Looking to use GitPython to clone a repostiory in Lambda

Question

I'm looking for a way to use Git and Lambda together to help manage our AWS users, this is what I would like to achieve...

1. End user creates a PR with a new/updated IAM policy document for the permissions they would like.
2. We review PR and if it passes the manual code review we merge it into the Master Branch.
3. Lambda is triggered by Merge in the Master Branch to copy new changes and publish them into IAM using boto3 module.

I would like to do a git clone from inside of Lambda, ensure that the commit headers are the latest etc. as a safety guard. When I test it fails because I don't want to supply my credentials in my code (for what should be obvious reasons). So I'm not even able to clone the repository into our /tmp/folder in lambda. I don't see any good documentation either on this specific use case. I'm trying to use an API Developer Token but it doesn't appear to be working as i get the following error:

remote: Repository not found.
fatal: repository 'https://github.com/{org}/{project_name}/' not found 

just a quick note this prints out as it should with the correct place holders but for security reasons I've just put something generic here. I'm pasting my code in below:

import os
import base64
import boto3
from git import Repo
from botocore.exceptions import ClientError

    def lambda_handler(): # replace with (event,context):
        project_name = "project_name" # replace with event[gh_project]
        org = "org" # replace with event[gh_org]
        access_token = "<secret_access_token>" #replace with get_secret()
        git_url = f"https://{access_token}:x-oauth-basic@github.com/{org}/{project_name}"
        cwd = os.getcwd()
        repo = Repo.clone_from(git_url, cwd)

if you have any ideas it would be much appreciated.

Answer 1

The problem was with my git_url I switched it from using an access key to using git_url = git@github.com/{org}/{project_name}.git and that works.