针对 AWS CodeCommits 运行 git clone 出现 403 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34517534/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
running git clone against AWS CodeCommits gets me a 403 error
提问by Vietnhi Phuvan
My local laptop is a Mac.
我的本地笔记本电脑是 Mac。
The ssh key is configured properly. This is the content of ~/.ssh/config
Host barthea Hostname git-codecommit.us-east-1.amazonaws.com User AVVVVVVVVVVVVVVVVVQ IdentityFile ~/.ssh/aws-aws.pem
ssh 密钥配置正确。这是 ~/.ssh/config 的内容
Host barthea Hostname git-codecommit.us-east-1.amazonaws.com User AVVVVVVVVVVVVVVVVVQ IdentityFile ~/.ssh/aws-aws.pem
Running ssh barthea gets me
运行 ssh barthea 让我
`You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.
` 2. I created an IAM user bruce666 complete with password and access keys, made this user part of the "team" group.Then I created a policy that includes "AWSCodeCommitPowerUsers" and assigned this policy to "team". And finally assigned bruce666 to "team". At this point, bruce666 can access any repo in CodeCommit through the management console.
` 2. 我创建了一个包含密码和访问密钥的 IAM 用户 bruce666,使该用户成为“team”组的一部分。然后我创建了一个包含“AWSCodeCommitPowerUsers”的策略并将此策略分配给“team”。最后将 bruce666 分配给“团队”。此时,bruce666 可以通过管理控制台访问 CodeCommit 中的任何 repo。
I ran aws config --profile bruce666, fed in his access and secret key, his region and specified the format at json. At this point, I was able to create the rekha repo in CodeCommmit by running aws codecommit get-repository --repository-name rekha --profile bruce666
I can create a couple of dummy files, run git init, git add ., git commit -m "1", git add origin https://git-gitcode.amzonaws.com/repos/v1/rekha, git push -u origin masterAnd that operation will be successful.
However, when I run git clone ssh://git-gitcode.amazonaws.com/repos/v1/rekha, I get "fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthia/': The requested URL returned error: 403" What gives?
我运行了aws config --profile bruce666,输入了他的访问和秘密密钥、他的区域并在 json 中指定了格式。此时,我能够通过运行aws codecommit get-repository --repository-name rekha --profile bruce666在 CodeCommmit 中创建 rekha存储库
我可以创建几个虚拟文件,运行git init,git add 。, git commit -m "1", git add origin https://git-gitcode.amzonaws.com/repos/v1/rekha, git push -u origin master这样操作就会成功。
但是,当我运行git clone ssh://git-gitcode.amazonaws.com/repos/v1/rekha 时,我得到“致命:无法访问” https://git-codecommit.us-east-1.amazonaws。 com/v1/repos/barthia/': 请求的 URL 返回错误:403" 什么给出了?
回答by user846316
On MAC, if above-mentioned tricks don't work, do the following:
在 MAC 上,如果上述技巧不起作用,请执行以下操作:
- Open Keychain Access
- Search for CodeCommit. You should find this:
- 打开钥匙串访问
- 搜索 CodeCommit。你应该找到这个:
- Select 'git-codecommit....' and press delete
- Confirm the delete.
- 选择“git-codecommit....”并按删除
- 确认删除。
Now try again. It should work. You may have to do it again next time as well when you face the error 403.
现在再试一次。它应该工作。下次遇到错误 403 时,您可能也必须再次执行此操作。
One of the possible reason for this issue is the keychain password different than login password on your MAC.
此问题的可能原因之一是钥匙串密码与 MAC 上的登录密码不同。
回答by irfanmcsd
I also face same 403 error while using git push command in windows. I done all settings mentioned in AWS docs, but non resolved my issue. After i reviewed git credential set via Windows Credential as shown in screen. I found instead of git https credentials, it set access key / secret key (don't know how).
在 Windows 中使用 git push 命令时,我也面临同样的 403 错误。我完成了 AWS 文档中提到的所有设置,但没有解决我的问题。在我查看了通过 Windows 凭据设置的 git 凭据后,如屏幕所示。我发现它不是 git https 凭据,而是设置访问密钥/秘密密钥(不知道如何)。
Click on edit link, update credential with proper git credential generated for AWS User, everything worked fine.
单击编辑链接,使用为 AWS 用户生成的正确 git 凭证更新凭证,一切正常。
回答by joezen777
This helpful text is found on the AWS documentation for codecommit and Windows integration
此有用的文本可在代码提交和 Windows 集成的 AWS 文档中找到
If your installation of Git for Windows included the Git Credential Manager utility, you will see 403 errors or prompts to provide credentials into the Credential Manager utility after the first few connection attempts. The most reliable way to solve this problem is to uninstall and then reinstall Git for Windows without the option for the Git Credential Manager utility, as it is not compatible with AWS CodeCommit.
If you want to keep the Git Credential Manager utility, you must perform additional configuration steps to also use AWS CodeCommit, including manually modifying the .gitconfig file to specify the use of the credential helper for AWS CodeCommit when connecting to AWS CodeCommit.
Remove any stored credentials from the Credential Manager utility (you can find this utility in Control Panel).
Once you have removed any stored credentials, add the following to your .gitconfig file, save it, and then try connecting again from a new command prompt window:
如果您的 Windows 版 Git 安装包括 Git Credential Manager 实用程序,您将看到 403 错误或提示,在前几次连接尝试后向 Credential Manager 实用程序提供凭据。解决此问题的最可靠方法是卸载并重新安装适用于 Windows 的 Git,而不选择 Git Credential Manager 实用程序,因为它与 AWS CodeCommit 不兼容。
如果您想保留 Git Credential Manager 实用程序,您必须执行额外的配置步骤以同时使用 AWS CodeCommit,包括手动修改 .gitconfig 文件以指定在连接到 AWS CodeCommit 时使用 AWS CodeCommit 的凭证帮助程序。
从凭据管理器实用程序中删除任何存储的凭据(您可以在控制面板中找到此实用程序)。
删除任何存储的凭据后,将以下内容添加到 .gitconfig 文件中,保存它,然后尝试从新的命令提示符窗口再次连接:
[credential "https://git-codecommit.us-east-1.amazonaws.com"]
helper = !aws codecommit credential-helper $@
UseHttpPath = true
Additionally, you might have to re-configure your git config settings by specifying --system instead of --global or --local before all connections work as expected.
此外,在所有连接按预期工作之前,您可能必须通过指定 --system 而不是 --global 或 --local 来重新配置 git 配置设置。
This last part applied to my situation, though when I ran git config --system it did not function as expected but appended aws configure before the aws codecommit command.
最后一部分适用于我的情况,尽管当我运行 git config --system 时,它没有按预期运行,而是在 aws codecommit 命令之前附加了 aws configure。
So I had to run this in git to find the location of the config file for the system.
所以我不得不在 git 中运行它来找到系统配置文件的位置。
git config --list --show-origin
I then added the suggested section from AWS to both my c:/users/username/.gitconfig and my c:/ProgramData/Git/config files.
然后我将 AWS 中的建议部分添加到我的 c:/users/username/.gitconfig 和我的 c:/ProgramData/Git/config 文件中。
After that git push started working- even though I get the bogus error in front of my response of
在那之后 git push 开始工作 - 即使我在我的回应前收到虚假错误
"git: 'credential-aws' is not a git command. See 'git --help'."
回答by Juha Kervinen
For me the root cause of getting the error was that no matter which version of git I was using on OSX, GIT was always picking up the credential.helper config of using osxkeychain from the file:
对我来说,出现错误的根本原因是无论我在 OSX 上使用哪个版本的 git,GIT 总是从文件中获取使用 osxkeychain 的 credential.helper 配置:
/Applications/Xcode.app/Contents/Developer/usr/share/git-core/gitconfig
Getting rid of this solved the problem for me and has not broken anything.
摆脱这个解决了我的问题并且没有破坏任何东西。
回答by Vietnhi Phuvan
I solved it.
我解决了。
The 403 error message is a specifically Git error message. I added the two AWS-specified helper commands:
403 错误消息是一条专门的 Git 错误消息。我添加了两个 AWS 指定的帮助程序命令:
git config --global credential.helper '!aws --profile bruce666 codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true
and that took care of the issue.
这解决了这个问题。
The .git/configfile in your local directory (before you clone the Codecommit repo that you had just created should look like this:
本地目录中的.git/config文件(在克隆刚刚创建的 Codecommit 存储库之前,应如下所示:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
precomposeunicode = false
[credential]
helper = !aws --profile bruce666 codecommit credential-helper $@
UseHttpPath = true
[remote "origin"]
url = https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthea
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
As specified in the .git/configfile, you are cloning using https not ssh. I must not have used the default version of git that came with OSX because I did not run into any Toolchain issue.
如.git/config文件中所指定,您是使用 https 而不是 ssh 进行克隆。我一定没有使用 OSX 附带的默认 git 版本,因为我没有遇到任何工具链问题。
回答by ericson.cepeda
My case in OSX.
我在 OSX 中的情况。
The first step:
第一步:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true
However, verifying git config --list --show-origin
然而,验证 git config --list --show-origin
file:/usr/local/etc/gitconfig credential.https://git-codecommit.eu-west-1.amazonaws.com.helper=!aws codecommit credential-helper $@
file:/usr/local/etc/gitconfig credential.helper=osxkeychain
file:/Users/mine/.gitconfig user.name=my-user
file:/Users/mine/.gitconfig [email protected]
file:/Users/mine/.gitconfig filter.lfs.clean=git-lfs clean -- %f
file:/Users/mine/.gitconfig filter.lfs.smudge=git-lfs smudge -- %f
file:/Users/mine/.gitconfig filter.lfs.process=git-lfs filter-process
file:/Users/mine/.gitconfig filter.lfs.required=true
file:/Users/mine/.gitconfig credential.helper=!aws codecommit credential-helper $@
file:/Users/mine/.gitconfig credential.usehttppath=true
The first line was not presentbefore, and git was using osxkeychainwith precedence. Hence, I had to do git config --system ...
第一行以前不存在,并且 gitosxkeychain优先使用。因此,我不得不做git config --system ...
cat /usr/local/etc/gitconfig
[credential "https://git-codecommit.eu-west-1.amazonaws.com"]
helper = !aws codecommit credential-helper $@
UseHttpPath = true
[credential]
helper = osxkeychain
So the URL was specified in order to fallback in case another credentials are stored.
因此,指定 URL 是为了在存储其他凭据时进行回退。
Updatehttps://docs.aws.amazon.com/codecommit/latest/userguide/troubleshooting-ch.html
更新https://docs.aws.amazon.com/codecommit/latest/userguide/troubleshooting-ch.html
For some reason, UseHttpPath = trueseems not to be added sometimes. So it can (should) be added under [credential]
出于某种原因,有时似乎没有添加UseHttpPath = true。所以它可以(应该)添加到 [credential] 下
回答by Tanaji Sutar
fatal: unable to access 'https://git-codecommit.yourregion.amazonaws.com/v1/yourrepositoryname/': The requested URL returned error: 403
致命:无法访问“ https://git-codecommit.yourregion.amazonaws.com/v1/yourrepositoryname/”:请求的 URL 返回错误:403
It occurs due to below regions
它发生在以下地区
- Make sure your user has
codecommitfullaccesspolicy attached. - make sure your default region in local aws cli configuration and region in which repository created are same. If not reset the default region in aws cli command as below
- 确保您的用户
codecommitfullaccess附加了策略。 - 确保本地 aws cli 配置中的默认区域和创建存储库的区域相同。如果没有在 aws cli 命令中重置默认区域,如下所示
aws configure
aws 配置
- make sure if repository present there.
- 确保那里是否存在存储库。
回答by Vishwanath gowda k
After running below commands, I had to add the below mentioned policy to my IAM user to solve this problem. refrence
运行以下命令后,我必须将下面提到的策略添加到我的 IAM 用户来解决这个问题。参考
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
Policy:
政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codecommit:*"
],
"Resource": "*"
}
]
}
回答by Debashish
The following solution worked for a handful of devs that use Git Bash on Windows 10.
以下解决方案适用于少数在 Windows 10 上使用 Git Bash 的开发人员。
If you select Windows as your operating system on the "Connect to your repository" tab, the commands are formatted like this:
如果在“连接到存储库”选项卡上选择 Windows 作为操作系统,则命令的格式如下:
git config --global credential.helper "!aws codecommit credential-helper $@"
git config --global credential.UseHttpPath true
However, if you use Git Bash, select the "Linux, MacOS, or Unix" option instead. Note the single quote instead of double quote on the first line.
但是,如果您使用 Git Bash,请改为选择“Linux、MacOS 或 Unix”选项。注意第一行的单引号而不是双引号。
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
Best of luck.
祝你好运。
Referred: https://forums.aws.amazon.com/thread.jspa?threadID=198356Posted by: mwhardesty
参考: https://forums.aws.amazon.com/thread.jspa?threadID =198356 发布者:mwhardesty
