[英]Git clone works in AWS CodeCommit but pushing fails with 403
I can clone my CodeCommit repository successfully, but when I try to push to it, I get 403. Fetching and pulling works, however. 我可以成功克隆我的CodeCommit存储库,但是当我尝试将其推送到存储库时,我得到403。但是,获取和拉取作品却可以。 It's as if I have read-only access.
好像我具有只读访问权限。
I have setup my .gitconfig
to use AWS CLI for credential manager: 我已将
.gitconfig
设置为使用AWS CLI作为凭证管理器:
[credential]
helper = !aws --profile builder codecommit credential-helper $@
UseHttpPath = true
The problem is that the error doesn't tell me why pushing is failing: 问题是错误没有告诉我推送失败的原因:
$ git push origin test-branch
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-example-repo/': The requested URL returned error: 403
Most questions on the internet about his error are when cloning fails, but cloning works for me. 互联网上有关他的错误的大多数问题是克隆失败时,但是克隆对我有用。 I found this question where cloning succeeds and pushing fails, but his error is different - aws codecommit cannot push .
我发现了克隆成功而推送失败的问题,但他的错误有所不同-aws codecommit无法推送 。
Edit: : After looking at my CodeCommit policy, it has Full: Read Limited: List, Write
: 编辑::在查看我的CodeCommit策略后,它具有“
Full: Read Limited: List, Write
:
There is also a ResourceSpecifier = foo-*
, but that holds for GitPull
permission and pulling works, so I doubt it's the resource specifier. 还有一个
ResourceSpecifier = foo-*
,但是它适用于GitPull
权限和拉取工作,因此我怀疑它是资源说明符。
I imagine you're right about the read-only permissions. 我想您对只读权限是正确的。 As the docs state, you need the
codecommit:GitPush
permission in your IAM policy to be allowed to push commits from your local repository to the CodeCommit repository. 如文档所述 ,您需要在IAM策略中具有
codecommit:GitPush
权限,以允许将提交从本地存储库推送到CodeCommit存储库。
Being able to pull the repository means your credentials are set up correctly, if they weren't you wouldn't be able to git pull
/ git fetch
at all. 能够提取存储库意味着您的凭据已正确设置,如果不正确,则根本无法进行
git pull
/ git fetch
。
For MacOS: Delete the code-commit internet passwords in Keychain and try again. 对于MacOS:在“钥匙串”中删除密码输入互联网密码,然后重试。 Also:
也:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
@Tom's answer sent me in the right direction. @汤姆的答案向我指示了正确的方向。 To expand on it, the reason was that my user had a write permissions only for repositories whose name matches a certain pattern containing wildcards.
对此进行扩展,原因是我的用户仅对名称与包含通配符的特定模式匹配的存储库具有写权限。
This pattern is from the policy JSON, and looks like this: 此模式来自策略JSON,如下所示:
"Resource": "arn:aws:codecommit:*:*:bar*"
This pattern would give me write access to any repository whose names starts with bar
, so I could push to a repo named bar
or bar2
, but not to a repo named foo-bar
because it doesn't start with bar
even though it contains it. 这种模式可以使我对任何以
bar
开头的存储库进行写访问,因此我可以推送到名为bar
或bar2
,但不能推送到名为foo-bar
因为即使它包含bar
也不会以bar
开头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.