running git clone against AWS CodeCommits gets me a 403 error

后端 未结 13 721
没有蜡笔的小新
没有蜡笔的小新 2021-01-31 14:56

My local laptop is a Mac.

  1. The ssh key is configured properly. This is the content of ~/.ssh/config

    Host barthea Hostname git-codecommit.us-east

相关标签:
13条回答
  • 2021-01-31 15:28

    After running below commands, I had to add the below mentioned policy to my IAM user to solve this problem. refrence

    git config --global credential.helper '!aws codecommit credential-helper $@'
    git config --global credential.UseHttpPath true
    

    Policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "codecommit:*"
                ],
                "Resource": "*"
            }
        ]
    }
    
    0 讨论(0)
  • 2021-01-31 15:28

    For me the root cause of getting the error was that no matter which version of git I was using on OSX, GIT was always picking up the credential.helper config of using osxkeychain from the file:

    /Applications/Xcode.app/Contents/Developer/usr/share/git-core/gitconfig
    

    Getting rid of this solved the problem for me and has not broken anything.

    0 讨论(0)
  • 2021-01-31 15:30

    fatal: unable to access 'https://git-codecommit.yourregion.amazonaws.com/v1/yourrepositoryname/': The requested URL returned error: 403

    It occurs due to below regions

    1. Make sure your user has codecommitfullaccess policy attached.
    2. make sure your default region in local aws cli configuration and region in which repository created are same. If not reset the default region in aws cli command as below

    aws configure

    1. make sure if repository present there.
    0 讨论(0)
  • 2021-01-31 15:34

    This helpful text is found on the AWS documentation for codecommit and Windows integration

    If your installation of Git for Windows included the Git Credential Manager utility, you will see 403 errors or prompts to provide credentials into the Credential Manager utility after the first few connection attempts. The most reliable way to solve this problem is to uninstall and then reinstall Git for Windows without the option for the Git Credential Manager utility, as it is not compatible with AWS CodeCommit.

    If you want to keep the Git Credential Manager utility, you must perform additional configuration steps to also use AWS CodeCommit, including manually modifying the .gitconfig file to specify the use of the credential helper for AWS CodeCommit when connecting to AWS CodeCommit.

    Remove any stored credentials from the Credential Manager utility (you can find this utility in Control Panel).

    Once you have removed any stored credentials, add the following to your .gitconfig file, save it, and then try connecting again from a new command prompt window:

    [credential "https://git-codecommit.us-east-1.amazonaws.com"]
        helper = !aws codecommit credential-helper $@
        UseHttpPath = true
    

    Additionally, you might have to re-configure your git config settings by specifying --system instead of --global or --local before all connections work as expected.

    This last part applied to my situation, though when I ran git config --system it did not function as expected but appended aws configure before the aws codecommit command.

    So I had to run this in git to find the location of the config file for the system.

    git config --list --show-origin
    

    I then added the suggested section from AWS to both my c:/users/username/.gitconfig and my c:/ProgramData/Git/config files.

    After that git push started working- even though I get the bogus error in front of my response of

    "git: 'credential-aws' is not a git command. See 'git --help'."
    
    0 讨论(0)
  • 2021-01-31 15:35

    You need to be sure that your AWS credentials not only have permission to access CodeCommit, but also that there are no blanket deny policies attached. In our organization we require MFA on all console accounts and this does cause programmatic access to have issues.

    A good solution (if this is your issue) would be to create another IAM user without console access with the codecommit policy attached directly (in our case the MFA blanket deny is from the IAM group the user is a part of).

    Clarification: This answer is for when you are using IAM credentials and the CodeCommit Git extension (rather than IAM Git credentials), although I suspect it is true in that case as well.

    0 讨论(0)
  • 2021-01-31 15:36

    I solved it.

    The 403 error message is a specifically Git error message. I added the two AWS-specified helper commands:

    git config --global credential.helper '!aws --profile bruce666 codecommit credential-helper $@'
    git config --global credentials.helper UseHttpPath=true
    

    and that took care of the issue.

    The .git/config file in your local directory (before you clone the Codecommit repo that you had just created should look like this:

    [core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
        ignorecase = true
        precomposeunicode = false
    [credential]
        helper = !aws --profile bruce666 codecommit credential-helper $@
        UseHttpPath = true
    [remote "origin"]
        url = https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthea
        fetch = +refs/heads/*:refs/remotes/origin/*
    [branch "master"]
        remote = origin
        merge = refs/heads/master
    

    As specified in the .git/config file, you are cloning using https not ssh. I must not have used the default version of git that came with OSX because I did not run into any Toolchain issue.

    0 讨论(0)
提交回复
热议问题