Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-20557

Error 403 on connecting AWS CodeCommit to Bamboo as Linked repository




      Issue Summary


      The below fails for BambooServer 6.9.2. In Bamboo 5.15.3, acces to AWS CodeCommit worked for Git type, authetication with username and password and thus using HTTP protocol.

      Steps to Reproduce

      1. Setting up a Linked repository to AWS CodeCommit of generic Git type using username & password
      2. The IAM user on AWS CodeCommit side has 'AWSCodeCommitFullAccess'
        to the AWS CcodeCommit repository addresed in step 1
      3. All other requirements like 'credential helper' being set and further needed AWS CodeCommit configuration is set as should

      Expected Results

      It should be able to successfully connect to AWS CodeCommit.

      Actual Results

      When terminating the setup of the Linked repository to AWS CodeCommitand pressing button "Test connection" on the end of this configuration page, connecting to the repository is not possible getting message pop-up saying "Fatal: Unable to access and error 403.

      This happens because Bamboo inserts the username and '@' specified into the URL which AWS CodeCommit is apparently not accepting.

      This is common Bamboo procedure and e.g. works perfectly like that for Bitbucket Cloud or GitHub.


      When running git clone from command-line on the box hosting Bamboo Server, with the same username and password but without username and '@' before the AWS CodeCommit URL, things work fine. Please see below.

      bamboo@ip-10-0-0-154:/tmp$ git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/WTOP-Docker-build
       Cloning into 'WTOP-Docker-build'...
       Username for 'https://git-codecommit.us-east-1.amazonaws.com': bamboo-wtop-at-498104006619
       Password for 'https://bamboo-wtop-at-498104006619@git-codecommit.us-east-1.amazonaws.com': 
       remote: Counting objects: 8527, done.
       Receiving objects: 100% (8527/8527), 38.21 MiB | 6.28 MiB/s, done.
       Resolving deltas: 100% (2048/2048), done.
       Checking connectivity... done.

      Inserting the username like Bamboo Server does and running the same git clone, re-prints the same error message and errro 403 as Bamboo does when setting up the  Linked repository for AWS CodeCommit. So it fails as shown below.

      bamboo@ip-10-0-0-154:/tmp$ git clone https://bamboo-wtop-at-498104006619@git-codecommit.us-east-1.amazonaws.com/v1/repos/WTOP-Docker-build/
       Cloning into 'WTOP-Docker-build'...
       fatal: unable to access 'https://bamboo-wtop-at-498104006619@git-codecommit.us-east-1.amazonaws.com/v1/repos/WTOP-Docker-build/': The requested URL returned error: 403


      1. Use git commands from out of a Bamboo Script task and within those, only use the AWS CodeCommit URL, without username (as of the above note)
      2. You might use the SSH protocol and credentials for setting up a Linked repository for AWS CodeCommit. THough to succeed, you need toto configure: ~/.ssh/config, according to "SSH to codecommit: Step 3 #7" as of
        Setup Steps for SSH Connections to AWS CodeCommit Repositories on Linux, macOS, or Unix




            Unassigned Unassigned
            gforster@atlassian.com Gerhard Forster (Inactive)
            3 Vote for this issue
            9 Start watching this issue