请求的URL返回错误：403，AWS Server less: Amplify app to CodeCommit

Question

Trying to host a web application (html) using server-less approach on AWS Amplify connecting to the AWS CodeCommit repository(where the html code version history is maintained). Save and Deploy app on Amplify is failing in 'Build' step and is returning the following error:

2020-08-17T01:32:37.631Z [INFO]: Cloning into 'Test'...

2020-08-17T01:32:42.406Z [INFO]: fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/': The requested URL returned error: 403

2020-08-17T01:32:42.409Z [ERROR]: !!! Unable to clone repository

Steps followed : https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/module-1/ The step-1(Host a static website, in above link) only working if I give the repo name as 'wildrydes-site' exactly. If I jus change the name to something else with all the same files, it doesn't work. Am I missing something here??

Answer 1

If you are getting a 403 error, you could check the policy associated with the service role in IAM. You need to specify the CodeCommit repository within the policy that uses the service role you specified in Amplify.

Amplify App Detail

Service Role Policy

Answer 2

The amplify app is is missing permissions to your git repository. Make sure you connect your AWS Amplify app to your repository in AWS CodeCommit .

Here's an image excerpt:

Answer 3

Please check the auto generated policy "AWSAmplifyExecutionPolicy" created by AWSAmplify in IAM console. The autogenerated AWSAmplifyExecutionPolicy specifies permission to access your repository in CodeCommit. The Resource in the CodeCommit policy, should have the ARN of your repository.

Answer 4

You need to set service role for your app. If you don't have a service role for amplify backend deployment, you have to create one.

The Amplify Console requires permissions to deploy backend resources with your front end. You use a service role to accomplish this

The following would be helpful.

Adding a service role to the Amplify Console when you connect an app

1. create role for aws service. select use cases "Amplify" then "Backend Deployment"

2. go to amplify console. open app settings, general. Set this role for your app's service role

Answer 5

Add a inline policy to give access on Codecommit to clone the repository and check the build code for any further errors.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "codecommit:*",
            "Resource": "*"
        }
    ]
}

Answer 6

check your role policy json in that check whether this is policy having access of your repo arn

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Resource": [
            "arn:aws:logs:ap-south-1:<accountid>:log-group:/aws/amplify/xxxxxx",
            "arn:aws:logs:ap-south-1:<accountid>:log-group:/aws/amplify/xxxxxx:*"
        ],
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ]
    },
    {
        "Effect": "Allow",
        "Resource": [ // here is your repo arn is required if not not present add it
            "arn:aws:codecommit:ap-south-1:<accountid>:<repo_name>",
            "arn:aws:codecommit:ap-south-1:<accountid>:<repo_name>"
        ],
        "Action": [
            "codecommit:GitPull"
        ]
    }
]
}

Answer 7

I encounter the same issue. As other answer mentioned, there need a role.

I want to give my detail steps:

1. goto amplify console;
2. choose the application;
3. click "general" in "application setting" in the left menu;
4. click "edit" at the right top;
5. click "create new role";
6. In the next page, some items will be choosed automatically, include "AWS production", "Amplify", "Amplify - Backend Deployment";
7. next and next;

If this procedure failed, try to get more authority or login as admin.