using codecommit with lightsail bitnami instance

0

I have a repo in codecommit and a lightsail bitnami instance. I'd like to use codecommit for the git remote from inside the ligthsail instance. I have configured aws sso login as well as installed git-remote-codecommit; I'm able to authenticate using aws sso login successfully for both bitnami and root user (since it seems you need to be root to do almost everything within bitnami). However, when I try to git clone codecommit::us-east-1://<my-repo> I get a 403.

My laptop is configured with almost identical profile in .aws/config, and I'm able to git clone from the repo just fine (using the same IAM role), so I don't think that is the issue.

Am I missing a step?

2 Antworten
0

Hi, thank you so much for taking the time. The permission set is more or less identical to the one on my laptop. here is the .aws/config file on my laptop (sensitive info redacted):

[profile dev]
sso_session=my_session
sso_account_id=1234567890
sso_role_name=PowerUserAccess
region=us-east-1
output=json

[sso-session my_session]
sso_start_url=https://99999999.awsapps.com/start
sso_region=us-east-1
sso_registration_scopes=sso:account:access

From .aws.config from my lightsail instance:


[profile pu]
sso_session = lightsail-node1
sso_account_id = 1234567890   //same as above
sso_role_name = PowerUserAccess
region = us-east-1
output = json

[sso-session lightsail-node1]
sso_start_url = https://99999999.awsapps.com/start#.    // same as above
sso_region = us-east-1
sso_registration_scopes = sso:account:access

when I git clone on my laptop (the former profile), it works. The lightsail instance (latter one) gives the 403.

beantwortet vor 4 Monaten
  • the logs aren't particularly helpful, although I do see "mfaAuthenticated":"false" in there. Not sure if this is relevant, or how I would mfa authenticate my lightsail bitnami SSH session . . .

    Naomi

0

Hello.

Since it is a 403 error, I believe that the SSO user may not have sufficient privileges.
What permission set does the SSO user have?
There is probably a history of GitPull execution in CloudTrail's API history, so you may be able to check the details from there.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

Does the command specify the profile and repository name as below?
https://github.com/aws/git-remote-codecommit

git clone codecommit::ap-northeast-1://profilename@repositoryname
profile picture
EXPERTE
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen