堆栈内存溢出
  简体   繁体   English

IAM 阻止访问 AWS CodeCommit 存储库

[英]IAM blocks access to AWS CodeCommit repo

 原文  2017-10-06 21:11:14       git/ amazon-web-services/ aws-codecommit

问题描述

I set up SSH access to CodeCommit and tested the connection:我设置了对 CodeCommit 的 SSH 访问并测试了连接:

You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.

When I attempt to clone or push, I see this error:当我尝试克隆或推送时,我看到此错误:

Access denied: User: arn:aws:iam::##########:user/me@me.com is not authorized to perform: codecommit:GitPull on resource: arn:aws:codecommit:us-east-1:##########:my-repo

Even after adding a policy to my user to access all operations on this repo, I cannot clone or push.即使在向我的用户添加策略以访问此存储库上的所有操作后,我也无法克隆或推送。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codecommit:*"
            ],
            "Resource": [
                "arn:aws:codecommit:us-east-1:##########:my-repo"
            ]
        }
    ]
}

What gives?什么给? Is anyone else having trouble with this?还有其他人有这个问题吗?

2 个解决方案

解决方案1
 0  2017-10-10 00:05:28

A few things could cause this:有几件事可能会导致这种情况:

  1. If there are any group permissions denying access to CodeCommit如果有任何组权限拒绝访问 CodeCommit

  2. If you are using multi factor authentication, that will not work with SSH ( http://docs.aws.amazon.com/codecommit/latest/userguide/temporary-access.html )如果您使用的是多因素身份验证,这将不适用于 SSH ( http://docs.aws.amazon.com/codecommit/latest/userguide/temporary-access.html )

  3. An IAM policy denying access to KMS拒绝访问 KMS 的 IAM 策略

If you post this on the AWS forums, we can use your account ID to help you troubleshoot your issue.如果您在 AWS 论坛上发帖,我们可以使用您的账户 ID 来帮助您解决问题。

解决方案2
 0  2020-09-16 14:21:18

In my case I had a policy that attempted to require MFA login for most things other than setting up MFA in AWS.就我而言,我有一个策略,除了在 AWS 中设置 MFA 之外,其他大多数事情都试图要求 MFA 登录。 I ended up adding codecommit as an exemption to the MFA required policy so I didn't have to do anything extra in our developer's environments to handle MFA login for git access to codecommit.我最终添加了 codecommit 作为 MFA 所需策略的豁免,因此我不必在我们的开发人员环境中做任何额外的事情来处理 MFA 登录以 git 访问 codecommit。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用IAM访问ID和密钥对AWS CodeCommit git repo进行身份验证? - How to authenticate against AWS CodeCommit git repo with IAM access id and secret key? AWS IAM策略来限制对CodeCommit分支的访问,并在其名称中使用通配符 - AWS IAM policy to limit access to CodeCommit branches with wildcards in their names AWS仅使用角色即可对CodeCommit存储库进行跨帐户访问(无静态凭证) - AWS cross account access to CodeCommit repo with roles only (no static credentials) 将Jenkins连接到AWS CodeCommit存储库 - Connecting Jenkins to AWS CodeCommit Repo 适用于CodeCommit回购同步的AWS Lambda - AWS Lambda for CodeCommit repo sync 通过HTTP克隆AWS Codecommit存储库 - clone AWS codecommit repo via HTTP 将Git Repo直接镜像到AWS CodeCommit - Mirror a Git Repo directly to AWS CodeCommit git 克隆到 AWS Codecommit 存储库返回 403 - git clone to AWS Codecommit repo returns 403 从TeamCity访问AWS CodeCommit - Access AWS CodeCommit from TeamCity 我是否必须创建 IAM 用户才能使用 AWS CodeCommit? - Must I create an IAM user in order to use AWS CodeCommit?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM