How can I clone repositories in AWS CodeCommit when using AWS CodeBuild?

Question

My CodeBuild process requires me to clone some supporting libraries from AWS CodeCommit. However, since I don't have my private key on the docker image used by AWS CodeBuild, I get permission errors trying to do the checkout:

agent_1  | Host key verification failed.
agent_1  | fatal: Could not read from remote repository.

Is there a simple, recommended way for AWS CodeBuild to download code from AWS CodeCommit?

Answer 1

I found the answer. As Saurav.Kumar said, you need to make sure your IAM role gives you permissions to those repositories. In addition, since I need to use the git command directly to clone additional libraries, I needed to add this to my buildspec.yml:

phases:
  install:
    commands:
      - pip install git-remote-codecommit

Answer 2

The most important is to setup IAM properly... this is an overkill but for general PoC purposes will do the work as an inline policy definition :

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "codecommit:ListRepositoriesForApprovalRuleTemplate", "codecommit:CreateApprovalRuleTemplate", "codecommit:UpdateApprovalRuleTemplateName", "codecommit:GetApprovalRuleTemplate", "codecommit:ListApprovalRuleTemplates", "codecommit:DeleteApprovalRuleTemplate", "codecommit:ListRepositories", "codecommit:UpdateApprovalRuleTemplateContent", "codecommit:UpdateApprovalRuleTemplateDescription" ], "Resource": "" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "codecommit:", "Resource": "arn:aws:codecommit:us-east-1:xxxxxxxx:xxxxxxx-myproject" } ] }