys for their developers:
https://docs.aws.amazon.com/codecommit/latest/userguide/images/codecommit-iam-gc1.png
Regards,
Jon Bonso
Log in to reply.