running git clone against AWS CodeCommits gets me a 403 error

Question

My local laptop is a Mac.

1. The ssh key is configured properly. This is the content of ~/.ssh/config

   Host barthea Hostname git-codecommit.us-east

Answer 1

You need to be sure that your AWS credentials not only have permission to access CodeCommit, but also that there are no blanket deny policies attached. In our organization we require MFA on all console accounts and this does cause programmatic access to have issues.

A good solution (if this is your issue) would be to create another IAM user without console access with the codecommit policy attached directly (in our case the MFA blanket deny is from the IAM group the user is a part of).

Clarification: This answer is for when you are using IAM credentials and the CodeCommit Git extension (rather than IAM Git credentials), although I suspect it is true in that case as well.