如何授予ElasticBeanstalk访问AWS CodeCommit的权限
[英]How to give ElasticBeanstalk access to AWS CodeCommit
问题描述
I am deploying a Flask application to ElasticBeanstalk. 
我正在将Flask应用程序部署到ElasticBeanstalk。 One of the dependencies of this application is a package that should be installed from a CodeCommit git repository. 此应用程序的依赖项之一是应从CodeCommit git存储库安装的软件包。
Locally, I have successfully set up SSH to connect to the CodeCommit repo to pip install and push code. 在本地,我已经成功设置了SSH以连接到CodeCommit存储库以pip install和推送代码。 I have added the package to requirements.txt , and locally this installs fine with pip . 我已经将软件包添加到requirements.txt ,并且在本地使用pip可以很好地安装。
The question is, how should I configure EBS to have SSH access to this repo? 问题是,我应该如何配置EBS使其具有对此存储库的SSH访问权限?
I see the IAM role used by EBS is aws-elasticbeanstalk-ec2-role . 我看到EBS使用的IAM角色是aws-elasticbeanstalk-ec2-role 。 I attached the AWSCodeCommitReadOnly policy to this role, but to no avail. 我将AWSCodeCommitReadOnly策略附加到了该角色,但无济于事。
In the eb-activity.log it gives an SSH error when trying to get the package from CodeCommit: 在eb-activity.log ,当尝试从CodeCommit获取软件包时,它给出SSH错误:
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
How should I configure access to AWS CodeCommit from EBS? 如何配置从EBS对AWS CodeCommit的访问?
1 个解决方案
解决方案1
0 2015-11-16 17:11:36
My suggestion would be to use HTTPS instead of SSH to access your AWS CodeCommit repository. 我的建议是使用HTTPS而不是SSH来访问您的AWS CodeCommit存储库。 Your instances already have permission through the role and policy you have set up and the AWS CLI available. 您的实例已经通过您设置的角色和策略以及可用的AWS CLI拥有权限。 All you would need to do is run the commands that configure the git-credential helper: 您需要做的就是运行配置git-credential帮助程序的命令:
git config --global credential.helper '!aws --profile default codecommit credential-helper $@'
git config --global credential.UseHttpPath true
Hope that helps! 希望有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.