AWS CodeCommit supports all Git commands and works with your existing Git tools.
On MAC, if above-mentioned tricks don't work, do the following:

Now try again. It should work. You may have to do it again next time as well when you face the error 403.
One of the possible reason for this issue is the keychain password different than login password on your MAC.
I also face same 403 error while using git push command in windows. I done all settings mentioned in AWS docs, but non resolved my issue. After i reviewed git credential set via Windows Credential as shown in screen. I found instead of git https credentials, it set access key / secret key (don't know how).

Click on edit link, update credential with proper git credential generated for AWS User, everything worked fine.
This helpful text is found on the AWS documentation for codecommit and Windows integration
If your installation of Git for Windows included the Git Credential Manager utility, you will see 403 errors or prompts to provide credentials into the Credential Manager utility after the first few connection attempts. The most reliable way to solve this problem is to uninstall and then reinstall Git for Windows without the option for the Git Credential Manager utility, as it is not compatible with AWS CodeCommit.
If you want to keep the Git Credential Manager utility, you must perform additional configuration steps to also use AWS CodeCommit, including manually modifying the .gitconfig file to specify the use of the credential helper for AWS CodeCommit when connecting to AWS CodeCommit.
Remove any stored credentials from the Credential Manager utility (you can find this utility in Control Panel).
Once you have removed any stored credentials, add the following to your .gitconfig file, save it, and then try connecting again from a new command prompt window:
[credential "https://git-codecommit.us-east-1.amazonaws.com"]
    helper = !aws codecommit credential-helper $@
    UseHttpPath = true
Additionally, you might have to re-configure your git config settings by specifying --system instead of --global or --local before all connections work as expected.
This last part applied to my situation, though when I ran git config --system it did not function as expected but appended aws configure before the aws codecommit command.
So I had to run this in git to find the location of the config file for the system.
git config --list --show-origin
I then added the suggested section from AWS to both my c:/users/username/.gitconfig and my c:/ProgramData/Git/config files.
After that git push started working- even though I get the bogus error in front of my response of
"git: 'credential-aws' is not a git command. See 'git --help'."
After running below commands, I had to add the below mentioned policy to my IAM user to solve this problem. refrence
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
Policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codecommit:*"
            ],
            "Resource": "*"
        }
    ]
}
I solved it.
The 403 error message is a specifically Git error message. I added the two AWS-specified helper commands:
git config --global credential.helper '!aws --profile bruce666 codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true
and that took care of the issue.
The .git/config file in your local directory (before you clone the Codecommit repo that you had just created should look like this:
[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    logallrefupdates = true
    ignorecase = true
    precomposeunicode = false
[credential]
    helper = !aws --profile bruce666 codecommit credential-helper $@
    UseHttpPath = true
[remote "origin"]
    url = https://git-codecommit.us-east-1.amazonaws.com/v1/repos/barthea
    fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
    remote = origin
    merge = refs/heads/master
As specified in the .git/config file, you are cloning using https not ssh. I must not have used the default version of git that came with OSX because I did not run into any Toolchain issue.
For me the root cause of getting the error was that no matter which version of git I was using on OSX, GIT was always picking up the credential.helper config of using osxkeychain from the file:
/Applications/Xcode.app/Contents/Developer/usr/share/git-core/gitconfig
Getting rid of this solved the problem for me and has not broken anything.
My case in OSX.
The first step:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credentials.helper UseHttpPath=true
However, verifying git config --list --show-origin
file:/usr/local/etc/gitconfig   credential.https://git-codecommit.eu-west-1.amazonaws.com.helper=!aws codecommit credential-helper $@
file:/usr/local/etc/gitconfig   credential.helper=osxkeychain
file:/Users/mine/.gitconfig  user.name=my-user
file:/Users/mine/.gitconfig  [email protected]
file:/Users/mine/.gitconfig  filter.lfs.clean=git-lfs clean -- %f
file:/Users/mine/.gitconfig  filter.lfs.smudge=git-lfs smudge -- %f
file:/Users/mine/.gitconfig  filter.lfs.process=git-lfs filter-process
file:/Users/mine/.gitconfig  filter.lfs.required=true
file:/Users/mine/.gitconfig  credential.helper=!aws codecommit credential-helper $@
file:/Users/mine/.gitconfig  credential.usehttppath=true
The first line was not present before, and git was using osxkeychain with precedence. Hence, I had to do git config --system ...
cat /usr/local/etc/gitconfig                                             
[credential "https://git-codecommit.eu-west-1.amazonaws.com"]
    helper = !aws codecommit credential-helper $@
    UseHttpPath = true
[credential]
    helper = osxkeychain
So the URL was specified in order to fallback in case another credentials are stored.
Update https://docs.aws.amazon.com/codecommit/latest/userguide/troubleshooting-ch.html
For some reason, UseHttpPath = true seems not to be added sometimes. So it can (should) be added under [credential]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With