I am trying to run a spring cloud config application inside a docker container spawned by ECS. I am having issues correctly setting this up so that the meta data is used to clone the git repo from CodeCommit
I have the following settings
pom.xml dependencies
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-aws</artifactId>
</dependency>
application.yml
# some other non related settings such as port
spring:
cloud:
config:
server:
git:
uri: https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/<repo name>
skip-ssl-validation: true
cloud:
aws:
credentials:
instance-profile: true
stack:
auto: false
in the docker logs I can find the following
2019-04-25 16:37:54.209 WARN 1 --- [nio-5000-exec-1] .c.s.e.MultipleJGitEnvironmentRepository : Error occured cloning to base directory.
org.eclipse.jgit.api.errors.TransportException: https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/<repo name>: git-upload-pack not permitted on 'https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/<repo name>/'
If I am understanding this correctly; according to the spring cloud config documentation, when you use a CodeCommit git url and don't specify a username and password, it should automatically default to the AWS Credentials Chain, which has instance profile credentials as the final option.
If you provide a username and password with an AWS CodeCommit URI, they must be the AWS accessKeyId and secretAccessKey that provide access to the repository.
If you do not specify a username and password, the accessKeyId and secretAccessKey are retrieved by using the AWS Default Credential Provider Chain.
