stackoom
  简体   繁体   中英

Git clone works in AWS CodeCommit but pushing fails with 403

 原文  2017-11-15 16:22:24       git/ amazon-web-services/ git-push/ aws-codecommit

Question

I can clone my CodeCommit repository successfully, but when I try to push to it, I get 403. Fetching and pulling works, however. It's as if I have read-only access.

I have setup my .gitconfig to use AWS CLI for credential manager: 

[credential]
        helper = !aws --profile builder codecommit credential-helper $@
        UseHttpPath = true

The problem is that the error doesn't tell me why pushing is failing: 

$ git push origin test-branch
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-example-repo/': The requested URL returned error: 403

Most questions on the internet about his error are when cloning fails, but cloning works for me. I found this question where cloning succeeds and pushing fails, but his error is different - aws codecommit cannot push .

Edit: : After looking at my CodeCommit policy, it has Full: Read Limited: List, Write :

在此处输入图片说明

There is also a ResourceSpecifier = foo-* , but that holds for GitPull permission and pulling works, so I doubt it's the resource specifier.

3 answers

solution1
 1 ACCPTED  2017-11-15 19:39:32

I imagine you're right about the read-only permissions. As the docs state, you need the codecommit:GitPush permission in your IAM policy to be allowed to push commits from your local repository to the CodeCommit repository.

Being able to pull the repository means your credentials are set up correctly, if they weren't you wouldn't be able to git pull / git fetch at all.

solution2
 1  2018-03-08 00:50:33

For MacOS: Delete the code-commit internet passwords in Keychain and try again. Also: 

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

solution3
 0  2017-11-18 09:45:57

@Tom's answer sent me in the right direction. To expand on it, the reason was that my user had a write permissions only for repositories whose name matches a certain pattern containing wildcards.

This pattern is from the policy JSON, and looks like this: 

"Resource": "arn:aws:codecommit:*:*:bar*"

This pattern would give me write access to any repository whose names starts with bar , so I could push to a repo named bar or bar2 , but not to a repo named foo-bar because it doesn't start with bar even though it contains it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question git clone to AWS Codecommit repo returns 403 AWS CodeCommit Eclipse Git Clone Push Git clone for git codecommit repository giving 403 error Pushing from local git repository to two different aws codecommit Clone AWS CodeCommit git repository using GitPython with https credentials git clone errors using against AWS CodeCommit from Jenkins AWS SSO, Codecommit (GRC git clone link) and npm install AWS Codecommit Git Clone error : fatal: unable to find remote helper for 'codecommit' AWS: Can't clone repo Codecommit, The requested URL returned error: 403 git clone fails with 403 when running git server on windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM