using codecommit with lightsail bitnami instance


I have a repo in codecommit and a lightsail bitnami instance. I'd like to use codecommit for the git remote from inside the ligthsail instance. I have configured aws sso login as well as installed git-remote-codecommit; I'm able to authenticate using aws sso login successfully for both bitnami and root user (since it seems you need to be root to do almost everything within bitnami). However, when I try to git clone codecommit::us-east-1://<my-repo> I get a 403.

My laptop is configured with almost identical profile in .aws/config, and I'm able to git clone from the repo just fine (using the same IAM role), so I don't think that is the issue.

Am I missing a step?

2 réponses

Hi, thank you so much for taking the time. The permission set is more or less identical to the one on my laptop. here is the .aws/config file on my laptop (sensitive info redacted):

[profile dev]

[sso-session my_session]

From .aws.config from my lightsail instance:

[profile pu]
sso_session = lightsail-node1
sso_account_id = 1234567890   //same as above
sso_role_name = PowerUserAccess
region = us-east-1
output = json

[sso-session lightsail-node1]
sso_start_url =    // same as above
sso_region = us-east-1
sso_registration_scopes = sso:account:access

when I git clone on my laptop (the former profile), it works. The lightsail instance (latter one) gives the 403.

répondu il y a 4 mois
  • the logs aren't particularly helpful, although I do see "mfaAuthenticated":"false" in there. Not sure if this is relevant, or how I would mfa authenticate my lightsail bitnami SSH session . . .




Since it is a 403 error, I believe that the SSO user may not have sufficient privileges.
What permission set does the SSO user have?
There is probably a history of GitPull execution in CloudTrail's API history, so you may be able to check the details from there.

Does the command specify the profile and repository name as below?

git clone codecommit::ap-northeast-1://profilename@repositoryname
profile picture
répondu il y a 4 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions