Questions tagged with AWS CodeCommit

Good afternoon dear experts. Help solve the issue. I run the sh file (with rights) through the terminal, I get No such file or directory/.bashrc Google didn't help. I'm beating this wall for the 3rd evening). sh file content: ` source ~/.bashrc cd ~/data python file.py ` Contents of the .bashrc file: ` # .bashrc export PATH="~/.pyenv/bin:$PATH" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functi # >>> conda initialize >>> # !! Contents within this block are managed by 'conda init' !! __conda_setup="$('/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else if [ -f "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" ]; then . "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" else export PATH="/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin:$PATH" fi fi unset __conda_setup # <<< conda initialize <<< `

Hi, We want to implement a pessimistic locking of code commit and wanted to find out steps to implement this. Would appreciate if anyone can provide guidance on this. Thank you

I have updated several task definitions and for the life of me I cannot get the latest revisions to run. We are using the AWS code management system, e.g. Code Deploy, Code Commit, etc. Wondering if there is a preferred way to get task definition to run the latest revision. I have tried stopping the service and updating with "Force new Deployment" checked and so far no dice. Any idea what I'm doing wrong?

How can we increase the internet speed of the container running in AWS ECS and later how can we verify that container internet speed is increased or not while downloading any dependencies on container or posting some data into S3 while working with JAR execution from the container etc. ?

Am trying to complete that tutorial on codepipeline and when I create a stack in cloud formation , using the provided appspec.yaml file, i get the error that says “ Template format error: at least one resources member must be defined” and it won’t let me upload the file. What did I miss ? How can I resolve it please ?

I have created AWS codepipeline for building unity application and also specified buildspec.yml for the same. But facing issue while executing unity commands. Below command I am using. CMD: xvfb-run --auto-servernum --server-args='-screen 0 640x480x24' /opt/unity/Editor/Unity -quit -batchmode -projectPath . -executeMethod WebGLBuilder.build '${BUILD_OUTPUT_FOLDER}/${BUILD_OUTPUT_NAME} -logfile /dev/stdout' Error: COMMAND_EXECUTION_ERROR: Error while executing command: eval ${UNITY_COMMAND} -projectPath . -executeMethod WebGLBuilder.build '${BUILD_OUTPUT_FOLDER}/${BUILD_OUTPUT_NAME} -logfile /dev/stdout'. Reason: exit status 1

I am trying to use CodeBuild with submodule in CodeCommit repository, but when the build reach **DOWNLOAD_SOURCE** phase, I got following error: > Submodule error repository not found for primary source and source version refs/heads/master I used the relative path in submodule registration like `../another-repository`. In the documentation of CodeBuild, I can't find anything about usages of submodules, nor anything to the *git submodules* checkbutton in Source setup section. How to use submodules correctly in CodeBuild?

Is it possible to configure (without the use of lambdas and code) that the author of a Pull Request gets notifications on comments, rejects and approvals. And that the reviewer gets notifications on events after a review? This is normal in GitHub etc. but is not default in CodeCommit?

Hello, I would like to use a module from one repository while running my main file from a different repository - both in CodeCommit in the same AWS account. I read that if both repositories exist I can use sys.path. The question is can I clone both repositories to the same EC2 instance (on which I run my main function)? Thanks.

Does AWS Code Commit have support for git-lfs? There are many modern day use cases where committing large files to git makes sense. These are all explained on the official site: [git-lfs](https://git-lfs.github.com/) Many of the other code repository services support this. It feels well overdue for Code Commit to catch up. There is an old AWS forum post that explains the history of this request: [forum](https://forums.aws.amazon.com/thread.jspa?messageID=785850#785850) A useful and intuitive approach would be to use an S3 bucket as the actual backing store so that costs can be controlled. Linking the repo to S3 that way would make sense.

my client has around 400 repositories, there are 2 roles for each repository (so around 800 roles), the client has 700 users (so 700 IAM users) that access these repos, on average each user access around 7-8 repos, so each user reach these repos with around 15 different roles. it's unclear to me how the pricing apply.. is my client going to pay for 700 users, or is going to pay for 700 users * 15 average roles = 10,500 ?? thanks.

Hello, Any one know how to trigger automatically pipeline on pull request so that it analyses the source branch before merging? Such as merge request pipeline on Gitlab. Repo is in codeCommit. Thanks

Hi All, In My BuildProject/BuildSpec (in my STG Account), I run this command : - cdk deploy --require-approval never it gives me this error : ``` myStack: deploying... [0%] start: Publishing e988sdsf934da0d45effe675sdscb946f3e1sds68:current [0%] check: Check s3://cdk-hnb65dds-assets-xxxxxxxx-cregion/assets/e9882ab1236873df4sdfeffe67sdfc8ce13bsdff3e1d6sdf8d68.zip Call failed: listObjectsV2({"Bucket":"cdk-hnsd59fds-assets-xxxxxxxx-region","Prefix":"assets/e98ssdfsd87dsffsdffdsfcc8sdsdfdd6141fsdd68.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [33%] fail: Access Denied [33%] start: Publishing c24b999656e4fe6c609c31dfadffbcdfdfc2c86df:current [33%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [66%] fail: Access Denied [66%] start: Publishing werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer:current [66%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [100%] fail: Access Denied ❌ myStack failed: Error: Failed to publish one or more assets. See the error messages above for more information. at publishAssets (/usr/local/lib/node_modules/aws-cdk/lib/util/asset-publishing.ts:27:11) ``` How can I give CDK stack running from BuildSpec permission to publish assets? I already added this policy to my codeBuild service role, but still same issue : ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject*", "s3:PutObject", "s3:PutObjectAcl", "s3:getBucketLocation" ], "Resource": [ "arn:aws:s3:::cdk*" ] } ] } ``` also had this error : ``` ser: arn:aws:sts::xxxxxx:assumed-role/codebuild-mybp-service-role/AWSCodeBuild-d1acsd11-4sad7-9sada6834ffsadbs is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:region:xxxxxxxx:function:myStack-CustomCDKBucketDeployment-l5dzxcszxA7assa because no identity-based policy allows the lambda:InvokeFunction action (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: eedf2-03dfdf3-4ddsfd7-bfdg7-2dfsdff5c2dfgd0; Proxy: null) ``` not sure which lamda he wants to invoke here and why? what are the right permissions for this Thank you!!

Hi All, In My BuildProject/BuildSpec (in my STG Account), I run this command : `- cdk deploy --require-approval never` it gives me this error : `mystackName failed: Error: Need to perform AWS calls for account xxxxxxxx(DEV_ACCOUNT_ID), but the current credentials are for yyyyyy (STG_ACCOUNT_ID)` It worked fine for another branch but when I put the name of another branch it gives me that error, not sure what happens? Thank you.

Hi Team, In my Pipeline -> Execution History -> source I have a section: Output variables Key Value AuthorDate 2022-03-01T10:14:36Z BranchName main CommitId 9d1545410efdf085185cdfdfdbdfdce807e9a3dfd8dfd CommitMessage my commit message CommitterDate 2022-03-01T10:14:36Z RepositoryName myRepo_name is it possible to read those Output variables in my BuildProject->BuildSpec as env variables? so I can use their values, especially the BranchName value. Thank you!

Morning. We have several repo's in github (some in codecommit) and looking to automate. So my first test is just updating code, and then manually deploying, then moving to auto-deploy (I assume using codepipeline). I fixed some issues (so this is updated), but the basic question is, does the start/stop scripts have to be in the repo? When I tried to reference them under /root (on the EC2) the deploy failed. So, I don't want the real website to have the scripts folder, so I am wondering how others do it. So what is easy way to say publish all files to destination X but do not put the scripts folder there? I would imagine I could add a cleanup to the last part, but would seem redundant vs saying ignore *.sh, or scripts/* etc. Here is the basic appspec I am starting with. ``` version: 0.0 os: linux files: - source: / destination: /var/www/html/ hooks: ApplicationStop: - location: scripts/stop_httpd.sh timeout: 15 runas: root ApplicationStart: - location: scripts/start_httpd.sh timeout: 15 runas: root ```

Hi team, I have 3 AWS accounts: DEV, STG and PROD my code commit repositories are in the DEV account. I don't want to duplicate those repositories on the STG and PROD accounts. So that my repositories in the DEV account be the single point of truth. and I can be able to create a release from the STG or the PROD using the DEV repositories. Is there a best way/architecture to achieve this? without doing a workaround on the build spec (like using keys and doing git pull ... on the build spec of STG and PROD). I followed points 1 and 2 o this tutorial : https://docs.aws.amazon.com/codecommit/latest/userguide/cross-account.html after that, I can see DEV repositories in PROD account **with switch role** but I can't create a codeBuild/ code pipeline project ... because the role switched give only permission to DEV repos, but I want to create the codeBuild in PROD not DEV using the DEV repos (even I give to the role switched more permissions the codeBuild created from PROD was actually created in DEV not in PROD) Just want to create a new code deploy for fargate in PROD that relies on tags / repos generated from DEV account, so when creating the code deploy in PRD account I can select DEV repos/ tags as source. can we use the RAM service to share repos ? appreciate any help.

I have a CloudFormation stack for a CodeCommit backed Amplify website. When I create an instance of the stack, I still have to go to Amplify and manually click "run build" for the first build. It auto builds on CodeCommit changes after that. Is there anyway to have the first build automatically triggered? Thanks. -Shane

Is there anyway to beautify the CodeCommit Notifications instead of getting a large JSON? I was thinking of involving a Lambda function which receives that Large JSON and modify it, but i'm trying to find an easier way. This is an example of the JSON sent through the SNS Topic configured in CodeCommit Notifications (Replaced acct. number with ?): {"account":"??","detailType":"CodeCommit Repository State Change","region":"us-east-1","source":"aws.codecommit","time":"2022-02-10T14:18:25Z","notificationRuleArn":"arn:aws:codestar-notifications:us-east-1:??:notificationrule/a6d8f86a6feb72ca5b3c342a1c0e463e5394f5e1","detail":{"referenceFullName":"refs/heads/dev","repositoryId":"3f8a3a4f-eac4-4077-b13c-fd1ac749171e","referenceType":"branch","commitId":"822aef94a812d7d73c2382f3a68ca187ea67aec9","callerUserArn":"arn:aws:iam::??:user/athmfiuser","event":"referenceUpdated","repositoryName":"athm-dev-athmfi-onpremiseapi-pipeline","oldCommitId":"29a8687b679861dc257dba49b9440db85b0ced0a","referenceName":"dev"},"resources":["arn:aws:codecommit:us-east-1:??:athm-dev-athmfi-onpremiseapi-pipeline"],"additionalAttributes":{}}

It is a continuation of https://forums.aws.amazon.com/thread.jspa?threadID=250753. **When will CodeCommit make ed25519 available? ** I use CodeCommit's ssh credentials in Iam to link EC2 (Linux) users with IAM users. I found the speed of ed25519 to be great, so I considered switching to ed25519, but the CodeCommit ssh credentials in Iam didn't support uploading in ed25519 format. Supporting ed25519 will reduce the load on the AWS side and improve the user experience by the connection speed factory. However, this issue does not seem to have been addressed for a long time. When will this event be resolved?

port 22: no matching host key type found. their offer: ssh-dss when i am using git clone (ssh clone repository) and also problem in git push origin --all

Morning all, I want to confirm I am on the right track and just logically trying to put things in order. I have a group of servers that are quite static (no need for autoscaling). It's a java app, and Beanstalk doesn't support the app. So right now the developer is going to each server via custom ports to undeploy and deploy new apps. The farm has grown and its time consuming. Some of the reading is a bit confusing, so for a quick high level, I had these questions/help items. Using the left side nav from codecommit, **Under Source** - its always just one file (a .war file). so regardless, I believe I will need to use either GIT/CodeCommit and can't just have the developer upload a file to an S3 bucket right? That would enable the version control, revert, etc. **Under Deploy** - Applications - I have created the application, service role, type and configuration (by key/value). Also have the enable load balancing checked with a test group (one server right now). I don't think I really need to worry about the artifacts or the build, all I want is for the developer to finish his WAR file, commit. So not sure what is the magic that after I he commits, it takes that code, then push's to the servers. The agent is installed and just not sure if I need a pipeline setup, or there is something between the deploy and the agent and a simple answer here may prove much faster than other resources. So thank you again for the feedback and/or suggestions if there is a better way but think once setup this really is quite simple.

We are migrating from GitLab to AWS CodeCommit. With GitLab the admins has access to tons of https://docs.gitlab.com/ee/user/analytics/. After exploring the AWS CodeCommit console can't find anything similar. We don't want to be writing our own analytics tool obviously, so my question is for the AWS CodeCommit community - how do you generate and visualize similar metrics & trends?

Hi fellow AWS humans, I am running an ECS application that is automatically built and deployed using CodeCommit, CodePipeline, and ECR. The infratructure is managed with Terraform. My setup is fairly comparable to this tutorial here: https://devops-ecs-fargate.workshop.aws/en/1-introduction.html The current ci/cd workflow is as follows: 1. Git push to CodeCommit repo main branch 2. CodePipeline builds a container Image and pushes it to the ECR registry 3. Deploy the most recently built container to ECS and update the service This is fine for very simple setups and I'm ok doing trunk based development (which, according to this blog post, is the suggested way when working with CodePipeline: https://aws.amazon.com/blogs/devops/multi-branch-codepipeline-strategy-with-event-driven-architecture/). However, **I don't want the most recent build to be pushed *straight to production***. What I' like to achieve is a 2-step ci/cd process (2 pipelines, 2 separate target environments): 1. Git push to CodeCommit repo main branch 2. CodePipeline builds a container Image and pushes it to the ECR registry 3. The most recently built container is deployed in the ECS **dev environment** 4. Tagging a specific commit (using **git tag**) will trigger a separate CodePipeline 5. The pipeline triggered in step 4 deploys the associated container to the **production environment** It seems that the only way to use CodePipeline's built-in features for deployment is by specifying a fixed branch name from which all vcs commits will trigger a new build/deployment - I see no way of specifying a git tag (and no way of specifying any wildcards either). This blog post (https://aws.amazon.com/blogs/devops/adding-custom-logic-to-aws-codepipeline-with-aws-lambda-and-amazon-cloudwatch-events/) suggests that there are ways to circumvent this shortcoming by using a Lambda and CloudWatch Events. My questions are: - is there any way to achieve the illustrated ci/cd setup with AWS CodePipeline? - if it is possible: What would be a best practice to implement this? Thanks for any pointers and your help! Kind regards and big thanks, Maik

Hello, I am interested in creating a new branch in newly created repository programatically (using CLI/boto3/API call). Alas, I cannot do that because initial commit id is required, but there is none available at that point of time. On the other hand, I can do the same action using console and all I need to specify is a branch to point to. In my case it is default branch “main” and that’s all. So, if I can do it from console, then it should be possible to do programatically. Could you please advise how I can do it without initial commit id or maybe there are any workarounds available? Thank you.

I have some scheduled scaling policies for an Auto Scaling Group using the new option TimeZone, but the CI/CD Pipeline is now failing with a Code Deploy message saying it does not support copying that field: **The deployment failed because a non-empty field was discovered on your Auto Scaling group that Code Deploy does not currently support copying. Unsupported fields: DescribeScheduledActionsResponse.DescribeScheduledActionsResult.ScheduledUpdateGroupActions.member.TimeZone** Is there a way to make Code Deploy to work even without copying the field? Kind Regards. Edited by: igarciaGT on Apr 19, 2021 2:43 PM Fixed error message

A customer is trying to centralize the management of IAM roles and policies in a multi-account organization. They would like to achieve the following: - keep log of all changes for compliance reasons - facilitate periodical audits process - test policies in sandbox environment before deploying in production They are using Terraform and would like to use CodeCommit as repository. Do we have examples of customers who have achieved such a process, and/or best practices? Thanks

Hello AWS, I setup a vpc endpoint for code commit that allows access to a 10.x.x.x/16 subnet and followed your instructions on setting up an ssh user. I have a policy attached to my user group "Code Commit Power User" and I am getting the following error -- "Access denied: User: arn:aws:iam:::user/ is not authorized to perform: codecommit:GitPull on resource: arn:aws:codecommit:us-east-1:: with an explicit deny" (I ommited for obvious reasons). I can login just fine as I'm getting this message -- "You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host. Connection to git-codecommit.us-east-1.amazonaws.com closed." Any help on further troubleshooting?

I've been using cli and sdk calls to CodeCommit to manage my companies code repositories. I've been able to get around this issue for a while now by just using getDifferences and then using getBlob to retrieve each of those files. But now, I want the files for a specific folder in my code repository. I was thinking of just doing a getFolder and then doing a getBlob for all the files that it returned using promises but it seems that I can't use the getFolder sdk command or the get-folder cli command. The aws documentation says that these commands are still available but all I get back is that the command is not recognized. Am I missing something here?

Hello, A commit to CodeCommit repository has an Author an IAM user X (the one used to initialize eb cli), while it has been pushed using the credentials of another IAM user Y which is the one having "AWSCodeCommitFullAccess" permission. I guess I am missing something here. Does anybody have a clue?

Hello, I hope someone can help, we keep going into AWS Commit Visualiser and there is a big black line going up through the middle (for which i think is the master branch), however we have two branches, branch a seems to generate a new line from the master branch of a different colour and goes back in like we expect, however branch b does not. Here is the visualiser, it shows branch a working fine however its not showing it on branch b. <https://pasteboard.co/HXFoUro.png> Is it something we are doing? Here are our steps: * Change to Branch * Make Changes * Commit Changes * Push To Origin * Change To Master * Merge Branch we made the changes on into Master.

Hi, I'm trying to Create a new repository via AWS CodeCommit in Visual Studio (2017 Community Edition). The user has been set up with "AWSCodeCommitPowerUser" and "IAMSelfManageServiceSpecificCredentials" credentials. When I click on "Create", I'm presented with the "Create a New AWS CodeCommit Repository" dialog box. After entering a suitable name, I click on "OK" and I then receive the following message: Failed to clone repository https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/myreponame. Error message: Git failed with fatal error. unable to access 'https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/myreponame/': The requested URL returned error: 403 Can anyone point me in the right direction? Thanks James