当前位置: 动力学知识库 > 问答 > 编程问答 >

Unable to clone AWS CodeCommit with IAM Role

问题描述:

I have following settings with my ec2 instance, but no luck.

And there is a same issue on aws forum but no answer.

~/.gitconfig:

[credential]

helper = !aws --region us-east-1 codecommit credential-helper [email protected]

UseHttpPath = true

IAM Role Policy for the EC2 Instance:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"codecommit:*"

],

"Resource": "*"

}

]

}

Then following code works:

echo -e "protocol=https\npath=/v1/repos/my-repo\nhost=git-codecommit.us-east-1.amazonaws.com" | aws --region us-east-1 codecommit credential-helper get

However, with git, it doesn't.

git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo

Cloning into 'my-repo'...

fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo/': The requested URL returned error: 403

Any ideas?

UPDATE

After some investigation, I figure out that attached IAM Role doesn't work git operation, but IAM User worked fine.

| Type | list-repositories | credential-helper | git operation |

| IAM User with CodeCommitFullAccess | OK | OK | OK |

| IAM Role with CodeCommitFullAccess | OK | OK | NG |

Tries following command:

  • list-repositories

    aws codecommit list-repositories

  • credential-helper

    echo -e "protocol=http\npath=/v1/repos/my-repo\nhost=git-codecommit.us-east-1.amazonaws.com" | aws --region=us-east-1 codecommit credential-helper get

  • git operation

    git clone --config credential.helper='!aws --region=us-east-1 codecommit credential-helper [email protected]' --config credential.UseHttpPath=true https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo

my awscli version is following:

$ aws --version

aws-cli/1.10.44 Python/2.7.5 Linux/3.10.0-327.10.1.el7.x86_64 botocore/1.4.34

Update2

My git and curl version is as following:

$ git --version

git version 1.8.3.1

$ curl --version

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp

Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

网友答案:

You need to be using at least curl 7.33 or later. From the CodeCommit documentation:

AWS CodeCommit requires curl 7.33 and later. However, there is a known issue with HTTPS 
and curl update 7.41.0.
分享给朋友:
您可能感兴趣的文章:
随机阅读: