Git克隆可在AWS CodeCommit中使用,但推送失败并显示403
[英]Git clone works in AWS CodeCommit but pushing fails with 403
问题描述
I can clone my CodeCommit repository successfully, but when I try to push to it, I get 403. Fetching and pulling works, however. 
我可以成功克隆我的CodeCommit存储库,但是当我尝试将其推送到存储库时,我得到403。但是,获取和拉取作品却可以。 It's as if I have read-only access. 好像我具有只读访问权限。
I have setup my .gitconfig to use AWS CLI for credential manager: 我已将.gitconfig设置为使用AWS CLI作为凭证管理器:
[credential]
helper = !aws --profile builder codecommit credential-helper $@
UseHttpPath = true
The problem is that the error doesn't tell me why pushing is failing: 问题是错误没有告诉我推送失败的原因:
$ git push origin test-branch
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-example-repo/': The requested URL returned error: 403
Most questions on the internet about his error are when cloning fails, but cloning works for me. 互联网上有关他的错误的大多数问题是克隆失败时,但是克隆对我有用。 I found this question where cloning succeeds and pushing fails, but his error is different - aws codecommit cannot push . 我发现了克隆成功而推送失败的问题,但他的错误有所不同-aws codecommit无法推送 。
Edit: : After looking at my CodeCommit policy, it has Full: Read Limited: List, Write : 编辑::在查看我的CodeCommit策略后,它具有“ Full: Read Limited: List, Write :
There is also a ResourceSpecifier = foo-* , but that holds for GitPull permission and pulling works, so I doubt it's the resource specifier. 还有一个ResourceSpecifier = foo-* ,但是它适用于GitPull权限和拉取工作,因此我怀疑它是资源说明符。
3 个解决方案
解决方案1
1 已采纳 2017-11-15 19:39:32
I imagine you're right about the read-only permissions. 我想您对只读权限是正确的。 As the docs state, you need the codecommit:GitPush permission in your IAM policy to be allowed to push commits from your local repository to the CodeCommit repository. 如文档所述 ,您需要在IAM策略中具有codecommit:GitPush权限,以允许将提交从本地存储库推送到CodeCommit存储库。
Being able to pull the repository means your credentials are set up correctly, if they weren't you wouldn't be able to git pull / git fetch at all. 能够提取存储库意味着您的凭据已正确设置,如果不正确,则根本无法进行git pull / git fetch 。
解决方案2
1 2018-03-08 00:50:33
For MacOS: Delete the code-commit internet passwords in Keychain and try again. 对于MacOS:在“钥匙串”中删除密码输入互联网密码,然后重试。 Also: 也:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
解决方案3
0 2017-11-18 09:45:57
@Tom's answer sent me in the right direction. @汤姆的答案向我指示了正确的方向。 To expand on it, the reason was that my user had a write permissions only for repositories whose name matches a certain pattern containing wildcards. 对此进行扩展,原因是我的用户仅对名称与包含通配符的特定模式匹配的存储库具有写权限。
This pattern is from the policy JSON, and looks like this: 此模式来自策略JSON,如下所示:
"Resource": "arn:aws:codecommit:*:*:bar*"
This pattern would give me write access to any repository whose names starts with bar , so I could push to a repo named bar or bar2 , but not to a repo named foo-bar because it doesn't start with bar even though it contains it. 这种模式可以使我对任何以bar开头的存储库进行写访问,因此我可以推送到名为bar或bar2 ,但不能推送到名为foo-bar因为即使它包含bar也不会以bar开头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.