[英]The requested URL returned error: 403, AWS Server less: Amplify app to CodeCommit
Trying to host a web application (html) using server-less approach on AWS Amplify connecting to the AWS CodeCommit repository(where the html code version history is maintained).尝试在 AWS Amplify 上使用无服务器方法托管 web 应用程序 (html) 连接到 AWS CodeCommit 存储库(其中维护 html 代码版本历史记录)。 Save and Deploy app on Amplify is failing in 'Build' step and is returning the following error:
在 Amplify 上保存和部署应用程序在“构建”步骤中失败,并返回以下错误:
2020-08-17T01:32:37.631Z [INFO]: Cloning into 'Test'... 2020-08-17T01:32:37.631Z [信息]:克隆到“测试”...
2020-08-17T01:32:42.406Z [INFO]: fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/': The requested URL returned error: 403 2020-08-17T01:32:42.406Z [信息]:致命:无法访问“https://git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/”:请求的 URL 已返回错误:403
2020-08-17T01:32:42.409Z [ERROR]: !!! 2020-08-17T01:32:42.409Z [错误]:!!! Unable to clone repository
无法克隆存储库
Steps followed : https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/module-1/ The step-1(Host a static website, in above link) only working if I give the repo name as 'wildrydes-site' exactly.遵循的步骤: https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/module-1/步骤 1(主机static 网站,在上面的链接中)只有当我将回购名称准确地指定为“wildrydes-site”时才有效。 If I jus change the name to something else with all the same files, it doesn't work.
如果我只是将名称更改为具有所有相同文件的其他名称,那是行不通的。 Am I missing something here??
我在这里错过了什么吗?
If you are getting a 403 error, you could check the policy associated with the service role in IAM.如果您收到 403 错误,您可以检查与 IAM 中的服务角色关联的策略。 You need to specify the CodeCommit repository within the policy that uses the service role you specified in Amplify.
您需要在使用您在 Amplify 中指定的服务角色的策略中指定 CodeCommit 存储库。
The amplify app is is missing permissions to your git repository.放大应用程序缺少 git 存储库的权限。 Make sure you connect your AWS Amplify app to your repository in AWS CodeCommit .
确保将AWS Amplify 应用程序连接到 AWS CodeCommit 中的存储库。
Here's an image excerpt:这是一个图像摘录:
Please check the auto generated policy "AWSAmplifyExecutionPolicy" created by AWSAmplify in IAM console.请在 IAM 控制台中检查 AWSAmplify 创建的自动生成的策略“AWSAmplifyExecutionPolicy”。 The autogenerated AWSAmplifyExecutionPolicy specifies permission to access your repository in CodeCommit.
自动生成的 AWSAmplifyExecutionPolicy 指定在 CodeCommit 中访问您的存储库的权限。 The Resource in the CodeCommit policy, should have the ARN of your repository.
CodeCommit 策略中的 Resource 应具有存储库的 ARN。
You need to set service role for your app.您需要为您的应用设置服务角色。 If you don't have a service role for amplify backend deployment, you have to create one.
如果您没有放大后端部署的服务角色,则必须创建一个。
The Amplify Console requires permissions to deploy backend resources with your front end.
Amplify 控制台需要使用您的前端部署后端资源的权限。 You use a service role to accomplish this
您使用服务角色来完成此任务
The following would be helpful.以下内容会有所帮助。
Adding a service role to the Amplify Console when you connect an app 连接应用程序时向 Amplify 控制台添加服务角色
create role for aws service.为 aws 服务创建角色。 select use cases "Amplify" then "Backend Deployment"
select 用例“放大”然后“后端部署”
go to amplify console. go 放大控制台。 open app settings, general.
打开应用程序设置,一般。 Set this role for your app's service role
为您的应用的服务角色设置此角色
Add a inline policy to give access on Codecommit to clone the repository and check the build code for any further errors.添加内联策略以授予对 Codecommit 的访问权限以克隆存储库并检查构建代码是否有任何进一步的错误。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "codecommit:*",
"Resource": "*"
}
]
}
check your role policy json in that check whether this is policy having access of your repo arn检查您的角色政策 json检查这是否是可以访问您的回购协议的政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:ap-south-1:<accountid>:log-group:/aws/amplify/xxxxxx",
"arn:aws:logs:ap-south-1:<accountid>:log-group:/aws/amplify/xxxxxx:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [ // here is your repo arn is required if not not present add it
"arn:aws:codecommit:ap-south-1:<accountid>:<repo_name>",
"arn:aws:codecommit:ap-south-1:<accountid>:<repo_name>"
],
"Action": [
"codecommit:GitPull"
]
}
]
}
I encounter the same issue.我遇到了同样的问题。 As other answer mentioned, there need a role.
正如其他答案提到的,需要一个角色。
I want to give my detail steps:我想给出我的详细步骤:
If this procedure failed, try to get more authority or login as admin.如果此过程失败,请尝试获得更多权限或以管理员身份登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.