AWS Codecommit - fatal: unable to access : The requested URL returned error: 403

Question

I was able to pull and/or push updated from my AWS CodeCommit repository until I reinstalled aws-cli. I tried all the suggested solutions I could find but nothing seems to work.

I am working on Ubuntu 21.10 and installed:

$ aws --v
  aws-cli/1.19.1 Python/3.9.7 Linux/5.13.0-41-generic botocore/1.20.0

git version 2.32.0

The error I am getting is:

fatal: unable to access 'https://git-codecommit.eu-west-2.amazonaws.com/v1/repos/myrepo/': The requested URL returned error: 403

It used to ask me for my username and password, but after my experiments to solve the issue it stopped asking for my credentials completely. Either way I confirmed that I was using the correct credentials. Also, I do have the necessary permissions at AWS. I was successfully pulling and pushing updates until a few hours ago.

The aws credential helper is set as recommended by most solutions online. More specifically my .gitconfig file looks like this:

[user]
    name = My_name
    email = My_email
[credential]
    helper = !aws codecommit credential-helper $@
    UseHttpPath = true

Additionally, I set up correctly (with the correct region) the $ aws configure configuration.

Listing $ git config --list --show-origin I am getting:

file:/etc/gitconfig     user.email=My_email
file:/home/f_user/.gitconfig user.name=My_name
file:/home/f_user/.gitconfig user.email=My_email
file:/home/f_user/.gitconfig credential.helper=!aws codecommit credential-helper $@
file:/home/f_user/.gitconfig credential.usehttppath=true

Honestly I have no idea what else to try, any help would be appreciated!

EDIT: The way I resolved the issue is:

Uninstalled aws client from my system and re installed and configured it from scratch.
I cloned my IAM account and gave it Full AWSCodeCommit access.

I am not sure what was the part that solved it, probably the first step.

403 is "forbidden", i.e., you don't have permission. Check your permissions. Note that `user.name` and `user.email` are not credentials; the credentials you're passing to AWS are from the `aws codecommit credential-helper`. If you are on macOS, see https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html as well. — torek, May 14 '22 at 03:13
I did check the permissions and they are the same as they were when I was pushing my changes a few days ago. Also, about the credentials, I am aware that the name and email are not the credentials that I need in order to authenticate. It is the username and password, but the command even stopped prompting me to use my credentials at this point, that is why it is so confusing. — Flora Biletsiou, May 15 '22 at 16:29
*Something* has changed: either the credentials you're presenting to AWS, or the verification that AWS are doing, or both. Use the test that [VonC showed](https://stackoverflow.com/a/72250923/1256452) to see what you're sending to AWS (and/or set GIT_TRACE, GIT_PACKET_TRACE, CURL tracing, etc; see [this question](https://stackoverflow.com/q/6178401/1256452)). — torek, May 15 '22 at 23:55
I used the SSH endpoint instead of HTTPS. It is way simpler. — f01, Oct 26 '22 at 16:57

score 10 · Accepted Answer · answered Jul 17 '22 at 11:43

10

Just delete credentials as below and next time pop-up window prompt for credentials Steps to delete your Credential Manager

Control Panel Select "Credential Manager" Under Generic Credential, delete the appropriate Git Credential.

answered Jul 17 '22 at 11:43

user2012975

126
1
3

After deleting it, creates it again on "credential Manager". – Guillermo Feb 17 '23 at 14:39
Is there a way to fix the need to delete the saved credentials every time? I'm working on multiple codecommit repos and when swtiching from one to another I alwasy need to delete the saved credentials. – Roberto Aureli May 22 '23 at 14:04

score 10 · Answer 2 · answered Nov 28 '22 at 12:28

10

If you're using Mac go to keychain access, look up codecommit and delete the stored key.

answered Nov 28 '22 at 12:28

Mnl

787
8
9

accepted solution for Mac – Aravind Vemula Apr 03 '23 at 03:13

score 3 · Answer 3 · answered Feb 19 '23 at 22:38

3

If you are a mac user. just type code ~/.gitconfig and then paste the following if the credential section missing.

[credential]
    helper = !aws codecommit credential-helper $@
    UseHttpPath = true

answered Feb 19 '23 at 22:38

user21136331

31
3

score 2 · Answer 4 · answered May 15 '22 at 18:02

2

Double-check your AWS managed policies for for CodeCommit.
If your IAM User has switched to ForceMultiFactorAuthentication as policy, you would need to use a token, not your password.

Locally, check what password is stored by your credential manager:

printf "protocol=https\nhost=git-codecommit.eu-west-2.amazonaws.com"|aws codecommit credential-helper get

answered May 15 '22 at 18:02

VonC

1,262,500
529
4,410
5,250

I did check my AWS managed policies specifically and that is not the case. At this point the command doesn't even ask me for my credentials so I don't think it is permission related. – Flora Biletsiou May 18 '22 at 09:24
3

for the stored password I don't really get any useful in return. `printf "protocol=https\nhost=git-codecommit.eu-west-2.amazonaws.com"|aws codecommit credential-helper get` --> `'path'` – Flora Biletsiou May 18 '22 at 09:26

score 1 · Answer 5 · answered May 19 '22 at 08:48

The way I resolved the issue after all is:

Uninstalled aws client from my system and re installed and configured it from scratch.
I cloned my IAM account and gave it Full AWSCodeCommit access.

I am not sure what was the part that solved it, probably the first step since after I reinstalled everything I was prompted again to use my credentials.

score 0 · Answer 6 · answered Nov 17 '22 at 17:38

0

The resolution for me was to reinstall git and deselect the git credential helper.

answered Nov 17 '22 at 17:38

Matt

1

score 0 · Answer 7 · edited Aug 20 '23 at 21:47

0

I was also facing a similar kind of issue,

fatal: unable to access 'https://git-codecommit.ap-south-1.amazonaws.com/v1/repos/sunday-demo/': 
The requested URL returned error: 403

Solution :

Issue the below two commands so it will promote credential windows.

git config --global credential.helper '!aws codecommit credential-helper $@'

git config --global credential.UseHttpPath true

edited Aug 20 '23 at 21:47

desertnaut

57,590
26
140
166

answered Aug 14 '23 at 09:55

Ashutosh Bambal

1

score 0 · Answer 8 · answered Aug 21 '23 at 04:23

Follow the steps under the section called "Git for macOS: I configured the credential helper successfully, but now I am denied access to my repository (403)" under the below documentation.

https://docs.aws.amazon.com/codecommit/latest/userguide/troubleshooting-ch.html

score 0 · Answer 9 · answered Sep 02 '23 at 06:43

For windows, if the problem still exists "fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/RepositoryName': The requested URL returned error: 403" Try fixing your environment variables in windows. If the credentials are changed for clonning the repos, the environment is led with the old set of region and key values.

Search for "edit system environment variables"
Look for "Environment Variables"
Set up the new accesskey, secert accesskey and default region.
click "ok"

AWS Codecommit - fatal: unable to access : The requested URL returned error: 403

9 Answers9