Reputation: 6816
How can I clone repositories in AWS CodeCommit when using AWS CodeBuild?
My CodeBuild process requires me to clone some supporting libraries from AWS CodeCommit. However, since I don't have my private key on the docker image used by AWS CodeBuild, I get permission errors trying to do the checkout:
agent_1 | Host key verification failed.
agent_1 | fatal: Could not read from remote repository.
Is there a simple, recommended way for AWS CodeBuild to download code from AWS CodeCommit?
Upvotes: 4
Views: 2494
Answers (3)
Reputation: 388
The most important is to setup IAM properly... this is an overkill but for general PoC purposes will do the work as an inline policy definition :
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "codecommit:ListRepositoriesForApprovalRuleTemplate", "codecommit:CreateApprovalRuleTemplate", "codecommit:UpdateApprovalRuleTemplateName", "codecommit:GetApprovalRuleTemplate", "codecommit:ListApprovalRuleTemplates", "codecommit:DeleteApprovalRuleTemplate", "codecommit:ListRepositories", "codecommit:UpdateApprovalRuleTemplateContent", "codecommit:UpdateApprovalRuleTemplateDescription" ], "Resource": "" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "codecommit:", "Resource": "arn:aws:codecommit:us-east-1:xxxxxxxx:xxxxxxx-myproject" } ] }
Upvotes: 0
Reputation: 6816
I found the answer. As Saurav.Kumar said, you need to make sure your IAM role gives you permissions to those repositories. In addition, since I need to use the git command directly to clone additional libraries, I needed to add this to my buildspec.yml:
phases:
install:
commands:
- pip install git-remote-codecommit
Upvotes: 2
Reputation: 54
If you are accessing the Codecommit repository in your account and have access to that repository, then you need to configure the IAM Role attached to the build process to be able to read the remote code commit repository.
During the creation of the build project, an IAM role would have got created with the basic permission settings, or you have would have chosen an existing IAM role.
Either way you need to edit the IAM role and attach the Policy to access the CodeCommit resource for the CodeBuild process to perform the cloning operation.
Upvotes: 3
Related Questions
- How to get AWS CodeBuild to perform full clone?
- clone AWS codecommit repo via HTTP
- Cloning repository from AWS Codecommit
- How would you fork an AWS CodeCommit repo to another CodeCommit repo?
- clone CodeCommit repo in another AWS Account
- How can I use and clone both github and aws (CodeCommit) repos on the same machine?
- How do I make AWS CodeDeploy to use AWS CodeCommit as a Git repo?
- Trigger build from the secondary CodeCommit repo change
- Failing to push change from AWS CodeBuild to AWS CodeCommit
- How to avoid repeatedly cloning a 3rd party git repo in CI builds