[英]IAM blocks access to AWS CodeCommit repo
I set up SSH access to CodeCommit and tested the connection:我设置了对 CodeCommit 的 SSH 访问并测试了连接:
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.
When I attempt to clone or push, I see this error:当我尝试克隆或推送时,我看到此错误:
Access denied: User: arn:aws:iam::##########:user/me@me.com is not authorized to perform: codecommit:GitPull on resource: arn:aws:codecommit:us-east-1:##########:my-repo
Even after adding a policy to my user to access all operations on this repo, I cannot clone or push.即使在向我的用户添加策略以访问此存储库上的所有操作后,我也无法克隆或推送。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codecommit:*"
],
"Resource": [
"arn:aws:codecommit:us-east-1:##########:my-repo"
]
}
]
}
What gives?什么给? Is anyone else having trouble with this?
还有其他人有这个问题吗?
A few things could cause this:有几件事可能会导致这种情况:
If there are any group permissions denying access to CodeCommit如果有任何组权限拒绝访问 CodeCommit
If you are using multi factor authentication, that will not work with SSH ( http://docs.aws.amazon.com/codecommit/latest/userguide/temporary-access.html )如果您使用的是多因素身份验证,这将不适用于 SSH ( http://docs.aws.amazon.com/codecommit/latest/userguide/temporary-access.html )
An IAM policy denying access to KMS拒绝访问 KMS 的 IAM 策略
If you post this on the AWS forums, we can use your account ID to help you troubleshoot your issue.如果您在 AWS 论坛上发帖,我们可以使用您的账户 ID 来帮助您解决问题。
In my case I had a policy that attempted to require MFA login for most things other than setting up MFA in AWS.就我而言,我有一个策略,除了在 AWS 中设置 MFA 之外,其他大多数事情都试图要求 MFA 登录。 I ended up adding codecommit as an exemption to the MFA required policy so I didn't have to do anything extra in our developer's environments to handle MFA login for git access to codecommit.
我最终添加了 codecommit 作为 MFA 所需策略的豁免,因此我不必在我们的开发人员环境中做任何额外的事情来处理 MFA 登录以 git 访问 codecommit。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.