Ensure AWS Codecommit branch changes have at least 2 approvals
Error: AWS Codecommit branch changes has less than 2 approvals
Bridgecrew Policy ID: BC_AWS_GENERAL_133
Checkov Check ID: CKV_AWS_257
Severity: LOW
AWS Codecommit branch changes has less than 2 approvals
Description
The best practice for merging new code into a code base is to have at least two reviewers. AWS CodeCommit can enforce this policy.
Fix - Runtime
- In the AWS console, go to CodeCommit.
- Select Approval Rule Templates and then Create Template.
- Under Number of approvals needed, add at least two approvals.
Fix - Buildtime
Terraform
resource "aws_codecommit_approval_rule_template" "example" {
...
content = <<EOF
{
"Version": "2018-11-08",
"DestinationReferences": ["refs/heads/master"],
"Statements": [{
"Type": "Approvers",
+ "NumberOfApprovalsNeeded": 2,
"ApprovalPoolMembers": ["arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*"]
}]
}
EOF
...
}
Updated 10 months ago