Connecting Jenkins to AWS CodeCommit Repo

1
votes

I have deployed a local Jenkins server (Windows host) and am attempting to connect to a repo in Amazon's AWS CodeCommit service. I have configured the AWS CodeDeploy credentials in Jenkins (via the AWS CodeDeploy Plugin) with my AWS Access Key and Secre Key.

I have created a new freestyle project, and have selected Git under Source Code Management and configirued: Repository URL - copied the SSH url from AWS Code Commit console Credentials - I have created a global credential and pointed it to my private key, and entered the passphrase.

When configuring the Repo URL the following error is displayed:

Failed to connect to repository : Command "git.exe -c core.askpass=true ls-remote -h ssh://[REMOVED]@git-codecommit.us-east-1.amazonaws.com/v1/repos/[REMOVED]/ HEAD" returned status code 128: stdout: stderr: Permission denied (publickey). fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Seems like a simple access error but for the life of me I cannot figure it out. If I open my git bash and paste the above command in, I am presented with:

You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host. fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

So It seems that the SSH connection is working. When I run:

ssh -vT [REMOVED]@git-codecommit.us-east-1.amazonaws.com

I get the following output:

You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.debug1: channel 0: free: client-session, nchannels 1 Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host. Transferred: sent 4160, received 2368 bytes, in 0.2 seconds Bytes per second: sent 24893.3, received 14170.0 debug1: Exit status -1

So it seems I really can access Code Commit okay.

I have also verified that my IAM user is able to connect to CodeCommit by attached the CodeCommitFullAccess policy. I have also cloned the repo using git bash, on the Windows host running Jenkins.

Does anyone know how I can get Jenkins to connect without displaying the error?

1
gitamazon-web-servicesjenkinssshaws-codecommit
what user is Jenkins running under?Mircea
Are you able to connect to other git services with ssh from that jenkins box?Wade Matveyenko
@Mircea - Its on windows so just my Windows account.doydoy
@WadeMatveyenko - I've been able to clone the CodeCommit repo using git from this box - if that is waht you are asking. It is just the Jenkins connection that fails to connect.doydoy

1 Answers

1
votes

You mentioned in your question that you are using a passphrase for your SSH key. It looks like this is a known issue with Jenkins that has not been resolved as of now: JENKINS-20879. I see some workarounds for Unix platforms, but not for Windows. You might consider creating an SSH key for Jenkins that does not have a passphrase to work around this issue.