using codecommit with lightsail bitnami instance

0

I have a repo in codecommit and a lightsail bitnami instance. I'd like to use codecommit for the git remote from inside the ligthsail instance. I have configured aws sso login as well as installed git-remote-codecommit; I'm able to authenticate using aws sso login successfully for both bitnami and root user (since it seems you need to be root to do almost everything within bitnami). However, when I try to git clone codecommit::us-east-1://<my-repo> I get a 403.

My laptop is configured with almost identical profile in .aws/config, and I'm able to git clone from the repo just fine (using the same IAM role), so I don't think that is the issue.

Am I missing a step?

已提问 4 个月前210 查看次数
2 回答
0

Hi, thank you so much for taking the time. The permission set is more or less identical to the one on my laptop. here is the .aws/config file on my laptop (sensitive info redacted):

[profile dev]
sso_session=my_session
sso_account_id=1234567890
sso_role_name=PowerUserAccess
region=us-east-1
output=json

[sso-session my_session]
sso_start_url=https://99999999.awsapps.com/start
sso_region=us-east-1
sso_registration_scopes=sso:account:access

From .aws.config from my lightsail instance:


[profile pu]
sso_session = lightsail-node1
sso_account_id = 1234567890   //same as above
sso_role_name = PowerUserAccess
region = us-east-1
output = json

[sso-session lightsail-node1]
sso_start_url = https://99999999.awsapps.com/start#.    // same as above
sso_region = us-east-1
sso_registration_scopes = sso:account:access

when I git clone on my laptop (the former profile), it works. The lightsail instance (latter one) gives the 403.

已回答 4 个月前
  • the logs aren't particularly helpful, although I do see "mfaAuthenticated":"false" in there. Not sure if this is relevant, or how I would mfa authenticate my lightsail bitnami SSH session . . .

    Naomi

0

Hello.

Since it is a 403 error, I believe that the SSO user may not have sufficient privileges.
What permission set does the SSO user have?
There is probably a history of GitPull execution in CloudTrail's API history, so you may be able to check the details from there.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html

Does the command specify the profile and repository name as below?
https://github.com/aws/git-remote-codecommit

git clone codecommit::ap-northeast-1://profilename@repositoryname
profile picture
专家
已回答 4 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则