By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

using codecommit with lightsail bitnami instance

0

I have a repo in codecommit and a lightsail bitnami instance. I'd like to use codecommit for the git remote from inside the ligthsail instance. I have configured aws sso login as well as installed git-remote-codecommit; I'm able to authenticate using aws sso login successfully for both bitnami and root user (since it seems you need to be root to do almost everything within bitnami). However, when I try to git clone codecommit::us-east-1://<my-repo> I get a 403.

My laptop is configured with almost identical profile in .aws/config, and I'm able to git clone from the repo just fine (using the same IAM role), so I don't think that is the issue.

Am I missing a step?

Topics
Developer ToolsComputeManagement & Governance
Tags
AWS CodeCommitAmazon LightsailAWS Command Line Interface
Language
English
Naomi Luxxe
asked 3 months ago188 views
2 Answers
0

Hi, thank you so much for taking the time. The permission set is more or less identical to the one on my laptop. here is the .aws/config file on my laptop (sensitive info redacted):

[profile dev]
sso_session=my_session
sso_account_id=1234567890
sso_role_name=PowerUserAccess
region=us-east-1
output=json

[sso-session my_session]
sso_start_url=https://99999999.awsapps.com/start
sso_region=us-east-1
sso_registration_scopes=sso:account:access

From .aws.config from my lightsail instance:


[profile pu]
sso_session = lightsail-node1
sso_account_id = 1234567890   //same as above
sso_role_name = PowerUserAccess
region = us-east-1
output = json

[sso-session lightsail-node1]
sso_start_url = https://99999999.awsapps.com/start#.    // same as above
sso_region = us-east-1
sso_registration_scopes = sso:account:access

when I git clone on my laptop (the former profile), it works. The lightsail instance (latter one) gives the 403.

Naomi Luxxe
answered 3 months ago
  • Naomi Luxxe
    3 months ago

    the logs aren't particularly helpful, although I do see "mfaAuthenticated":"false" in there. Not sure if this is relevant, or how I would mfa authenticate my lightsail bitnami SSH session . . .

    Naomi

0

Hello.

Since it is a 403 error, I believe that the SSO user may not have sufficient privileges.
What permission set does the SSO user have?
There is probably a history of GitPull execution in CloudTrail's API history, so you may be able to check the details from there.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

Does the command specify the profile and repository name as below?
https://github.com/aws/git-remote-codecommit

git clone codecommit::ap-northeast-1://profilename@repositoryname
profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content