如何在 EC2 cfn-init 上克隆 CodeCommit 存储库?

How to clone CodeCommit repo on EC2 cfn-init?

我尝试使用 CloudFormation 设置我的堆栈,并且在我的 EC2 实例启动时我想从 CodeCommit 克隆一个存储库。该存储库来自其他 aws 帐户,因此我设置了具有正确权限的用户。
我尝试了很多不同的方法来克隆它,但都失败了。我尝试的最后一件事是直接在 UserData 中执行 git clone,但出现两个错误:

1- 与 git clone https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo

fatal: could not read Username for 'https://git-codecommit.eu-west-1.amazonaws.com': No such device or address

2- 与 git clone https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo

fatal: unable to access 'https://TestUser-at-654654:/xyyyzzz=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo/': Could not resolve host: TestUser-at-787897168481

这是我的模板:

{
"Resources": {
    "ec2Bastion": {
        "Type": "AWS::EC2::Instance",
        "Properties": {
            "InstanceType":"t2.micro",
            "AvailabilityZone" : "eu-west-1c",
            "BlockDeviceMappings" : [
               {
                  "DeviceName" : "/dev/xvda",
                  "Ebs" : {
                     "VolumeType" : "gp2",
                     "DeleteOnTermination" : "true",
                     "VolumeSize" : "8"
                  }
               }
            ],
            "DisableApiTermination": "false",
            "ImageId" : "ami-09693313102a30b2c",
            "KeyName" : "toto-aws",
            "Monitoring" : "true",
            "Tenancy" : "default",
            "NetworkInterfaces": [
                {
                    "AssociatePublicIpAddress": "true",
                    "DeviceIndex": "0",
                    "GroupSet": [{ "Ref": "sgBastion" }],
                    "SubnetId": "subnet-0c0ef68588036e3a3"
                }
            ]
        }
    },
    "ec2App": {
        "Type": "AWS::EC2::Instance",
        "Properties": {
            "InstanceType":"t3.large",
            "AvailabilityZone" : "eu-west-1c",
            "BlockDeviceMappings" : [
               {
                  "DeviceName" : "/dev/xvda",
                  "Ebs" : {
                     "VolumeType" : "gp2",
                     "DeleteOnTermination" : "true",
                     "VolumeSize" : "40"
                  }
               }
            ],
            "DisableApiTermination": "false",
            "ImageId" : "ami-025da7a468de72fee",
            "KeyName" : "toto-aws",
            "Monitoring" : "true",
            "Tenancy" : "default",
            "NetworkInterfaces": [
                {
                    "AssociatePublicIpAddress": "false",
                    "DeviceIndex": "0",
                    "GroupSet": [{ "Ref": "sgApp" }],
                    "SubnetId": { "Ref": "subnetApp" }
                }
            ],
            "UserData": {
                "Fn::Base64": {
                    "Fn::Join": [ "", [
                        "#!/bin/bash -xe\n",
                        "yum install -y aws-cfn-bootstrap\n",
                        "mkdir /root/.aws\n",
                        "# Install the files and packages from the metadata\n",
                        "/opt/aws/bin/cfn-init ",
                        "         --stack ", { "Ref" : "AWS::StackName" },
                        "         --resource ec2App ",
                        "         --configsets Configure ",
                        "         --region ", { "Ref" : "AWS::Region" }, "\n",
                        "# Signal the status from cfn-init\n",
                        "cd /var/www\n",
                        "git clone https://TestUser-at-7874456456781:/3fgh54wJmRzlVvmYfg654sA5Q=@git-codecommit.eu-west-1.amazonaws.com/v1/repos/my-repo; \n",
                        "/opt/aws/bin/cfn-signal -e $? ",
                        "         --stack ", { "Ref" : "AWS::StackName" },
                        "         --resource ec2App ",
                        "         --region ", { "Ref" : "AWS::Region" }, "\n"
                  ]]
                }
            }
        },
        "Metadata" : {
            "AWS::CloudFormation::Init" : {
                "configSets" : {
                    "Configure": ["Configure"]
                },
                "Configure": {
                    "files": {
                        "/root/.gitconfig": {
                            "content" : { "Fn::Join" : [ "", [
                                "[credential]\n",
                                "       helper = !aws codecommit credential-helper $@\n",
                                "       UseHttpPath = true\n"
                            ]]},
                            "mode"  : "000644",
                            "owner" : "root",
                            "group" : "root"
                        },
                        "/root/.aws/config": {
                            "content" : { "Fn::Join" : [ "", [
                                "[default]\n",
                                "region = eu-west-1\n",
                                "output = json\n"
                            ]]},
                            "mode"  : "000600",
                            "owner" : "root",
                            "group" : "root"
                        },
                        "/root/.aws/credentials": {
                            "content" : { "Fn::Join" : [ "", [
                                "[default]\n",
                                "aws_access_key_id = MYKEY\n",
                                "aws_secret_access_key = SECRETKEY\n"
                            ]]},
                            "mode"  : "000600",
                            "owner" : "root",
                            "group" : "root"
                        }
                    }
                }
            }
        }
    },
    "sgBastion": {
        "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "VpcId": "vpc-0d2d3a7d301ffb3f2",
            "GroupDescription": "Enable SSH access via port 22",
            "SecurityGroupIngress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "CidrIp" : "0.0.0.0/32"
                }
            ]
        }
    },
    "sgApp": {
        "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "VpcId": "vpc-0d2d3a7d301ffb3f2",
            "GroupDescription": "Enable SSH access via port 22",
            "SecurityGroupIngress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "SourceSecurityGroupId" : { "Ref": "sgBastion" }
                }
            ]
        }
    },
    "subnetApp" : {
        "Type" : "AWS::EC2::Subnet",
        "Properties" : {
            "VpcId": "vpc-0d2d3a7d301ffb3f2",
            "CidrBlock" : "10.0.10.0/24",
            "AvailabilityZone" : "eu-west-1c"
        }
    },
    "appSubnetRouteTableAssociation" : {
         "Type" : "AWS::EC2::SubnetRouteTableAssociation",
         "Properties" : {
            "SubnetId" : { "Ref" : "subnetApp" },
            "RouteTableId" : { "Ref" : "appRouteTable" }
         }
     },
     "appRouteTable" : {
         "Type" : "AWS::EC2::RouteTable",
         "Properties" : {
            "VpcId" : "vpc-0d2d3a7d301ffb3f2"
         }
     },
     "appRoute" : {
        "Type" : "AWS::EC2::Route",
        "Properties" : {
            "RouteTableId" : { "Ref" : "appRouteTable" },
            "DestinationCidrBlock" : "0.0.0.0/0",
            "NatGatewayId" : "nat-027c1f24384fc90e6"
        }
     }
  }

}

你有什么想法吗?

提前致谢。

关于username:password的使用,语法中密码中不应包含任何'/':

https://UserFormAWS-65456:/PASSWORDGENERATEBYAWS@
                          ?
# should be:
https://UserFormAWS-65456:PASSWORDGENERATEBYAWS@

(除非“/”实际上是您密码的一部分)

此外,该密码中的任何特殊字符都必须是 percent encoded
例如用 %3D.
替换 '=' 如果 / 实际上是密码的第一个字符,则应将其替换为 %2F