- Mais recentes
- Mais votos
- Mais comentários
Hi, thank you so much for taking the time. The permission set is more or less identical to the one on my laptop. here is the .aws/config
file on my laptop (sensitive info redacted):
[profile dev]
sso_session=my_session
sso_account_id=1234567890
sso_role_name=PowerUserAccess
region=us-east-1
output=json
[sso-session my_session]
sso_start_url=https://99999999.awsapps.com/start
sso_region=us-east-1
sso_registration_scopes=sso:account:access
From .aws.config
from my lightsail instance:
[profile pu]
sso_session = lightsail-node1
sso_account_id = 1234567890 //same as above
sso_role_name = PowerUserAccess
region = us-east-1
output = json
[sso-session lightsail-node1]
sso_start_url = https://99999999.awsapps.com/start#. // same as above
sso_region = us-east-1
sso_registration_scopes = sso:account:access
when I git clone on my laptop (the former profile), it works. The lightsail instance (latter one) gives the 403.
Hello.
Since it is a 403 error, I believe that the SSO user may not have sufficient privileges.
What permission set does the SSO user have?
There is probably a history of GitPull execution in CloudTrail's API history, so you may be able to check the details from there.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html
Does the command specify the profile and repository name as below?
https://github.com/aws/git-remote-codecommit
git clone codecommit::ap-northeast-1://profilename@repositoryname
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 9 meses
the logs aren't particularly helpful, although I do see "mfaAuthenticated":"false" in there. Not sure if this is relevant, or how I would mfa authenticate my lightsail bitnami SSH session . . .
Naomi