One of my stories about Git Security And AWS CodeCommit Security.
I don’t know if I was just doing something wrong, but I couldn’t get a simple git clone to work in Lambda for AWS CodeCommit as documented here:
So I thought, oh good. I’ll just use the git credentials and pass in an authorization header. I’ve done this before in this article where I showed how to get your credentials from a URL when using GitHub.
But what I forgot was that I was using GitHub – not AWS CodeCommit for this example.
What I also forgot was that I was using a personal access token. GitHub no longer allows account passwords for these types of operations.
I am unable to create a personal access token on AWS.
I can only create a username and password.
I tried passing a password in the header instead, with the username in the URL just to see if that would work. No.
I get a 403 error.
As stated already, it wasn’t my first choice and I don’t like it but I couldn’t get AWS CodeCommit authentication through a role working in the Lambda function.
So I resorted to using username and password in the URL, which I really don’t like.