2

I am deploying a Flask application to ElasticBeanstalk. One of the dependencies of this application is a package that should be installed from a CodeCommit git repository.

Locally, I have successfully set up SSH to connect to the CodeCommit repo to pip install and push code. I have added the package to requirements.txt, and locally this installs fine with pip.

The question is, how should I configure EBS to have SSH access to this repo?

I see the IAM role used by EBS is aws-elasticbeanstalk-ec2-role. I attached the AWSCodeCommitReadOnly policy to this role, but to no avail.

In the eb-activity.log it gives an SSH error when trying to get the package from CodeCommit:

Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

How should I configure access to AWS CodeCommit from EBS?

Iulian
  • 1,496
  • 2
  • 15
  • 35

1 Answers1

0

My suggestion would be to use HTTPS instead of SSH to access your AWS CodeCommit repository. Your instances already have permission through the role and policy you have set up and the AWS CLI available. All you would need to do is run the commands that configure the git-credential helper:

git config --global credential.helper '!aws --profile default codecommit credential-helper $@'

git config --global credential.UseHttpPath true

Hope that helps!

Wade Matveyenko
  • 4,290
  • 1
  • 23
  • 27
  • Yea - actually I had already tried HTTPS. The problem with running git config is that is uses $HOME which isn't set somehow when the config scripts in .ebextensions are run. Maybe you have some insight into this. Currently I solved the problem by using a private PyPI repo, which is a more correct solution anyhow. – Iulian Nov 25 '15 at 08:56