I work on the project that is entirely stored and run on AWS. I need to add a few software consultants to my AWS CodeCommit. All I want them to do is to be able to work on a few repositories at that's it. I don't even want to give them power to create/delete repositories.
What is the best strategy to create such users, only for CodeCommit, so I don't give them too much power? Should I create a group for them?
Thanks for help
EDIT: When creating the user It looks like I have to pick between "Programmatic access" and "AWS Management Console access" - both sounds powerful
Granting programatic and/or console access isn't really saying a whole lot. Neither of those things give a user the ability to do much of anything. The key is in the permissions you grant them. In your case you should set up a group for these people and grant permissions to the group. If the users will only be using CodeCommit via git then you can make their permissions pretty limited. You may want to grant them console access to manage their own keys, but that would be about it. Here are some resources that will help you understand the permissions to grant.