AWS CodeCommit — Pull Request Creation and Approval

Objective :

To create a pull request to merge the feature branch into the master branch after various approvals.

Step 1 : Create a feature branch and push the code changes into the feature branch.

Through AWS Console : — The developer who creates the pull request (another IAM user) needs to have console login access for the particular AWS account.

Step 2 : Create Pull Request

1. Select CodeCommit in the services search bar.

2 . Select the repository in which you made the code changes and would like to create a pull request

3. Select Create pull request

4 . Select the source and destination branches (usually, destination branch will be master) and select Compare

5 . Select a title and description (optional) and check the Changes made in the commit of the source branch and select Create pull request

Step 3 (optional) : Specify the approval rule details

The pull request gets created successfully. Select Approvals and create approval rule for the pull request by selecting the Create approval rule

Select Create approval rule and specify the approval rules

NOTE : The rule will not be satisfied unless the number of approvals is fulfilled and also, the specified IAM users approve the pull request. ( Eg : If the number of approvals is 1, but there are 2 IAM users added as reviewers, the rule does not satisfy unless both the IAM users give approval )

Approval Status :

The approval rule is not satisfied so far and the status will be “Rules not satisfied”

Step 4 : Approve Pull Request

Select the Pull request you want to approve.

In Changes, the reviewer can view the changes and select Approve to approve the changes.

Approval can be revoked by selecting Revoke approval

Step 5 : Merge the Pull request

After all approvals are done, the reviewer can merge the code into master branch

After selecting Merge, select Fast forward merge, check the option — Delete source branch “source_branchname” after merging

Select Merge pull request

Merge success :

We can see the Success message for the merge done.

NOTE : Checkout to master branch in your code and do “git pull” to get the latest updated code.

NOTE : Deny merge to master for the one (usually, developer) who created the pull request.

Create a JSON policy and attach the below JSON policy to the IAM user who created the pull request.

{
“Version”: “2012–10–17”,
“Statement”: [
  {
    “Effect”: “Deny”,
    “Action”: [
      “codecommit:GitPush”,
      “codecommit:DeleteBranch”,
      “codecommit:PutFile”,
      “codecommit:MergeBranchesByFastForward”,
      “codecommit:MergeBranchesBySquash”,
      “codecommit:MergeBranchesByThreeWay”,
      “codecommit:MergePullRequestByFastForward”,
      “codecommit:MergePullRequestBySquash”,
      “codecommit:MergePullRequestByThreeWay”
              ],
    “Resource”: “arn:aws:codecommit:ap-south-1:1234567890:awsbootcampbackend”,
    “Condition”: {
     “StringEqualsIfExists”: {
       “codecommit:References”: [
          “refs/heads/master”
         ]
       },
     “Null”: {
       “codecommit:References”: “false”
        }
     }
  }
 ]
}

• Effect -> Denying the merge access to any specified branch ( Possible values : “Allow”, “Deny”)
• Resource -> arn of the repository name (can be found in the Settings of the repo)
• “refs/heads/master” -> The branch for which the merge should be denied.

If the above policy is added, it denies the developer who created the pull request from merging his/her feature branch to the master branch.

Alternate way — Through AWS CLI :

Step 2 : Create Pull request

Install aws cli and configure the aws credentials for the IAM user, ( if not configured before )

> aws configure

AWS Access Key ID [***************] : “YOUR_ACCESS_KEY_ID”,

AWS Secret Access Key [*************] : “YOUR_SECRET_ACCESS_KEY”,

Default region name [ap-south-1] : “YOUR REGION NAME”,

Default output format [None] : “OUTPUT_FORMAT”

To create a pull request,

> aws codecommit create-pull-request — title “pull request for cli check” — description “pull request cli check test” — targets repository Name=awsbootcampbackend,sourceReference=pullreqclitest,destinationReference=master

(description is optional)

– title -> Title of the pull request

– description -> Description of the pull request

repository Name -> Represents the name of the repository

source Reference -> Name of the source branch

destination Reference -> Name of the destination branch ( by default, it takes main branch )

If Success, a JSON will be produced as an output.

Step 3 (Optional) : Specify the approval rules

> aws codecommit create-pull-request-approval-rule — pull-request-id 5 — approval-rule-name “Require two approved approvers” — approval-rule-content “{\”Version\”: \”2018–11–08\”,\”Statements\”: [{\”Type\”: \”Approvers\”,\”NumberOfApprovalsNeeded\”: 2,\”ApprovalPoolMembers\”: [\”CodeCommitApprovers:2*********9:s*****n\”,\”CodeCommitApprovers:2*********9:t***l\”]}]}

–pull-request-id -> Id of the pull request ( available in the create pull request output JSON )

–approval-rule-name -> Name of the approval rule

–approval-rule-content -> Approval rule content

Version → Specifies the version

Statements:

Type -> Approvers

NumberOfApprovals -> The number of total approvals needed for the pull request

ApprovalPoolMembers -> The IAM users who can approve the pull request

If Success, a JSON will be produced as an output.

Step 4 : Approve pull request

>aws codecommit update-pull-request-approval-state — pull-request-id 5 — revision-id b1a4a95f211b53eadefe6fbacc05f044ad00648d1baeb619bdeec3bc23dc065b — approval-state “APPROVE”

–pull-request-id -> Id of the pull request ( available in the create pull request output JSON )

–revision-id -> Revision id of the pull request ( available in the create pull request output JSON )

–approval-state -> Approval state of the pull request you want to provide ( “APPROVE” or “REVOKE” )

If Success, nothing will be returned.

Step 5 : Merge pull request

>aws codecommit merge-pull-request-by-fast-forward — pull-request-id 5 — source-commit-id c9479f147e488466a205b5af59ce33f6e737744f — repository-name awsbootcampbackend

–pull-request-id -> Id of the pull request ( available in the create pull request output JSON )

–source-commit-id -> Source commit id ( available in the create pull request output JSON )

–repository-name -> Represents the name of the repository

If Success, a JSON will be produced as an output.

Check here for the more detailed documentation on pull requests :

Working with pull requests in AWS CodeCommit repositories

About the author

About CodeStax.Ai

At CodeStax.Ai, we stand at the nexus of innovation and enterprise solutions, offering technology partnerships that empower businesses to drive efficiency, innovation, and growth, harnessing the transformative power of no-code platforms and advanced AI integrations.

But the real magic? It’s our tech tribe behind the scenes. If you’ve got a knack for innovation and a passion for redefining the norm, we’ve got the perfect tech playground for you. CodeStax.Ai offers more than a job — it’s a journey into the very heart of what’s next. Join us, and be part of the revolution that’s redefining the enterprise tech landscape.