How to do it...

Let's get started with that, and perform the following operations:

1. First of all, let's create a custom policy where we will give the restriction definition.
2. Go to IAM Console and click on the Policies section. Then, click on Create Policy:
   
3. Click on Create Your Own Policy:

1. You will be redirected to another page where you have to fill in the Policy Name, a description of the policy, and a policy document. The policy document will be the definition, where we will mention the resources and actions:

1. Insert the following policy definition (x60xxxxxxx39 will be basically your account ID):

    {
     "Version": "2012-10-17",
     "Statement": [
     {
     "Effect": "Allow",
     "Action": [
     "codecommit:GitPull",
     "codecommit:GitPush"
     ],
     "Resource": "arn:aws:codecommit:us-east-1:x60xxxxxxx39:HelloWorld"
     }
     ]
     }

1. Click on Create Policy; then we will have our own custom policy:
   
2. Now, let's remove the AWSCodeCommitPowerUser access from the IAM user that we created to clone the repository by clicking on x:

1. Click on Add permissions, after that click on Attach Existing Policies Directly and search for Policy name in filter, check that, and save it:

1. We will have a user with only our custom policy, which means the user will only have access to the HelloWorld repository and only two actions, git push and git clone:

    awsstar@awsstar:~$ aws codecommit list-repositories
    An error occurred (AccessDeniedException) when calling the     ListRepositories operation: User:     arn:aws:iam::16xxxxxx139:user/awsccuser is not authorized to perform:     codecommit:ListRepositories

The preceding command output shows AccessDeniedException, that is, awsccuser is not authorized to perform codecommit:ListRepositories. The reason for this is we have given access to only two operations or actions: git push and git clone.