running git clone against AWS CodeCommits gets me a 403 error

aws codecommit 403 windows
aws codecommit clone
aws codecommit repository not found
codecommit https
aws codecommit tutorial
git clone username password codecommit
aws codecommit documentation
codebuild git credential-helper

My local laptop is a Mac.

  1. The ssh key is configured properly. This is the content of ~/.ssh/config

    Host barthea Hostname User AVVVVVVVVVVVVVVVVVQ IdentityFile ~/.ssh/aws-aws.pem

Running ssh barthea gets me

`You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to closed by remote host.

` 2. I created an IAM user bruce666 complete with password and access keys, made this user part of the "team" group.Then I created a policy that includes "AWSCodeCommitPowerUsers" and assigned this policy to "team". And finally assigned bruce666 to "team". At this point, bruce666 can access any repo in CodeCommit through the management console.

  1. I ran aws config --profile bruce666, fed in his access and secret key, his region and specified the format at json. At this point, I was able to create the rekha repo in CodeCommmit by running aws codecommit get-repository --repository-name rekha --profile bruce666

  2. I can create a couple of dummy files, run git init, git add . , git commit -m "1", git add origin , git push -u origin master And that operation will be successful.

  3. However, when I run git clone ssh:// , I get "fatal: unable to access '': The requested URL returned error: 403" What gives?

On MAC, if above-mentioned tricks don't work, do the following:

  1. Open Keychain Access
  2. Search for CodeCommit. You should find this:

  1. Select 'git-codecommit....' and press delete
  2. Confirm the delete.

Now try again. It should work. You may have to do it again next time as well when you face the error 403.

One of the possible reason for this issue is the keychain password different than login password on your MAC.

Fatal Error 403, Resolving AWS CodeCommit Clone Error: 403. Studio or from Windows command line, often you get fatal error: unable to access git repository: This worked for me. (1) I updated Git on my local PC running Windows 10. Recent Posts. Changing the timezone of your Amazon Linux EC2 instance; Validating the format of a universally unique identifier; Securely transferring files between hosts with SCP

I also face same 403 error while using git push command in windows. I done all settings mentioned in AWS docs, but non resolved my issue. After i reviewed git credential set via Windows Credential as shown in screen. I found instead of git https credentials, it set access key / secret key (don't know how).

Click on edit link, update credential with proper git credential generated for AWS User, everything worked fine.

I am prompted for a user name when I connect to a CodeCommit , git clone on MS windows winds up asking for user name and password in a window box. If I hit cancel get this error: Cloning into 'mysourcecoderepo' Logon The requested URL returned error: 403 What am I doing wrong? I've run the aws configure step. I am trying to setup CodeCommit in my AWS account. I followed the instructions supplied by AWS, but I get an access denied, wether I use ssh or https to do the initial git clone. Please see my screenshots here. I have the following managed policies assigned to my IAM user: AdminAccess, AWSCodeCommitFullAccess, IAMReadOnlyAccess, IAMUserSSHKeys

This helpful text is found on the AWS documentation for codecommit and Windows integration

If your installation of Git for Windows included the Git Credential Manager utility, you will see 403 errors or prompts to provide credentials into the Credential Manager utility after the first few connection attempts. The most reliable way to solve this problem is to uninstall and then reinstall Git for Windows without the option for the Git Credential Manager utility, as it is not compatible with AWS CodeCommit.

If you want to keep the Git Credential Manager utility, you must perform additional configuration steps to also use AWS CodeCommit, including manually modifying the .gitconfig file to specify the use of the credential helper for AWS CodeCommit when connecting to AWS CodeCommit.

Remove any stored credentials from the Credential Manager utility (you can find this utility in Control Panel).

Once you have removed any stored credentials, add the following to your .gitconfig file, save it, and then try connecting again from a new command prompt window:

[credential ""]
    helper = !aws codecommit credential-helper $@
    UseHttpPath = true

Additionally, you might have to re-configure your git config settings by specifying --system instead of --global or --local before all connections work as expected.

This last part applied to my situation, though when I ran git config --system it did not function as expected but appended aws configure before the aws codecommit command.

So I had to run this in git to find the location of the config file for the system.

git config --list --show-origin

I then added the suggested section from AWS to both my c:/users/username/.gitconfig and my c:/ProgramData/Git/config files.

After that git push started working- even though I get the bogus error in front of my response of

"git: 'credential-aws' is not a git command. See 'git --help'."

Getting Started with Git and AWS CodeCommit, I was following the instructions in codeCommit lab, but when I tried the clone command at 13:25 in the video, Not sure if this is new, but just wanted to share in case anyone else runs into this. On a windows 10 box reinstall Git and uncheck the GIT credentials manager. If you hit right click twice, you'll get 403 error  From your local repo, run git checkout, specifying the name of the branch (for example, MyNewBranch) and the ID of the first commit you made in the local repo. If you don't know the commit ID, run git log to get it. Make sure the commit has your user name and email address, not the user name and email address of the other user.

For me the root cause of getting the error was that no matter which version of git I was using on OSX, GIT was always picking up the credential.helper config of using osxkeychain from the file:


Getting rid of this solved the problem for me and has not broken anything.

Resolving AWS CodeCommit Clone Error: 403, (No issue with-SSH is working well) helper = !aws --profile codecommit credential-helper $@ 2) command to clone the git repository git clone and then it is prompted me the user id and password (in case of user id i have supplied The requested URL returned error: 403 Which seems to be a bug on AWS side. Objects in the bucket can't be encrypted by AWS Key Management Service (AWS KMS). The bucket policy must allow access to s3:GetObject. If the bucket policy grants public access, then the AWS account that owns the bucket must also own the object. The requested objects must exist in the bucket. Amazon S3 block public access must be disabled.

I solved it.

The 403 error message is a specifically Git error message. I added the two AWS-specified helper commands:

git config --global credential.helper '!aws --profile bruce666 codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true

and that took care of the issue.

The .git/config file in your local directory (before you clone the Codecommit repo that you had just created should look like this:

    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
    ignorecase = true
    precomposeunicode = false
    helper = !aws --profile bruce666 codecommit credential-helper $@
    UseHttpPath = true
[remote "origin"]
    url =
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master

As specified in the .git/config file, you are cloning using https not ssh. I must not have used the default version of git that came with OSX because I did not run into any Toolchain issue.

git clone asks for user name and password, Configure your local computer to work with AWS. Create a local profile on your computer to connect to your CodeCommit repo (using Git). At the terminal or command prompt, run the following commands on your local machine before running Git commands: On Linux, macOS, or Unix: export GIT_TRACE_PACKET=1 export GIT_TRACE=1 export GIT_CURL_VERBOSE=1

Getting 403 when Cloning from CodeCommit, running git clone against AWS CodeCommits gets me a 403 error I can create a couple of dummy files, run git init, git add . , git commit -m "1",  In this example, is the Git connection point for the US East (Ohio) Region where the repository exists, MyDemoRepo represents the name of your CodeCommit repository, and my-demo-repo represents the name of the directory Git creates in the /tmp directory or the c:\temp directory.

Facing Problem with Cloning the reepository in AWS Code Commit , HTTPS cloning errors There are a few common errors when using HTTPS with Git. These errors usually indicate you have an old version of Git, or you don't have access to the repository.

AWS: Working with CodeCommit, Troubleshooting the Credential Helper and HTTPS Connections to AWS CodeCommit The following information might help you troubleshoot common issues when you use the credential helper included with the AWS CLI and HTTPS to connect to CodeCommit repositories.

  • Thank you! That was it.
  • This has stopped working for some reason. Any ideas?
  • such a pesky feature of Keychain Access
  • Worked for me. I was not able to push anymore on my repo. I had to resubmit my password again.
  • Vote this one, is the fix for windows 10
  • Vote for this one !
  • In my case it listed the URL as the user name - no idea how that happend. inserting user and password there directly fixed it.
  • This is was the most useful answer(at least to me). The mistake i did was to install git with credential manager utility. To work around this, you uninstall git, then install it and un check the credential manger utility. After that it worked like a charm. Thanks.
  • Thank you! In my case, the first clone and commit worked for some reason - but then no go.
  • no need to add an aws profile (--profile bruce666) just !aws codecommit credential-helper $@ will do. +1