Git clone works in AWS CodeCommit but pushing fails with 403
I can clone my CodeCommit repository successfully, but when I try to push to it, I get 403. Fetching and pulling works, however. It's as if I have read-only access.
I have setup my .gitconfig to use AWS CLI for credential manager:
[credential]
helper = !aws --profile builder codecommit credential-helper $@
UseHttpPath = true
The problem is that the error doesn't tell me why pushing is failing:
$ git push origin test-branch
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-example-repo/': The requested URL returned error: 403
Most questions on the internet about his error are when cloning fails, but cloning works for me. I found this question where cloning succeeds and pushing fails, but his error is different - aws codecommit cannot push.
Edit:: After looking at my CodeCommit policy, it has Full: Read Limited: List, Write:
There is also a ResourceSpecifier = foo-*, but that holds for GitPull permission and pulling works, so I doubt it's the resource specifier.
I imagine you're right about the read-only permissions. As the docs state, you need the codecommit:GitPush permission in your IAM policy to be allowed to push commits from your local repository to the CodeCommit repository.
Being able to pull the repository means your credentials are set up correctly, if they weren't you wouldn't be able to git pull / git fetch at all.