Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About AWS CodeCommit

CodeCommit is Regional, so Iru walks enabled Regions. Attach AWSCodeCommitReadOnly, which includes codecommit:GitPull, BatchGet*, Describe*, Get*, List*, and pull-request approval evaluation. If repositories use a customer-managed KMS key, add kms:Decrypt for that key’s ARN.

How it works

DetailValue
CategoryDeveloper tools
AuthenticationCross-account IAM role

Prerequisites

  • IAM rights to create roles.
  • At least one CodeCommit repository where you expect evidence.

Connect AWS CodeCommit to Iru

Copy the trust policy from Iru

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on AWS CodeCommit

Find AWS CodeCommit (use Category or Search by name or description). On that card, turn on the toggle. Leave the wizard tab open.
3

Copy the trust policy JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::753695775620:role/IruConnect"
      },
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR_EXTERNAL_ID"
        }
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Create the IAM role in AWS

1

Start Create role

Open IAMRolesCreate role.
2

Configure trusted entity

Choose AWS accountAnother AWS account. Enter 753695775620 (or the ID Iru shows). Enable Require external ID and paste the external ID from Iru.
3

Attach CodeCommit read access

Attach AWSCodeCommitReadOnly.
4

Optional - KMS decrypt for CMK-encrypted repos

If repositories use a customer-managed KMS key, add an inline policy (replace REGION, ACCOUNT, CMK-ID):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["kms:Decrypt"],
      "Resource": "arn:aws:kms:REGION:ACCOUNT:key/CMK-ID"
    }
  ]
}
5

Name the role and copy the ARN

Name the role, create it, and copy the Role ARN.
6

Verify the trust relationship

Confirm Trust relationships matches the wizard JSON.

Submit the role ARN in Iru

1

Paste the IAM Role ARN

Paste the Role ARN into the connector where the wizard prompts for it.
2

Confirm the source is Active

Submit until AWS CodeCommit shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Add kms:Decrypt for that repository’s CMK.
Confirm the Region you use in AWS matches where repos exist.
External ID mismatch.

Considerations

CodeCommit was announced for end of new customer…

CodeCommit was announced for end of new customer access in July 2024 - plan migrations and retire this source when repos move.

See also