Access Denied

Question

Hello AWS,  
  
I setup a vpc endpoint for code commit that allows access to a 10.x.x.x/16 subnet and followed your instructions on setting up an ssh user.  I have a policy attached to my user group "Code Commit Power User" and I am getting the following error -- "Access denied: User: arn:aws:iam:::user/ is not authorized to perform: codecommit:GitPull on resource: arn:aws:codecommit:us-east-1:: with an explicit deny" (I ommited for obvious reasons).   
  
I can login just fine as I'm getting this message -- "You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.  
Connection to git-codecommit.us-east-1.amazonaws.com closed."  
  
 Any help on further troubleshooting?

Answer

Hi dhernandez_13_33,  
  
Would you be able to share here or via private message what your VPC endpoint policy is?  
  
You are seeing "You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported" because you have successfully, authenticated and we've found and validated your credentials (SSH Key and ID)  
  
You are seeing this "Access denied: User: arn:aws:iam:::user/ is not authorized to perform: codecommit:GitPull on resource: arn:aws:codecommit:us-east-1:: with an explicit deny" because something is configured that does not authorize your user (or any user) to do a git pull.  
  
Looking at your IAM policies, it looks like there is nothing that would explicitly deny access. We suspect that there is something in your VPC endpoint policy that is not authorizing the request.

Answer

Nevermind, Extra policy on the endpoint was unnecessary.  All traffic seems to go through vpn just fine and the endpoint is inaccessible externally.

Access Denied

Relevant content