running git clone against AWS CodeCommits gets me a 403 error
Solution 1
On MAC, if above-mentioned tricks don't work, do the following:
- Open Keychain Access
- Search for CodeCommit. You should find this:
- Select 'git-codecommit....' and press delete
- Confirm the delete.
Now try again. It should work. You may have to do it again next time as well when you face the error 403.
One of the possible reason for this issue is the keychain password different than login password on your MAC.
Solution 2
I also face same 403 error while using git push command in windows. I done all settings mentioned in AWS docs, but non resolved my issue. After i reviewed git credential set via Windows Credential as shown in screen. I found instead of git https credentials, it set access key / secret key (don't know how).
Click on edit link, update credential with proper git credential generated for AWS User, everything worked fine.
Solution 3
This helpful text is found on the AWS documentation for codecommit and Windows integration
If your installation of Git for Windows included the Git Credential Manager utility, you will see 403 errors or prompts to provide credentials into the Credential Manager utility after the first few connection attempts. The most reliable way to solve this problem is to uninstall and then reinstall Git for Windows without the option for the Git Credential Manager utility, as it is not compatible with AWS CodeCommit.
If you want to keep the Git Credential Manager utility, you must perform additional configuration steps to also use AWS CodeCommit, including manually modifying the .gitconfig file to specify the use of the credential helper for AWS CodeCommit when connecting to AWS CodeCommit.
Remove any stored credentials from the Credential Manager utility (you can find this utility in Control Panel).
Once you have removed any stored credentials, add the following to your .gitconfig file, save it, and then try connecting again from a new command prompt window:
[credential "https://git-codecommit.us-east-1.amazonaws.com"]
helper = !aws codecommit credential-helper $@
UseHttpPath = true
Additionally, you might have to re-configure your git config settings by specifying --system instead of --global or --local before all connections work as expected.
This last part applied to my situation, though when I ran git config --system it did not function as expected but appended aws configure before the aws codecommit command.
So I had to run this in git to find the location of the config file for the system.
git config --list --show-origin
I then added the suggested section from AWS to both my c:/users/username/.gitconfig and my c:/ProgramData/Git/config files.
After that git push started working- even though I get the bogus error in front of my response of
"git: 'credential-aws' is not a git command. See 'git --help'."
Solution 4
After running below commands, I had to add the below mentioned policy to my IAM user to solve this problem. refrence
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codecommit:*"
],
"Resource": "*"
}
]
}
Solution 5
I solved it.
The 403 error message is a specifically Git error message. I added the two AWS-specified helper commands:
git config --global credential.helper '!aws --profile bruce666 codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true
and that took care of the issue.
The .git/config file in your local directory (before you clone the Codecommit repo that you had just created should look like this:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
precomposeunicode = false
[credential]
helper = !aws --profile bruce666 codecommit credential-helper $@
UseHttpPath = true
[remote "origin"]
url = https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthea
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
As specified in the .git/config file, you are cloning using https not ssh. I must not have used the default version of git that came with OSX because I did not run into any Toolchain issue.
Vietnhi Phuvan
Sys engineering is my background. Infosec is what I am. Solutions architecture is what I do. Devops is how I do it. SE (Software engineering) Devops: I implement Agile at team scale through continuous integration/continuous development. I build continuous integration pipelines. I also build Big Data pipelines. Working with both SE and Operations, I automate the continuous deployment of continuously developed applications. Any SE that I do is from the Devops side of the House i.e. getting the management of the software engineering process right is more important than getting the code architecture right, and getting the code architecture is more important than getting the code well written and well documented. Operations Devops: I implement better business continuity and better disaster recovery through continuous deployment. I implement Agility through scalability on demand - No more old style capacity planning. If you operate your web site as a service provider and revenue generator, it is mission-critical that you implement Agility in Operations. The systematic consistency, reliability and up to dateness of "Infrastructure as code" and "immutable infrastructure" is what I want to have. The code has to to be idempotent, it has to be up to date and it has to work. Period. Any unauthorized change in infrastructure will be eliminated as the code that controls the infrastructure is run. Period. ANY change in infrastructure must be implemented through changes in the code. Period. I don't want to guess at what somebody wrote in their documentation 6 months ago and hope that it is up to date if I have to restore a full network now - and I an restoring it within hours not weeks not a month. Providing Agility in Operations through scalability requires excellence and proficiency in Cloud operations. I view AWS as providing the most complete set of services of any Cloud provider. However, no one does Data Analytics like IBM, no one does SEO and low latency hyper scalability like Google and presumably, no one does Windows Server instances and enterprise-scale Active Directory like Microsoft. The optimal setup will involves mixing and matching of best of breed Cloud services. Security Devops aka SecDevOps: Working with SE and Operations, I apply "infrastructure as code" and "immutable infrastructure" to deploy patches quickly and reliably - I love being able to blue-green within 25 minutes a production network that's been hit by zero-day malware. "Immutable infrastructure" is especially valuable to me because I am more worried about users with all the right permissions doing stupid like leaving doors open for random hackers to find. Work with software engineering teams to implement app security through microservices architecture and input validations and to have them architect their apps for cost-effective audit compliance. And yes, proficiency in orchestration tools is mission critical.
Updated on July 08, 2022Comments
-
Vietnhi Phuvan almost 2 years
My local laptop is a Mac.
- The ssh key is configured properly. This is the content of ~/.ssh/config
Host barthea Hostname git-codecommit.us-east-1.amazonaws.com User AVVVVVVVVVVVVVVVVVQ IdentityFile ~/.ssh/aws-aws.pemRunning ssh barthea gets me
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.-
I created an IAM user bruce666 complete with password and access keys, made this user part of the "team" group.Then I created a policy that includes "AWSCodeCommitPowerUsers" and assigned this policy to "team". And finally assigned bruce666 to "team". At this point, bruce666 can access any repo in CodeCommit through the management console.
-
I ran aws config --profile bruce666, fed in his access and secret key, his region and specified the format at json. At this point, I was able to create the rekha repo in CodeCommmit by running aws codecommit get-repository --repository-name rekha --profile bruce666
-
I can create a couple of dummy files, run git init, git add . , git commit -m "1", git add origin https://git-gitcode.amzonaws.com/repos/v1/rekha , git push -u origin master And that operation will be successful.
-
However, when I run git clone ssh://git-gitcode.amazonaws.com/repos/v1/rekha , I get "fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthia/': The requested URL returned error: 403" What gives?