I have been invited to some project that has a repository stored in AWS CodeCommit. I received Access Key ID, Secret Key, region and repository url... I created an account in AWS (I didn't have one before) and created a new IAM user with AWSCodeCommitFullAccess privilege but I have no idea how to bind this user with a repository I was given. The console available at https://console.aws.amazon.com/codecommit/home points me to documentation or allows to create an empty repository and the access keys panel in IAM allows me only to create new Access Keys but not provide existing ones... How can I get to some existing repository then? Maybe the owner needs to do something as well?
Try ti Follow these steps:
To install and configure the AWS CLI:
On your local machine, download and install the AWS CLI. This is a
prerequisite for interacting with AWS CodeCommit from the command
line. ( install Latest Version Following this Guide )
Run this command to verify the AWS CodeCommit commands for the AWS
CLI are installed:
aws codecommit help
This command should return a list of AWS CodeCommit commands.
Configure the AWS CLI with the configure command, as follows aws configure
When prompted, specify the AWS access key and AWS secret access key of the IAM user you got from.
Also, be sure to specify the region where the repository exists, such as us-east-2. When prompted for the default output format, specify json. For example:
AWS Access Key ID [None]: Type your target AWS access key ID here, and then press Enter
AWS Secret Access Key [None]: Type your target AWS secret access key here, and then press Enter
Default region name [None]: Type a supported region for AWS CodeCommit here, and then press Enter
Default output format [None]: Type json here, and then press Enter`
Next Assuming you have Git Pre-installed on your machine Set Up the Credential Helper :
From the terminal, use Git to run git config, specifying the use of
the Git credential helper with the AWS credential profile, and
enabling the Git credential helper to send the path to repositories:
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Now you can connect to your git they way you do normally, refer this AWS Documentation for more details.
It seems you want to contribute to a repository that already have existed in another account. To access the repository data by doing 'git clone', the provided "Access Key ID, Secret Key, region and repository url." should be sufficient. But you have to use the aws cli credential helper by following the instruction here: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html. There are other ways as well to access the repository, please take a look at the doc here: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up.html.
If you want to check the code via AWS console, you can access the console by using this url: https://[account_id].signin.aws.amazon.com/console (replace the account_id with the account id where the repository belongs to). And you need to provide the username and console login password of the IAM user that have permission to read the codecommit repository.
Related
I was working on a E-commerce project ( for study ) and wanted to sync my webfiles from S3 to EC2.
I used this command in the Linux SSH session:
#6. download the FleetCart zip from s3 to the html directory on the ec2 instance
sudo aws s3 sync s3://deg-s3bucketwebfiles /var/www/html
Entering the command, I get the following error message:
-- > fatal error: Unable to locate credentials
Not sure, what is wrong ? I checked that there's a directory /var/www/html but somehow the files cannot be sync across to EC2.
Appreciate any guide.
Thanks
Unable to locate credentials means that the aws command is unable to locate any credentials on the EC2 instance. The credentials are used to identify you to AWS so it knows that you are entitled to access the deg-s3bucketwebfiles bucket.
Option 1: Use an IAM Role
Since you are using an Amazon EC2 instance, the correct way to provide credentials to the instance is to associate an IAM Role to the instance. The role would need permission to access S3.
Option 2: Use credentials from an IAM User
Alternatively, you can use credentials associated with your IAM User. Go to the IAM Console, select your IAM User and go to the Security Credentials tab. You will find a Create access key button.
It will provide an Access Key and a Secret Key. The Access Key starts with AKIA, while the Secret Key is a long jumble of characters.
Once you have these credentials, run this command on the EC2 instance:
aws configure
Provide the credentials when prompted.
We had 4 individual AWS accounts for Dev,QA, UAT and Prod.
I need to clone a repository from AWS Prod account with branch name Production.
The problem is I am using the command
git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/vanguard"
which is working fine, but I am not sure the cloned repository belongs to which AWS account since I am not providing any AWS account details while cloning the repository to my local.
The clone URL
https://git-codecommit.us-east-1.amazonaws.com/v1/repos/vanguard"
is same in all AWS accounts.
How to clone a repository from specific AWS Code commit account only?
You'd have to create an IAM role in that AWS account you want to clone the repository from. The IAM role will delegate access to that repository to IAM user/users in the AWS account.
Then, you would have to configure your AWS CLI to use AWS Security Token Service (STS) and assume the role when running commands.
Also, note that, each CodeCommit repository is associated with an AWS Region.
Here's more on assuming roles with AWS CLI.
EDIT:
Here's what's need to be done to enable Cross-Account Access to a repository in a different account:
Repository Account Actions:
Create a policy for access to the repository.
Attach this policy to a role in the same account, and allow users in the user account to assume this role.
User Account Actions:
Create an IAM user or IAM group. Use these to access the repository from the other account.
Assign a policy to the user or group that allows them to assume the role created in the repository account as part of the previous step.
Finally, assume the cross-account role before you attempt to clone or otherwise access the repository. Also, make the necessary changes to your credentials file ~/.aws/config
For example:
[profile MyCrossAccountProfile]
role_arn = arn:aws:iam::123456789012:role/MyCrossAccountProfile
source_profile = user1
Lastly, you need to modify the AWS CLI credential helper so that you use MyCrossAccountProfile
git config --global credential.helper `!aws codecommit credential-helper --profile MyCrossAccountProfile $#'
I am wanting to set up a recursive sync from a Linux machine (Fedora) to an AWS S3 bucket. I am logged into Linux as root and have an AWS Key and Secret associated with a specific AWS user "Lisa".
I have installed aws-cli, s3cmd, and attempted to configure both. I have verified the aws/configure and aws/credentials files both have a default user and a "Lisa" user with Access Key and Secret pairs. I receive errors stating that Access is Denied, access key and secret pair not found. I have researched this on the web and verified that there are no environment variables that could be overriding the configure & credential files. I have also granted full access permissions to the bucket created through the AWS Console to all logged in users. I have not rotated the keys, as they were first created a week ago, and I was able to log-in & set-up the AWS console using that same key pair.
What else should I be doing before rotating the keys?
It looks like you haven't configured AWS credentials correctly. Make sure that you have correct access keys in your credentials file. If you don't specify any profiles, awscli uses the default profile.
~/.aws/credentials
[default]
aws_access_key_id=AKIAIDEFAULTKEY
aws_secret_access_key=Mo9T7WNO….
[Lisa]
aws_access_key_id=AKIAILISASKEY
aws_secret_access_key=H0XevhnC….
This command uses the default profile:
aws s3 ls
This command uses Lisa profile:
aws s3 ls --profile Lisa
You can set an environment variable to override the default profile.
export AWS_DEFAULT_PROFILE=Lisa
Now this command uses the profile Lisa:
aws s3 ls
If you don't know which profile is active, you can just invoke the following command:
aws sts get-caller-identity
You seem to have several terms intermixed, so it's worth knowing the difference:
Username and password is used to login to the web-based management console. They are short, to be human-readable and easy to remember.
Access Key (starting with AKIA) and Secret Key is used for making API calls. It is also used by the AWS CLI (which makes API calls on your behalf)
Key pair consists of a public and private key, used for authenticating SSH connections. It is a very long block of text.
You mention that an Access Key is not found. This could be because the wrong type of credential is being provided.
I installed aws cli and supplied the aws access key ID and secret access key. Everything worked perfectly!. I then deleted the user as I have no need for it anymore. I have then created a new user (which has different access key ID and secret access key).
The issue:
When I type
aws configure
I get:
AWS Access Key ID [****…]
AWS Secret Access Key [****...]
So the command prompt is using the previous keys.
How do I enter the new keys into the command prompt?
Just ignore the old key and input your new key, It will be overwrited.
Just want to add one more way to do it. This is particularly useful, if you do not want to override your current user but add another one instead.
You can use the profile option to add more credentials:
aws configure --profile <my-new-profile-name> [1]
If you do not use the profile option, you are implicitly configuring the default's profile credentials.
If you want to use a profile afterwards, each aws cli command provides the profile option, e.g.: aws s3 ls --profile <my-new-profile-name> [2]
References
[1] https://docs.aws.amazon.com/cli/latest/reference/configure/
[2] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html
I've been trying to add my aws account to ask-cli so that i can directly deploy my lambda function.
whenever i try to clone or deploy it says,
No AWS credential setup for profile: [default].
Lambda clone skipped. CLI lambda functionalities can be enabled
by running `ask init` again to add 'aws_profile' to ASK cli_config
even after following 'ask init' it has no effect.
I've added amazon developer account to ask-cli but unable to link with aws.
any help would be appreciated.
thanks in advance.
if you have installed aws-cli then plz run aws-configure and provide your id and secret key.
$ aws configure --profile user2
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text
otherwise create folder in home named .aws and add credential file in it.
In that you can specify following format
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Well, this question has been already answered. But I want to add something.
If somehow, you did not setup the AWS credentials while setting up ASK profile, you can run below command to setup AWS credentials and link to an ASK profile.
ask init --aws-setup
Then, you will be prompted to enter your profile name, your access key, and your secret access key. Profile name will be default if you have not created multiple ASK profiles. After providing the credentials, you will not get the error mentioned in the question.