Unable to pass tokens in headers with AWS CodeCommit | by Teri Radichel | Biting Bugs | October 2023


From one problem to another… I’m having trouble getting this to work in Lambda

One of my stories about Git Security And AWS CodeCommit Security.

I don’t know if I was just doing something wrong, but I couldn’t get a simple git clone to work in Lambda for AWS CodeCommit as documented here:

So I thought, oh good. I’ll just use the git credentials and pass in an authorization header. I’ve done this before in this article where I showed how to get your credentials from a URL when using GitHub.

But what I forgot was that I was using GitHub – not AWS CodeCommit for this example.

What I also forgot was that I was using a personal access token. GitHub no longer allows account passwords for these types of operations.

I am unable to create a personal access token on AWS.

I can only create a username and password.

I tried passing a password in the header instead, with the username in the URL just to see if that would work. No.

I get a 403 error.

As stated already, it wasn’t my first choice and I don’t like it but I couldn’t get AWS CodeCommit authentication through a role working in the Lambda function.

So I resorted to using username and password in the URL, which I really don’t like.

Leave a comment