I am new to Amazon Web Services world, and I am implementing Continuous Delivery to the company I work for.
I followed AWS's [instructions to configure CodeCommit Service] (http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html#setting-up-https-windows-account)
Step 1: Initial Configuration for AWS CodeCommit
To create and configure an IAM user for accessing AWS CodeCommit:
I created a new IAM user and gave him AWSCodeCommitFullAccess
To install and configure the AWS CLI :
I installed and configured the credentials doing aws configure.
Setting AWS Access Key ID, AWS Secret Access Key, Default region name to us-east-1 and de
Step 2: Install Git
I installed Git For Windows making sure the Enable Git Credential Manager option was cleared.
Step 3: Set Up the Credential Helper
git config --global credential.helper "!aws codecommit credential-helper $#"
git config --global credential.UseHttpPath true
Executing:
git config --global --edit
My Configuration is:
[http]
sslVerify = false
[credential]<br>
helper = "aws codecommit list-repositories codecommit credential-helper "
UseHttpPath = true
Step 4: Connect to the AWS CodeCommit Console and Clone the Repository
$ git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/teste-git-to-s3<br>
Cloning into 'teste-git-to-s3'...<br>
git: 'credential-aws' is not a git command. See 'git --help'.<br>
Username for 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/teste-git-to-s3': Lucas<br>
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/teste-git-to-s3/': The requested URL returned error: 403
Looking for AWS troubleshooting, I found: Troubleshooting AWS CodeCommit but I couldn't solve it.
How can this be solved?
I think the issue is in your .gitconfig file. Change it to below and it should work.
[credential]
helper = !aws codecommit credential-helper $#
UseHttpPath = true
By the way, if you are using a Bash emulator instead of the Windows command line, you must use single quotes instead of double quotes.
Let me know if this doesn't work.
If you are using cygwin, after you created the repository, click the connect info button, select linux instead of windows, it works on mine.
I experienced this problem with Python 3.8.x - make sure you are using Python 3.7.x instead, as shown in the docs
Related
I am following https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/module-1/
and facing an issue when trying to clone the repo "wildrydes-site" I just created in CodeCommit.
git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/wildrydes-site
Cloning into 'wildrydes-site_new'...
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/wildrydes-site/': The requested URL returned error: 403"
Make sure your IAM user or role being used has codecommit:GitPull permissions or you can attach the managed policy AWSCodeCommitPowerUser to provide more wider codecommit access.
Approach 1 for IAM Users using Git Credentials
You need to setup IAM credentials like they mentioned in point 'e'. Follow the instructions here to generate codecommit credentials for your IAM User.
The generated credentials will have a username and password with the username in the format <your-iam-username>-at-<account id>. Make sure to copy the password or download the credentials file. Use these username and password values when you run git clone command.
Approach 2 for IAM roles or users.
You need to configure your IAM user aws credentials locally using aws configure or If you are using roles, you need to run aws sts assume-role --role-arn <role-arn> to assume the role after aws configure and generate the temporary credentials which you can export to your environment.
Once the aws credentials configuration is done, you can run below commands to use AWS CLI as your credential helper.
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Run your git clone after running above commands. That should fix your issue too.
I have existing project repo in gitlab. Since the gitlab is running in the server, we have the lfs objects in certain directory. My Doubt is AWS Codecommit does not have seperate server to store any lfs configurations as gitlab or bitbucket. I've to configure the lfs directory in AWS CodeCommit. My Question is "Does AWS CodeCommit supports Git LFS?". If yes,can someone explain how to configure AWS CodeCommit with Git LFS?
I have an app using:
SAM
AWS S3
AWS Lambda based on Docker
AWS SAM pipeline
Github function
In the Dockerfile I have:
RUN aws s3 cp s3://mylambda/distilBERT distilBERT.tar.gz
Resulting in the error message:
Step 6/8 : RUN aws s3 cp s3://mylambda/distilBERT distilBERT.tar.gz
---> Running in 786873b916db
fatal error: Unable to locate credentials
Error: InferenceFunction failed to build: The command '/bin/sh -c aws s3 cp s3://mylambda/distilBERT distilBERT.tar.gz' returned a non-zero code: 1
I need to find a way to store the credential in a secured manner. Is it possible with GitHub secrets or something?
Thanks
My solution may be a bit longer but I feel it solves your problem, and
It does not expose any secrets
It does not require any manual work
It is easy to change your AWS keys later if required.
Steps:
You can add the environment variables in Github actions(since you already mentioned Github actions) as secrets.
In your Github CI/CD flow, when you build the Dockerfile, you can create a aws credentials file.
- name: Configure AWS credentials
echo "
[default]
aws_access_key_id = $ACCESS_KEY
aws_secret_access_key = $SECRET_ACCESS_KEY
" > credentials
with:
ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }}
SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
In your Dockerfile, you can add instructions to COPY this credentials file and store it
COPY credentials credentials
RUN mkdir ~/.aws
RUN mv credentials ~/.aws/credentials
Changing your credentials requires just changing your github actions.
Docker by default does not have access to the .aws folder running on the host machine. You could either pass the AWS credentials as environment variables to the Docker image:
ENV AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
ENV AWS_SECRET_ACCESS_KEY=...
Keep in mind, hardcoding AWS credentials in a Dockerfile is a bad practice. In order to avoid this, you can pass the environment variables at runtime with using docker run -e MYVAR1 or docker run --env MYVAR2=foo arguments. Other solution would be to use an .env file for the environment variables.
A more involved solution would be to map a volume for the ~/.aws folder from the host machine in the Docker image.
I'm in the process of deploying/pushing (GitHub) a Python/Django application with Amazon RDS PostgreSQL db to AWS Elastic Beanstalk via Code Commit from PyCharm.
I uploaded my server certificate (having SSL issues, most can disregard the --no-verify-ssl):
aws iam upload-server-certificate --server-certificate-name CSC --certificate-body file://public.pem --private-key file://private.pem --no-verify-ssl
etc. Worked fine.
eb init Set-up Code Commit, SSH:
Do you wish to continue with CodeCommit? (y/N) (default is n): y
Enter Repository Name
(default is "origin"):
Successfully created repository: origin
Enter Branch Name
***** Must have at least one commit to create a new branch with CodeCommit *****
(default is "master"):
Username for 'https://github.com/mygitusername/myapp.git': user#email.com
Password for 'https://user#email.com#github.com/mygitusername/myapp.git':
Successfully created branch: master
Do you want to set up SSH for your instances?
(Y/n): y
Select a keypair.
1) mykeypairname
...
Worked fine.
eb create Setup environment, etc.
Enter Environment Name
(default is eb-myapp-dev):
Enter DNS CNAME prefix
(default is eb-myapp-dev):
Select a load balancer type
1) classic
2) application
3) network
(default is 2):
Would you like to enable Spot Fleet requests for this environment?
(y/N): n
Starting environment deployment via CodeCommit
...
Worked fine.
Then I go to PyCharm to commit changes, then push in Git, I'm asked for my Code Commit "credentials". I think, my AWS access key ID and secret key? I used/confirmed via aws configure these are accurate. Maybe but there's an option for "Password helper" so I click that. Now I'm unable to get back to that screen to enter my credentials, or at least try. I keep getting:
Push failed
Unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/origin/': The requested URL returned error: 403
How can I configure my AWS "Code Commit" credentials in PyCharm?
Original Poster, here. Here is how I resolved the problem.
Run these commands to add the AWS credential helper to ~/.gitconfig:
git config --global credential.helper '!aws codecommit credential-helper $#' credential.UseHttpPath true
git config --global credential.helper '!aws --profile CodeCommitProfile codecommit credential-helper $#'
Run git config --global --edit to verify your input.
Open Keychain. Add '+' git-codecommit.us-east-2.amazonaws.com and your Access Key ID in username and Secret Key in password. Save and close.
Delete the rule you just created in Keychain for git-codecommit.us-east-2.amazonaws.com.
Git is set to use the Keychain Access utility on macOS, which may cause problems with the Amazon Code Commit service. Change this by running the following command:
git config --system --unset credential.helper
You should get something back like, either: "no value exists" or "removed."
Finally, I followed these AWSCodeCommitPowerUser instructions: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html#setting-up-gc-account.
I'm not sure which one of those actually fixed my problem, but after all this, I opened PyCharm and did a commit/push. Now it works.
How can i clone aws codecommit repo with chef recipe?
I tried installing AWS CLI and added credentials with codecommit access, then use chef’s git resource to clone the repo. but it fails with could not read Username for ‘https://git-codecommit.us-east-1.amazonaws.com’ .
git "/home/ubuntu/lead_intake" do
repository node[:app_name][:git_repository]
action :sync
end
When tried to clone from the command line it works.
helps would be appreciated
First, make sure you have correct Access key ID and Secret access key in IAM -> users -> Security Credentials.
Second, put [credential] helper = !aws codecommit credential-helper $# UseHttpPath = true into .gitconfig file.
Third, Both .gitconfig file and .aws directory should in the /root/ . Maybe this is the problem that you have. You put the .gitconfig in the /root/.aws/, which will make credential helper useless. Thus it is asking your Username/Password.
If you have done all the things above, it also fails, I suggest you to use ssh to clone the repository. Follow this documentation http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html