# Troubleshooting AWS CodeCommit
Troubleshooting

The following information might help you troubleshoot common issues in AWS CodeCommit.

**Topics**
+ [

# Troubleshooting Git credentials and HTTPS connections to AWS CodeCommit
](troubleshooting-gc.md)
+ [

# Troubleshooting git-remote-codecommit and AWS CodeCommit
](troubleshooting-grc.md)
+ [

# Troubleshooting SSH connections to AWS CodeCommit
](troubleshooting-ssh.md)
+ [

# Troubleshooting the credential helper and HTTPS connections to AWS CodeCommit
](troubleshooting-ch.md)
+ [

# Troubleshooting Git clients and AWS CodeCommit
](troubleshooting-git.md)
+ [

# Troubleshooting access errors and AWS CodeCommit
](troubleshooting-ae.md)
+ [

# Troubleshooting configuration errors and AWS CodeCommit
](troubleshooting-cf.md)
+ [

# Troubleshooting console errors and AWS CodeCommit
](troubleshooting-cs.md)
+ [

# Troubleshooting triggers and AWS CodeCommit
](troubleshooting-ti.md)
+ [

## Turn on debugging
](#troubleshooting-debug)

# Troubleshooting Git credentials and HTTPS connections to AWS CodeCommit
Troubleshooting Git credentials (HTTPS)

The following information might help you troubleshoot common issues when using Git credentials and HTTPS to connect to AWS CodeCommit repositories.

**Topics**
+ [

## Git credentials for AWS CodeCommit: I keep seeing a prompt for credentials when I connect to my CodeCommit repository at the terminal or command line
](#troubleshooting-gc1)
+ [

## Git credentials for AWS CodeCommit: I set up Git credentials, but my system is not using them
](#troubleshooting-gc2)

## Git credentials for AWS CodeCommit: I keep seeing a prompt for credentials when I connect to my CodeCommit repository at the terminal or command line


**Problem:** When you try to push, pull, or otherwise interact with a CodeCommit repository from the terminal or command line, you are prompted to provide a user name and password, and you must supply the Git credentials for your IAM user.

**Possible fixes:** The most common causes for this error are that your local computer is running an operating system that does not support credential management, or it does not have a credential management utility installed, or the Git credentials for your IAM user have not been saved to one of these credential management systems. Depending on your operating system and local environment, you might need to install a credential manager, configure the credential manager that is included in your operating system, or customize your local environment to use credential storage. For example, if your computer is running macOS, you can use the Keychain Access utility to store your credentials. If your computer is running Windows, you can use the Git Credential Manager that is installed with Git for Windows. For more information, see [For HTTPS users using Git credentials](setting-up-gc.md) and [Credential Storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage) in the Git documentation. 

## Git credentials for AWS CodeCommit: I set up Git credentials, but my system is not using them


**Problem:** When you try to use CodeCommit with a Git client, the client does not appear to use the Git credentials for your IAM user.

**Possible fixes:** The most common cause for this error is that you previously set up your computer to use the credential helper that is included with the AWS CLI. Check your .gitconfig file for configuration sections similar to the following, and remove them: 

```
[credential "https://git-codecommit.*.amazonaws.com"]
    helper = !aws codecommit credential-helper $@ 
    UseHttpPath = true
```

Save the file, and then open a new command line or terminal session before you attempt to connect again.

You may also have multiple credential helpers or managers set up on your computer, and your system might be defaulting to another configuration. To reset which credential helper is used as the default, you can use the **--system** option instead of **--global** or **--local** when running the **git config** command.

For more information, see [For HTTPS users using Git credentials](setting-up-gc.md) and [Credential Storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage) in the Git documentation. 

# Troubleshooting git-remote-codecommit and AWS CodeCommit
Troubleshooting git-remote-codecommit

The following information might help you troubleshoot issues with **git-remote-codecommit** when connecting with AWS CodeCommit repositories.

**Topics**
+ [

## I see an error: git: 'remote-codecommit' is not a git command
](#troubleshooting-grc-syn1)
+ [

## I see an error: fatal: Unable to find remote helper for 'codecommit'
](#troubleshooting-grc-syn2)
+ [

## Cloning error: I cannot clone a CodeCommit repository from an IDE
](#troubleshooting-grc-ide1)
+ [

## Push or pull error: I cannot push or pull commits from an IDE to a CodeCommit repository
](#troubleshooting-grc-ide2)
+ [

## Installation error: I see an externally-managed-environment error when I try to install git-remote-codecommit
](#troubleshooting-grc-pm1)

## I see an error: git: 'remote-codecommit' is not a git command


**Problem:** When you try to use git-remote-codecommit, you see an error that git-remote-codecommit is not a git command. See 'git --help'".

**Possible fixes:** The most common reason for this error is that either you have not added the git-remote-codecommit executable to your PATH, or that the string contains a syntax error. This can happen where a hyphen is missing between git and remote-codecommit, or when an extra git is placed before git-remote-codecommit.

You might also encounter this error if you have updated your local installation to an unsupported version. For more information about supported versions of Python, see [git-remote-codecommit](https://pypi.org/project/git-remote-codecommit/).

For more information about setting up and using git-remote-codecommit, see [Setup steps for HTTPS connections to AWS CodeCommit with git-remote-codecommit](setting-up-git-remote-codecommit.md).

## I see an error: fatal: Unable to find remote helper for 'codecommit'


**Problem:** When you try to use git-remote-codecommit, you see an error stating "fatal: Unable to find remote helper for 'codecommit'".

**Possible fixes:** The most common reasons for this error are:
+ The setup is not complete for git-remote-codecommit
+ You have installed git-remote-codecommit in a location that is not in your path or not configured as part of the `Path` environment variable
+ Python is not in your path or not configured as part of the `Path` environment variable
+ You are using a terminal or command line window that has not been restarted since the installation of git-remote-codecommit completed

For more information about setting up and using git-remote-codecommit, see [Setup steps for HTTPS connections to AWS CodeCommit with git-remote-codecommit](setting-up-git-remote-codecommit.md).

## Cloning error: I cannot clone a CodeCommit repository from an IDE


**Problem:** When you try to clone a CodeCommit repository in an IDE, you see an error that says the endpoint or URL is not valid.

**Possible fixes:** Not all IDEs support the URL used by **git-remote-codecommit** during cloning. Clone the repository locally from the terminal or command line, and then add that local repo to your IDE. For more information, see [Step 3: Connect to the CodeCommit console and clone the repository](setting-up-git-remote-codecommit.md#setting-up-git-remote-codecommit-connect-console).

## Push or pull error: I cannot push or pull commits from an IDE to a CodeCommit repository


**Problem:** When you try to pull or push code from an IDE, you see a connection error.

**Possible fixes:** The most common reason for this error is that the IDE is not compatible with Git remote helpers such as **git-remote-codecommit**. Instead of using the IDE functionality to commit, push, and pull code, update the local repo manually from the command line or terminal using Git commands.

For more information about remote helpers and Git, see the [Git documentation](https://git-scm.com/docs/gitremote-helpers).

## Installation error: I see an externally-managed-environment error when I try to install git-remote-codecommit


**Problem:** When you try to run the `pip install git-remote-codecommit` command, you see an error indicating that the environment is externally managed.

**Possible fixes:** The most common reason for this error is that you're running a distrobution (distro) of Python that define an EXTERNALLY-MANAGED marker file. The best solution for this is to create and use a virtual environment.

For more information about externally managed environments and Python, see [Externally Managed Environments](https://packaging.python.org/en/latest/specifications/externally-managed-environments/#externally-managed-environments) and [Install packages in a virtual environment using pip and venv](https://packaging.python.org/en/latest/guides/installing-using-pip-and-virtual-environments/) in the Python documentation.

# Troubleshooting SSH connections to AWS CodeCommit
Troubleshooting SSH connections

The following information might help you troubleshoot common issues when using SSH to connect to CodeCommit repositories.

**Topics**
+ [

## Access error: Public key is uploaded successfully to IAM but connection fails on Linux, macOS, or Unix systems
](#troubleshooting-ae4)
+ [

## Access error: Public key is uploaded successfully to IAM and SSH tested successfully but connection fails on Windows systems
](#troubleshooting-ae5)
+ [

## Authentication challenge: Authenticity of host can't be established when connecting to a CodeCommit repository
](#troubleshooting-ac1)
+ [

## IAM error: 'Invalid format' when attempting to add a public key to IAM
](#troubleshooting-iam1)
+ [

## I need to access CodeCommit repositories in multiple Amazon Web Services accounts with SSH credentials
](#troubleshooting-ssh-multi)
+ [

## Git on Windows: Bash emulator or command line freezes when attempting to connect using SSH
](#troubleshooting-gw2)
+ [

## Public key format requires specification in some distributions of Linux
](#troubleshooting-os-syn2)
+ [

## Access error: SSH public key denied when connecting to a CodeCommit repository
](#troubleshooting-permission-denied-ssh-key)

## Access error: Public key is uploaded successfully to IAM but connection fails on Linux, macOS, or Unix systems


**Problem:** When you try to connect to an SSH endpoint to communicate with a CodeCommit repository, either when testing the connection or cloning a repository, the connection fails or is refused.

**Possible fixes:** The SSH key ID assigned to your public key in IAM might not be associated with your connection attempt. [You might not have configured a config file](setting-up-ssh-unixes.md#cc-configure-config), you might not have access to the configuration file, another setting might be preventing a successful read of the config file, you might have provided the wrong key ID, or you might have provided the ID of the IAM user instead of the key ID.

The SSH key ID can be found in the IAM console in the profile for your IAM user:

![\[The SSH Key ID in the IAM console\]](http://docs.aws.amazon.com/codecommit/latest/userguide/images/codecommit-ssh-key-id-iam.png)


**Note**  
If you have more than one SSH key IDs uploaded, the keys are listed alphabetically by key ID, not by upload date. Make sure that you have copied the key ID that is associated with the correct upload date.

Try testing the connection with the following command:

```
ssh Your-SSH-Key-ID@git-codecommit.us-east-2.amazonaws.com
```

If you see a success message after confirming the connection, your SSH key ID is valid. Edit your config file to associate your connection attempts with your public key in IAM. If you do not want to edit your config file, you can preface all connection attempts to your repository with your SSH key ID. For example, if you wanted to clone a repository named *MyDemoRepo* without modifying your config file to associate your connection attempts, you would run the following command:

```
git clone ssh://Your-SSH-Key-ID@git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
```

For more information, see [For SSH connections on Linux, macOS, or Unix](setting-up-ssh-unixes.md). 

## Access error: Public key is uploaded successfully to IAM and SSH tested successfully but connection fails on Windows systems


**Problem:** When you try to use an SSH endpoint to clone or communicate with a CodeCommit repository, an error message appears containing the phrase `No supported authentication methods available`.

**Possible fixes:** The most common reason for this error is that you have a Windows system environment variable set that directs Windows to use another program when you attempt to use SSH. For example, you might have set a GIT\$1SSH variable to point to one of the PuTTY set of tools (plink.exe). This might be a legacy configuration, or it might be required for one or more other programs installed on your computer. If you are sure that this environment variable is not required, you can remove it by opening your system properties.

To work around this issue, open a Bash emulator and then try your SSH connection again, but include `GIT_SSH_COMMAND="SSH"` as a prefix. For example, to clone a repository using SSH:

```
GIT_SSH_COMMAND="ssh" git clone ssh://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
```

A similar problem might occur if your version of Windows requires that you include the SSH key ID as part of the connection string when connecting through SSH at the Windows command line. Try your connection again, this time including the SSH key ID copied from IAM as part of the command. For example:

```
git clone ssh://Your-SSH-Key-ID@git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
```

## Authentication challenge: Authenticity of host can't be established when connecting to a CodeCommit repository


**Problem:** When you try to use an SSH endpoint to communicate with a CodeCommit repository, a warning message appears containing the phrase `The authenticity of host 'host-name' can't be established.`

**Possible fixes:** Your credentials might not be set up correctly. Follow the instructions in [For SSH connections on Linux, macOS, or Unix](setting-up-ssh-unixes.md) or [For SSH connections on Windows](setting-up-ssh-windows.md). 

If you have followed those steps and the problem persists, someone might be attempting a man-in-the-middle attack. When you see the following message, type `no`, and press Enter.

```
Are you sure you want to continue connecting (yes/no)?
```

Make sure the fingerprint and public key for CodeCommit connections match those documented in the SSH setup topics before you continue with the connection.


**Public fingerprints for CodeCommit**  

| Server | Cryptographic hash type | Fingerprint | 
| --- | --- | --- | 
| git-codecommit.us-east-2.amazonaws.com | MD5 | a9:6d:03:ed:08:42:21:be:06:e1:e0:2a:d1:75:31:5e | 
| git-codecommit.us-east-2.amazonaws.com | SHA256 | 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ | 
| git-codecommit.us-east-1.amazonaws.com | MD5 | a6:9c:7d:bc:35:f5:d4:5f:8b:ba:6f:c8:bc:d4:83:84 | 
| git-codecommit.us-east-1.amazonaws.com | SHA256 | eLMY1j0DKA4uvDZcl/KgtIayZANwX6t8\$18isPtotBoY | 
| git-codecommit.us-west-2.amazonaws.com | MD5 | a8:68:53:e3:99:ac:6e:d7:04:7e:f7:92:95:77:a9:77 | 
| git-codecommit.us-west-2.amazonaws.com | SHA256 | 0pJx9SQpkbPUAHwy58UVIq0IHcyo1fwCpOOuVgcAWPo | 
| git-codecommit.eu-west-1.amazonaws.com | MD5 | 93:42:36:ea:22:1f:f1:0f:20:02:4a:79:ff:ea:12:1d | 
| git-codecommit.eu-west-1.amazonaws.com | SHA256 | tKjRkOL8dmJyTmSbeSdN1S8F/f0iql3RlvqgTOP1UyQ | 
| git-codecommit.ap-northeast-1.amazonaws.com | MD5 | 8e:a3:f0:80:98:48:1c:5c:6f:59:db:a7:8f:6e:c6:cb | 
| git-codecommit.ap-northeast-1.amazonaws.com | SHA256 | Xk/WeYD/K/bnBybzhiuu4dWpBJtXPf7E30jHU7se4Ow | 
| git-codecommit.ap-southeast-1.amazonaws.com | MD5 | 65:e5:27:c3:09:68:0d:8e:b7:6d:94:25:80:3e:93:cf | 
| git-codecommit.ap-southeast-1.amazonaws.com | SHA256 | ZIsVa7OVzxrTIf\$1Rk4UbhPv6Es22mSB3uTBojfPXIno | 
| git-codecommit.ap-southeast-2.amazonaws.com | MD5 | 7b:d2:c1:24:e6:91:a5:7b:fa:c1:0c:35:95:87:da:a0 | 
| git-codecommit.ap-southeast-2.amazonaws.com | SHA256 | nYp\$1gHas80HY3DqbP4yanCDFhqDVjseefVbHEXqH2Ec | 
| git-codecommit.ap-southeast-3.amazonaws.com | MD5 | 64:d9:e0:53:19:4f:a8:91:9a:c3:53:22:a6:a8:ed:a6 | 
| git-codecommit.ap-southeast-3.amazonaws.com | SHA256 | ATdkGSFhpqIu7RqUVT/1RZo6MLxxxUW9NoDVMbAc/6g | 
| git-codecommit.me-central-1.amazonaws.com | MD5 | bd:fa:e2:f9:05:84:d6:39:6f:bc:d6:8d:fe:de:61:76 | 
| git-codecommit.me-central-1.amazonaws.com | SHA256 | grceUDWubo4MzG1NoaKZKUfrgPvfN3ijliOnQr1lTZA | 
| git-codecommit.eu-central-1.amazonaws.com | MD5 | 74:5a:e8:02:fc:b2:9c:06:10:b4:78:84:65:94:22:2d | 
| git-codecommit.eu-central-1.amazonaws.com | SHA256 | MwGrkiEki8QkkBtlAgXbYt0hoZYBnZF62VY5RzGJEUY | 
| git-codecommit.ap-northeast-2.amazonaws.com | MD5 | 9f:68:48:9b:5f:fc:96:69:39:45:58:87:95:b3:69:ed | 
| git-codecommit.ap-northeast-2.amazonaws.com | SHA256 | eegAPQrWY9YsYo9ZHIKOmxetfXBHzAZd8Eya53Qcwko | 
| git-codecommit.sa-east-1.amazonaws.com | MD5 | 74:99:9d:ff:2b:ef:63:c6:4b:b4:6a:7f:62:c5:4b:51 | 
| git-codecommit.sa-east-1.amazonaws.com | SHA256 | kW\$1VKB0jpRaG/ZbXkgbtMQbKgEDK7JnISV3SVoyCmzU | 
| git-codecommit.us-west-1.amazonaws.com | MD5 | 3b:76:18:83:13:2c:f8:eb:e9:a3:d0:51:10:32:e7:d1 | 
| git-codecommit.us-west-1.amazonaws.com | SHA256 | gzauWTWXDK2u5KuMMi5vbKTmfyerdIwgSbzYBODLpzg | 
| git-codecommit.eu-west-2.amazonaws.com | MD5 | a5:65:a6:b1:84:02:b1:95:43:f9:0e:de:dd:ed:61:d3 | 
| git-codecommit.eu-west-2.amazonaws.com | SHA256 | r0Rwz5k/IHp/QyrRnfiM9j02D5UEqMbtFNTuDG2hNbs | 
| git-codecommit.ap-south-1.amazonaws.com | MD5 | da:41:1e:07:3b:9e:76:a0:c5:1e:64:88:03:69:86:21 | 
| git-codecommit.ap-south-1.amazonaws.com | SHA256 | hUKwnTj7\$1Xpx4Kddb6p45j4RazIJ4IhAMD8k29itOfE | 
| git-codecommit.ap-south-2.amazonaws.com | MD5 | bc:cc:9f:15:f8:f3:58:a2:68:65:21:e2:23:71:8d:ce | 
| git-codecommit.ap-south-2.amazonaws.com | SHA256 | Xe0CyZEOvgR5Xa2YUGqf\$1jn8/Ut7l7nX/CmslSFNEig | 
| git-codecommit.ca-central-1.amazonaws.com | MD5 | 9f:7c:a2:2f:8c:b5:74:fd:ab:b7:e1:fd:af:46:ed:23 | 
| git-codecommit.ca-central-1.amazonaws.com | SHA256 | Qz5puafQdANVprLlj6r0Qyh4lCNsF6ob61dGcPtFS7w | 
| git-codecommit.eu-west-3.amazonaws.com | MD5 | 1b:7f:97:dd:d7:76:8a:32:2c:bd:2c:7b:33:74:6a:76 | 
| git-codecommit.eu-west-3.amazonaws.com | SHA256 | uw7c2FL564jVoFgtc\$1ikzILnKBsZz7t9\$1CFdSJjKbLI | 
| git-codecommit.us-gov-west-1.amazonaws.com | MD5 | 9f:6c:19:3b:88:cd:e8:88:1b:9c:98:6a:95:31:8a:69 | 
| git-codecommit.us-gov-west-1.amazonaws.com | SHA256 | djXQoSIFcg8vHe0KVH1xW/gOF9X37tWTqu4Hkng75x4 | 
| git-codecommit.us-gov-east-1.amazonaws.com | MD5 | 00:8d:b5:55:6f:05:78:05:ed:ea:cb:3f:e6:f0:62:f2 | 
| git-codecommit.us-gov-east-1.amazonaws.com | SHA256 | fVb\$1R0z7qW7minenW\$1rUpAABRCRBTCzmETAJEQrg98 | 
| git-codecommit.eu-north-1.amazonaws.com | MD5 | 8e:53:d8:59:35:88:82:fd:73:4b:60:8a:50:70:38:f4 | 
| git-codecommit.eu-north-1.amazonaws.com | SHA256 | b6KSK7xKq\$1V8jl7iuAcjqXsG7zkqoUZZmmhYYFBq1wQ | 
| git-codecommit.me-south-1.amazonaws.com | MD5 | 0e:39:28:56:d5:41:e6:8d:fa:81:45:37:fb:f3:cd:f7 | 
| git-codecommit.me-south-1.amazonaws.com | SHA256 | O\$1NToCGgjrHekiBuOl0ad7ROGEsz\$1DBLXOd/c9wc0JU | 
| git-codecommit.ap-east-1.amazonaws.com | MD5 | a8:00:3d:24:52:9d:61:0e:f6:e3:88:c8:96:01:1c:fe | 
| git-codecommit.ap-east-1.amazonaws.com | SHA256 | LafadYwUYW8hONoTRpojbjNs9IRnbEwHtezD3aAIBX0 | 
| git-codecommit---cn-north-1.amazonaws.com.rproxy.govskope.us.cn | MD5 | 11:7e:2d:74:9e:3b:94:a2:69:14:75:6f:5e:22:3b:b3 | 
| git-codecommit---cn-north-1.amazonaws.com.rproxy.govskope.us.cn | SHA256 | IYUXxH2OpTDsyYMLIp\$1JY8CTLS4UX\$1ZC5JVZXPRaxc8 | 
| git-codecommit---cn-northwest-1.amazonaws.com.rproxy.govskope.us.cn | MD5 | 2e:a7:fb:4c:33:ac:6c:f9:aa:f2:bc:fb:0a:7b:1e:b6 | 
| git-codecommit---cn-northwest-1.amazonaws.com.rproxy.govskope.us.cn | SHA256 | wqjd6eHd0\$1mOBx\$1dCNuL0omUoCNjaDtZiEpWj5TmCfQ | 
| git-codecommit.eu-south-1.amazonaws.com | MD5 | b9:f6:5d:e2:48:92:3f:a9:37:1e:c4:d0:32:0e:fb:11 | 
| git-codecommit.eu-south-1.amazonaws.com | SHA256 | lyXrWbCg3uQmJrl1XxB/ASR7ugW1Ysf5yzYOJbudHsI | 
| git-codecommit.ap-northeast-3.amazonaws.com | MD5 | 25:17:40:da:b9:d4:18:c3:b6:b3:fb:ed:1c:20:fe:29 | 
| git-codecommit.ap-northeast-3.amazonaws.com | SHA256 | 2B815B9F0AvwLnRxSVxUz4kDYmtEQUGGdQYP8OQLXhA | 
| git-codecommit.af-south-1.amazonaws.com | MD5 | 21:a0:ba:d7:c1:d1:b5:39:98:8d:4d:7c:96:f5:ca:29 | 
| git-codecommit.af-south-1.amazonaws.com | SHA256 | C34ji3x/cnsDZjUpyNGXdE5pjHYimqJrQZ3leTgqJHM | 
| git-codecommit.il-central-1.amazonaws.com | MD5 | 04:74:89:16:98:7a:61:b1:69:46:42:3c:d1:b4:ac:a9 | 
| git-codecommit.il-central-1.amazonaws.com | SHA256 | uFxhp51kUWhleTLeYbxQVYm4RnNLNZ5Dbdm1cgdSl/8 | 

## IAM error: 'Invalid format' when attempting to add a public key to IAM


**Problem:** In IAM, when attempting to set up to use SSH with CodeCommit, an error message appears containing the phrase `Invalid format` when you attempt to add your public key.

**Possible fixes:** IAM requires that the public key must be encoded in ssh-rsa format or PEM format.  It accepts public keys in the OpenSSH format only and  has additional requirements as specified in [Use SSH Keys with CodeCommit](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html#ssh-keys-code-commit) in the *IAM User Guide*. If you provide your public key in another format, or if the key does not contain the required number of bits, you see this error. 
+ When you copied the SSH public key, your operating system might have introduced line breaks. Make sure that there are no line breaks in the public key that you add to IAM.
+ Some Windows operating systems do not use the OpenSSH format. To generate a key pair and copy the OpenSSH format required by IAM, see [Step 3:  Set up the public and private keys for Git and CodeCommit ](setting-up-ssh-windows.md#setting-up-ssh-windows-keys-windows).

For more information about the requirements for SSH keys in IAM, see [Use SSH Keys with CodeCommit](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html#ssh-keys-code-commit) in the *IAM User Guide*.

## I need to access CodeCommit repositories in multiple Amazon Web Services accounts with SSH credentials


**Problem:** I want to set up SSH access to CodeCommit repositories in more than one Amazon Web Services account.

**Possible fixes:** You can create unique SSH public/private key pairs for each Amazon Web Services account and configure IAM with each key. You can then configure your \$1/.ssh/config file with information about each IAM User ID associated with the public key. For example:

```
Host codecommit-1
    Hostname git-codecommit.us-east-1.amazonaws.com
    User SSH-KEY-ID-1 # This is the SSH Key ID you copied from IAM in Amazon Web Services account 1 (for example, APKAEIBAERJR2EXAMPLE1).
    IdentityFile ~/.ssh/codecommit_rsa # This is the path to the associated public key file, such as id_rsa.  We advise creating CodeCommit specific _rsa files.
 
Host codecommit-2
    Hostname git-codecommit.us-east-1.amazonaws.com
    User SSH-KEY-ID-2 # This is the SSH Key ID you copied from IAM in Amazon Web Services account 2 (for example, APKAEIBAERJR2EXAMPLE2).
    IdentityFile ~/.ssh/codecommit_2_rsa # This is the path to the other associated public key file.  We advise creating CodeCommit specific _rsa files.
```

In this configuration, you will be able to replace 'git-codecommit.us-east-1.amazonaws.com' with 'codecommit-2'. For example, to clone a repository in your second Amazon Web Services account:

```
git clone ssh://codecommit-2/v1/repos/YourRepositoryName
```

To set up a remote for your repository, run **git remote add**. For example:

```
git remote add origin ssh://codecommit-2/v1/repos/YourRepositoryName
```

For more examples, see [this forum post](https://forums.aws.amazon.com/thread.jspa?messageID=711158) and [this contribution on GitHub](https://gist.github.com/justinpawela/3a7056cd592d688425e59de2ef6f1da0).

## Git on Windows: Bash emulator or command line freezes when attempting to connect using SSH


**Problem:** After you configure SSH access for Windows and confirm connectivity at the command line or terminal, you see a message that the server's host key is not cached in the registry, and the prompt to store the key in the cache is frozen (does not accept y/n/return input) when you attempt to use commands such as **git pull**, **git push**, or **git clone** at the command prompt or Bash emulator.

**Possible fixes:** The most common cause for this error is that your Git environment is configured to use something other than OpenSSH for authentication (probably PuTTY). This is known to cause problems with the caching of keys in some configurations. To fix this problem, try one of the following:
+ Open a Bash emulator and add the `GIT_SSH_COMMAND="ssh"` parameter before the Git command. For example, if you are attempting to push to a repository, instead of typing **git push**, type: 

  ```
  GIT_SSH_COMMAND="ssh" git push
  ```
+ If you have PuTTY installed, open PuTTY, and in **Host Name (or IP address)**, enter the CodeCommit endpoint you want to reach (for example, git-codecommit.us-east-2.amazonaws.com). Choose **Open**. When prompted by the PuTTY security alert, choose **Yes** to permanently cache the key.
+ Rename or delete the `GIT_SSH` environment variable if you are no longer using it. Then open a new command prompt or Bash emulator session, and try your command again.

For other solutions, see [Git clone/pull continually freezing at Store key in cache](http://stackoverflow.com/questions/33240137/git-clone-pull-continually-freezing-at-store-key-in-cache) on Stack Overflow. 

## Public key format requires specification in some distributions of Linux


**Problem:** When you try to configure a public-private key pair, you receive an error.

**Possible fixes:** Some distributions of Linux require an additional line of configuration in the `~/.ssh/config` file that specifies the accepted types of public keys. For more information, see the documentation for your distribution about `PubkeyAcceptedKeyTypes`.

## Access error: SSH public key denied when connecting to a CodeCommit repository


**Problem:** When you try to use an SSH endpoint to communicate with a CodeCommit repository, an error message appears containing the phrase `Error: public key denied`.

**Possible fixes:** The most common reason for this error is that you have not completed setup for SSH connections. Configure a public and private SSH key pair, and then associate the public key with your IAM user. For more information about configuring SSH, see [For SSH connections on Linux, macOS, or Unix](setting-up-ssh-unixes.md) and [For SSH connections on Windows](setting-up-ssh-windows.md). 

# Troubleshooting the credential helper and HTTPS connections to AWS CodeCommit
Troubleshooting the credential helper (HTTPS)

The following information might help you troubleshoot common issues when you use the credential helper included with the AWS CLI and HTTPS to connect to CodeCommit repositories.

**Note**  
Although the credential helper is a supported method for connecting to CodeCommit using federated access, an identity provider, or temporary credentials, the recommended method is to install and use the **git-remote-codecommit** utility. For more information, see [Setup steps for HTTPS connections to AWS CodeCommit with git-remote-codecommit](setting-up-git-remote-codecommit.md).

**Topics**
+ [

## I receive an error when running the `git config` command to configure the credential helper
](#troubleshooting-os-syn1)
+ [

## I see an error reading the user name when attempting to clone a repository
](#troubleshooting-gitconfig1)
+ [

## I get a command not found error in Windows when using the credential helper
](#troubleshooting-py3)
+ [

## I am prompted for a user name when I connect to a CodeCommit repository
](#troubleshooting-ae1)
+ [

## Git for macOS: I configured the credential helper successfully, but now I am denied access to my repository (403)
](#troubleshooting-macoshttps)
+ [

## Git for Windows: I installed Git for Windows, but I am denied access to my repository (403)
](#troubleshooting-windowshttps)

## I receive an error when running the `git config` command to configure the credential helper


**Problem:** When you try to run the git config command to configure the credential helper to communicate with a CodeCommit repository, you see an error that there are too few arguments, or a usage prompt suggesting Git config commands and syntax.

**Possible fixes:** The most common reason for this error is that either single quotes are used for the command on a Windows operating system, or double quotes are used for the command in a Linux, macOS, or Unix operating system. The correct syntax is as follows:
+ Windows: `git config --global credential.helper "!aws codecommit credential-helper $@"`
+ Linux, macOS, or Unix: `git config --global credential.helper '!aws codecommit credential-helper $@'`

## I see an error reading the user name when attempting to clone a repository


**Problem:** When you try to clone a repository using the credential helper, you see an error stating that the system could not read the user name for the repository URL.

**Possible fixes:** The most common reason for this error is that the .gitconfig file is not created or configured correctly on your computer. Open your .gitconfig file and make sure that the credential helper is set correctly. If you are on a computer running Linux, macOS, or Unix, also make sure that the value of `$HOME `is set correctly for your system.

## I get a command not found error in Windows when using the credential helper


**Problem:** After updating the AWS CLI, credential helper connections to CodeCommit repositories fail with `aws codecommit credential-helper $@ get: aws: command not found`.

**Cause**: The most common reason for this error is that your AWS CLI version has been updated to a version that uses Python 3. There is a known issue with the MSI package. To verify whether you have one of the affected versions, open a command line and run the following command: `aws --version`

If the output Python version begins with a 3, you have an affected version. For example: 

```
aws-cli/1.16.62 Python/3.6.2 Darwin/16.7.0 botocore/1.12.52
```

**Possible fixes:** You can work around this issue by doing one of the following:
+ Install and configure the AWS CLI on Windows using Python and pip instead of the MSI. For more information, see [Install Python, pip, and the AWS CLI on Windows](https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html#awscli-install-windows-pip).
+ Manually edit your `.gitconfig` file to change the `[credential]` section to explicitly point to `aws.cmd` on your local computer. For example:

  ```
  [credential]    
      helper = !"\C:\\Program Files\\Amazon\\AWSCLI\\bin\\aws.cmd\" codecommit credential-helper $@ 
      UseHttpPath = true
  ```
+ Run the **git config** command to update your `.gitconfig` file to explicitly reference `aws.cmd`, and manually update your PATH environment variable to include the path to the command as needed. For example: 

  ```
  git config --global credential.helper "!aws.cmd codecommit credential-helper $@"
  git config --global credential.UseHttpPath true
  ```

## I am prompted for a user name when I connect to a CodeCommit repository


**Problem:** When you try to use the credential helper to communicate with a CodeCommit repository, a message appears prompting you for your user name.

**Possible fixes:** Configure your AWS profile or make sure the profile you are using is the one you configured for working with CodeCommit. For more information about setting up, see [Setup steps for HTTPS connections to AWS CodeCommit repositories on Linux, macOS, or Unix with the AWS CLI credential helper](setting-up-https-unixes.md) or [Setup steps for HTTPS connections to AWS CodeCommit repositories on Windows with the AWS CLI credential helper](setting-up-https-windows.md). For more information about IAM, access keys, and secret keys, see [Managing Access Keys for IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) and [How Do I Get Credentials?](https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html#IAM_SecurityCredentials)

## Git for macOS: I configured the credential helper successfully, but now I am denied access to my repository (403)


**Problem:** On macOS, the credential helper does not seem to access or use your credentials as expected. This can be caused by two different problems:
+ The AWS CLI is configured for an AWS Region different from the one where the repository exists.
+ The Keychain Access utility has saved credentials that have since expired.

**Possible fixes:** To verify whether the AWS CLI is configured for the correct region, run the **aws configure** command, and review the displayed information. If the CodeCommit repository is in an AWS Region different from the one shown for the AWS CLI, you must run the **aws configure** command and change the values to ones appropriate for that Region. For more information, see [Step 1: Initial configuration for CodeCommit](setting-up-https-unixes.md#setting-up-https-unixes-account).

 The default version of Git released on OS X and macOS uses the Keychain Access utility to save generated credentials. For security reasons, the password generated for access to your CodeCommit repository is temporary, so the credentials stored in the keychain stop working after about 15 minutes. If you are only accessing Git with CodeCommit, try the following:

1. In Terminal, run the **git config** command to find the Git configuration file (`gitconfig`) where the Keychain Access utility is defined. Depending on your local system and preferences, you might have more than one `gitconfig` file. 

   ```
   git config -l --show-origin | grep credential
   ```

   In the output from this command, search for results similar to:

   ```
   file:/path/to/gitconfig  credential.helper=osxkeychain
   ```

   The file listed at the beginning of this line is the Git configuration file you must edit.

1. To edit the Git configuration file, use a plain-text editor or run the following command:

   ```
   nano /usr/local/git/etc/gitconfig
   ```

1. Modify the configuration using one of the following strategies:
   + Comment out or delete the credential section that contains `helper = osxkeychain`. For example:

     ```
     # helper = osxkeychain
     ```
   + Update both the `aws credential helper` and `osxkeychain` credential helper sections to have context. For example, if `osxkeychain` is used to authenticate to GitHub:

     ```
     [credential "https://git-codecommit.us-east-1.amazonaws\.com"]
       helper = !aws --profile CodeCommitProfile codecommit credential-helper $@
       UseHttpPath = true
     [credential "https://github.com"]
       helper = osxkeychain
     ```

     In this configuration, Git will use the `osxkeychain` helper when the remote host matches "`https://github.com`" and the credential helper when the remote host matches "`https://git-codecommit\.us-east-1\.amazonaws.com`".
   + Include an empty string helper before the credential helper. For example, to not use the `osxkeychain` helper when using the profile named *CodeCommitProfile* with the CLI:

     ```
     [credential]
       helper =
       helper = !aws --profile CodeCommitProfile codecommit credential-helper $@
       UseHttpPath = true
     ```
**Tip**  
You could also configure the line following the empty string helper line to not match CodeCommit if you want it to exclude all profiles:  

     ```
     helper = !aws codecommit credential-helper $@
     ```

   Alternatively, if you want to continue to use the Keychain Access utility to cache credentials for other Git repositories, modify the header instead of commenting out the line. For example, to allow cached credentials for GitHub, you could modify the header as follows:

   ```
   [credential "https://github.com"]
      helper = osxkeychain
   ```

If you are accessing other repositories with Git, you can configure the Keychain Access utility so that it does not supply credentials for your CodeCommit repositories. To configure the Keychain Access utility:

1. Open the Keychain Access utility. (You can use Finder to locate it.)

1. Search for `git-codecommit.us-east-2.amazonaws.com` and replace *us-east-2* with the AWS Region where the repository exists. Highlight the row, open the context (right-click) menu, and then choose **Get Info**.

1. Choose the **Access Control** tab.

1. In **Confirm before allowing access**, choose `git-credential-osxkeychain`, and then choose the minus sign to remove it from the list.
**Note**  
After removing `git-credential-osxkeychain` from the list, you see a dialog box whenever you run a Git command. Choose **Deny** to continue. If you find the pop-ups too disruptive, here are some alternatives:  
Connect to CodeCommit using SSH or Git credentials instead of the credential helper with HTTPS. For more information, see [For SSH connections on Linux, macOS, or Unix](setting-up-ssh-unixes.md) and [Setup for HTTPS users using Git credentials](setting-up-gc.md). 
In the Keychain Access utility, on the **Access Control** tab for `git-codecommit.us-east-2.amazonaws.com`, choose the **Allow all applications to access this item (access to this item is not restricted)** option. This prevents the pop-ups, but the credentials eventually expire (on average, this takes about 15 minutes) and you then see a 403 error message. When this happens, you must delete the keychain item to restore functionality.
Install a version of Git that does not use the keychain by default.
Consider a scripting solution for deleting the keychain item. To view a community-generated sample of a scripted solution, see [Mac OS X Script to Periodically Delete Cached Credentials in the OS X Certificate Store](integrations.md#integrations-community-code) in [Product and service integrations](integrations.md).

If you want to stop Git from using the Keychain Access utility entirely, you can configure Git to stop using osxkeychain as the credential helper. For example, if you open a terminal and run the command `git config --system credential.helper`, and it returns `osxkeychain`, Git is set to use the Keychain Access utility. You can change this by running the following command:

```
git config --system --unset credential.helper
```

Be aware that by running this command with the `--system` option changes the Git behavior system-wide for all users, and this might have unintended consequences for other users, or for other repositories if you're using other repository services in addition to CodeCommit. Also be aware that this approach might require the use of `sudo`, and that your account might not have sufficient system permissions to apply this change. Make sure to verify that the command applied successfully by running the `git config --system credential.helper` command again. For more information, see [Customizing Git - Git Configuration](https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration) and [this article on Stack Overflow](https://stackoverflow.com/questions/16052602/disable-git-credential-osxkeychain).

## Git for Windows: I installed Git for Windows, but I am denied access to my repository (403)


**Problem:** On Windows, the credential helper does not seem to access or use your credentials as expected. This can be caused by different problems:
+ The AWS CLI is configured for an AWS Region different from the one where the repository exists.
+ By default, Git for Windows installs a Git Credential Manager utility that is not compatible with CodeCommit connections that use the AWS credential helper. When installed, it causes connections to the repository to fail even though the credential helper has been installed with the AWS CLI and configured for connections to CodeCommit.
+ Some versions of Git for Windows might not be in full compliance with [RFC 2617](https://tools.ietf.org/html/rfc2617#page-5) and [RFC 4559](https://tools.ietf.org/html/rfc4559#page-2), which could potentially cause issues with both Git credentials and the credential helper included with the AWS CLI. For more information, see [Version 2.11.0(3) does not ask for username/password](https://github.com/git-for-windows/git/issues/1034).

**Possible fixes:** 
+ If you are attempting to use the credential helper included with the AWS CLI, consider connecting with Git credentials over HTTPS instead of using the credential helper. Git credentials configured for your IAM user are compatible with the Git Credential Manager for Windows, unlike the credential helper for AWS CodeCommit. For more information, see [For HTTPS users using Git credentials](setting-up-gc.md). 

  If you want to use the credential helper, to verify whether the AWS CLI is configured for the correct AWS Region, run the **aws configure** command, and review the displayed information. If the CodeCommit repository is in an AWS Region different from the one shown for the AWS CLI, you must run the **aws configure** command and change the values to ones appropriate for that Region. For more information, see [Step 1: Initial configuration for CodeCommit](setting-up-https-windows.md#setting-up-https-windows-account).
+ If possible, uninstall and reinstall Git for Windows. When you install Git for Windows, clear the check box for the option to install the Git Credential Manager utility. This credential manager is not compatible with the credential helper for AWS CodeCommit. If you installed the Git Credential Manager or another credential management utility and you do not want to uninstall it, you can modify your `.gitconfig` file and add credential management for CodeCommit:

  1. Open **Control Panel**, choose **Credential Manager**, and remove any stored credentials for CodeCommit.

  1. Open your `.gitconfig` file in any plain-text editor, such as Notepad.
**Note**  
If you work with multiple Git profiles, you might have both local and global `.gitconfig` files. Be sure to edit the appropriate file.

  1. Add the following section to your `.gitconfig` file:

     ```
     [credential "https://git-codecommit.*.amazonaws.com"]
         helper = !aws codecommit credential-helper $@ 
         UseHttpPath = true
     ```

  1. Save the file, and then open a new command line session before you attempt to connect again.

  You can also use this approach if you want to use the credential helper for AWS CodeCommit when you connect to CodeCommit repositories and another credential management system when you connect to other hosted repositories, such as GitHub repositories. 

  To reset which credential helper is used as the default, you can use the **--system** option instead of **--global** or **--local** when you run the **git config** command.
+ If you are using Git credentials on a Windows computer, you can try to work around any RFC noncompliance issues by including your Git credential user name as part of the connection string. For example, to work around the issue and clone a repository named *MyDemoRepo* in the US East (Ohio) Region:

  ```
  git clone https://Your-Git-Credential-Username@git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
  ```
**Note**  
This approach does not work if you have an `@` character in your Git credentials user name. You must URL-encode (also known as URL escaping or [percent-encoding](https://en.wikipedia.org/wiki/Percent-encoding)) the character.

# Troubleshooting Git clients and AWS CodeCommit
Troubleshooting Git clients

The following information might help you troubleshoot common issues when using Git with AWS CodeCommit repositories. For troubleshooting problems related to Git clients when using HTTPS or SSH, also see [Troubleshooting Git credentials (HTTPS)](troubleshooting-gc.md), [Troubleshooting SSH connections](troubleshooting-ssh.md), and [Troubleshooting the credential helper (HTTPS)](troubleshooting-ch.md).

**Topics**
+ [

## Git error: Error: RPC failed; result=56, HTTP code = 200 fatal: The remote end hung up unexpectedly
](#troubleshooting-ge1)
+ [

## Git error: Too many reference update commands
](#troubleshooting-ge2)
+ [

## Git error: Push via HTTPS is broken in some versions of Git
](#troubleshooting-ge3)
+ [

## Git error: 'gnutls\$1handshake() failed'
](#troubleshooting-ge4)
+ [

## Git error: Git cannot find the CodeCommit repository or does not have permission to access the repository
](#troubleshooting-ge5)
+ [

## Git on Windows: No supported authentication methods available (publickey)
](#troubleshooting-gw1)

## Git error: Error: RPC failed; result=56, HTTP code = 200 fatal: The remote end hung up unexpectedly


**Problem:** When pushing a large change, a large number of changes, or a large repository, long-running HTTPS connections are often terminated prematurely due to networking issues or firewall settings. 

**Possible fixes:** Push with SSH instead, or when you are migrating a large repository, follow the steps in [Migrate a repository in increments](how-to-push-large-repositories.md). Also, make sure you are not exceeding the size limits for individual files. For more information, see [Quotas](limits.md).

## Git error: Too many reference update commands


**Problem:** The maximum number of reference updates per push is 4,000. This error appears when the push contains more than 4,000 reference updates. 

**Possible fixes:** Try pushing branches and tags individually with `git push --all` and `git push --tags`. If you have too many tags, split the tags into multiple pushes. For more information, see [Quotas](limits.md).

## Git error: Push via HTTPS is broken in some versions of Git


**Problem:** An issue with the curl update to 7.41.0 causes SSPI-based digest authentication to fail. Known affected versions of Git include 1.9.5.msysgit.1. Some versions of Git for Windows might not be in full compliance with [RFC 2617](https://tools.ietf.org/html/rfc2617#page-5) and [RFC 4559](https://tools.ietf.org/html/rfc4559#page-2), which could potentially cause issues with HTTPS connections using either Git credentials or the credential helper included with the AWS CLI. 

**Possible fixes:** Check your version of Git for known issues or use an earlier or later version. For more information about mysysgit, see [ Push to HTTPS Is Broken](https://github.com/msysgit/git/issues/332) in the GitHub forums. For more information about Git for Windows version issues, see [Version 2.11.0(3) does not ask for username/password](https://github.com/git-for-windows/git/issues/1034).

## Git error: 'gnutls\$1handshake() failed'


**Problem:** In Linux, when you try to use Git to communicate with a CodeCommit repository, an error message appears containing the phrase `error: gnutls_handshake() failed`.

**Possible fixes:** Compile Git against OpenSSL. For one approach, see ["Error: gnutls\$1handshake() failed" When Connecting to HTTPS Servers](http://askubuntu.com/questions/186847/error-gnutls-handshake-falied-when-connecting-to-https-servers) in the Ask Ubuntu forums.

Alternatively, use SSH instead of HTTPS to communicate with CodeCommit repositories. 

## Git error: Git cannot find the CodeCommit repository or does not have permission to access the repository


**Problem:** A trailing slash in the connection string can cause connection attempts to fail. 

**Possible fixes:** Make sure that you have provided the correct name and connection string for the repository, and that there are no trailing slashes. For more information, see [Connect to a repository](how-to-connect.md).

## Git on Windows: No supported authentication methods available (publickey)


**Problem:** After you configure SSH access for Windows, you see an access denied error when you attempt to use commands such as **git pull**, **git push**, or **git clone**.

**Possible fixes:** The most common cause for this error is that a GIT\$1SSH environment variable exists on your computer and is configured to support another connection utility, such as PuTTY. To fix this problem, try one of the following:
+ Open a Bash emulator and add the `GIT_SSH_COMMAND="ssh"` parameter before the Git command. For example, if you are attempting to clone a repository, instead of running **git clone ssh://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo**, run: 

  ```
  GIT_SSH_COMMAND="ssh" git clone ssh://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
  ```
+ Rename or delete the `GIT_SSH` environment variable if you are no longer using it. Then open a new command prompt or Bash emulator session, and try your command again.

For more information about troubleshooting Git issues on Windows when using SSH, see [Troubleshooting SSH connections](troubleshooting-ssh.md).

# Troubleshooting access errors and AWS CodeCommit
Troubleshooting access errors

The following information might help you troubleshoot access errors when connecting with AWS CodeCommit repositories.

**Topics**
+ [

## Access error: I am prompted for a user name and password when I connect to a CodeCommit repository from Windows
](#troubleshooting-ae1w)
+ [

## Access error: Public key denied when connecting to a CodeCommit repository
](#troubleshooting-ae2)
+ [

## Access error: “Rate Exceeded” or “429” message when connecting to a CodeCommit repository
](#troubleshooting-ae3)

## Access error: I am prompted for a user name and password when I connect to a CodeCommit repository from Windows


**Problem:** When you try to use Git to communicate with a CodeCommit repository, you see a dialog box that prompts you for your user name and password.

**Possible fixes:** This might be the built-in credential management system for Windows. Depending on your configuration, do one of the following:
+ If you are using HTTPS with Git credentials, your Git credentials are not yet stored in the system. Provide the Git credentials and continue. You should not be prompted again. For more information, see [For HTTPS users using Git credentials](setting-up-gc.md).
+ If you are using HTTPS with the credential helper for AWS CodeCommit, it is not compatible with the Windows credential management system. Choose **Cancel**. 

  This might also be an indication that you installed the Git Credential Manager when you installed Git for Windows. The Git Credential Manager is not compatible with the credential helper for CodeCommit included in the AWS CLI. Consider uninstalling the Git Credential Manager. You can also install and configure **git-remote-codecommit** as an alternative to using the credential helper for CodeCommit. 

  For more information, see [Setup steps for HTTPS connections to AWS CodeCommit with git-remote-codecommit](setting-up-git-remote-codecommit.md), [For HTTPS connections on Windows with the AWS CLI credential helper](setting-up-https-windows.md), and [Git for Windows: I installed Git for Windows, but I am denied access to my repository (403)](troubleshooting-ch.md#troubleshooting-windowshttps).

## Access error: Public key denied when connecting to a CodeCommit repository


**Problem:** When you try to use an SSH endpoint to communicate with a CodeCommit repository, an error message appears containing the phrase `Error: public key denied`.

**Possible fixes:** The most common reason for this error is that you have not completed setup for SSH connections. Configure a public and private SSH key pair, and then associate the public key with your IAM user. For more information about configuring SSH, see [For SSH connections on Linux, macOS, or Unix](setting-up-ssh-unixes.md) and [For SSH connections on Windows](setting-up-ssh-windows.md). 

## Access error: “Rate Exceeded” or “429” message when connecting to a CodeCommit repository


**Problem:** When you try to communicate with a CodeCommit repository, a message appears that says “Rate Exceeded” or with an error code of “429”. Communication either slows significantly or fails. 

**Cause:** All calls to CodeCommit, whether from an application, the AWS CLI, a Git client, or the AWS Management Console, are subject to a maximum number of requests per second and overall active requests. You cannot exceed the maximum allowed request rate for an Amazon Web Services account in any AWS Region. If requests exceed the maximum rate, you receive an error and further calls are temporarily throttled for your Amazon Web Services account. During the throttling period, your connections to CodeCommit are slowed and might fail.

**Possible fixes:** Take steps to reduce the number of connections or calls to CodeCommit or to spread out requests. Some approaches to consider:
+ **Implement jitter in requests, particularly in periodic polling requests**

  If you have an application that is polling CodeCommit periodically and this application is running on multiple Amazon EC2 instances, introduce jitter (a random amount of delay) so that different Amazon EC2 instances do not poll at the same second. We recommend a random number from 0 to 59 seconds to evenly distribute polling mechanisms across a one-minute timeframe.
+ **Use an event-based architecture rather than polling**

  Rather than polling, use an event-based architecture so that calls are only made when an event occurs. Consider using CloudWatch Events notifications for [AWS CodeCommit events](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html#codecommit_event_type) to trigger your workflow.
+ **Implement error retries and exponential backoffs for APIs and automated Git actions**

  Error retries and exponential backoffs can help limit the rate of calls. Each AWS SDK implements automatic retry logic and exponential backoff algorithms. For automated Git push and Git pull, you might need to implement your own retry logic. For more information, see [Error Retries and Exponential Backoff in AWS](https://docs.aws.amazon.com/general/latest/gr/api-retries.html).
+ **Request a CodeCommit service quota increase in the AWS Support Center**

  To receive a service limit increase, you must confirm that you have already followed the suggestions offered here, including implementation of error retries or exponential backoff methods. In your request, you must also provide the AWS Region, Amazon Web Services account, and timeframe affected by the throttling issues. 



# Troubleshooting configuration errors and AWS CodeCommit
Troubleshooting configuration errors

The following information might help you troubleshoot configuration errors you might see when connecting with AWS CodeCommit repositories.

**Topics**
+ [

## Configuration error: Cannot configure AWS CLI credentials on macOS
](#troubleshooting-cf1)

## Configuration error: Cannot configure AWS CLI credentials on macOS


**Problem:** When you run `aws configure` to configure the AWS CLI, you see a `ConfigParseError` message.

**Possible fixes:** The most common cause for this error is that a credentials file already exists. Browse to \$1/.aws and look for a file named `credentials`. Rename or delete that file, and then run **aws configure** again.

# Troubleshooting console errors and AWS CodeCommit
Troubleshooting console errors

The following information might help you troubleshoot console errors when using AWS CodeCommit repositories.

**Topics**
+ [

## Access error: Encryption key access denied for a CodeCommit repository from the console or AWS CLI
](#troubleshooting-ae3)
+ [

## Encryption error: Repository can't be decrypted
](#troubleshooting-ck1)
+ [

## Console error: Cannot browse the code in a CodeCommit repository from the console
](#troubleshooting-cs1)
+ [

## Display error: Cannot view a file or a comparison between files
](#troubleshooting-dd1)

## Access error: Encryption key access denied for a CodeCommit repository from the console or AWS CLI


**Problem:** When you try to access CodeCommit from the console or the AWS CLI, an error message appears containing the phrase `EncryptionKeyAccessDeniedException` or `User is not authorized for the KMS default key for CodeCommit 'aws/codecommit' in your account`.

**Possible fixes:** The most common cause for this error is that your Amazon Web Services account is not subscribed to AWS Key Management Service, which is required for CodeCommit. Open the AWS KMS console, choose **AWS managed keys**, and then choose **Get Started Now**. If you see a message that you are not currently subscribed to the AWS Key Management Service service, follow the instructions on that page to subscribe. For more information about CodeCommit and AWS Key Management Service, see [AWS KMS and encryption](encryption.md). 

## Encryption error: Repository can't be decrypted


**Problem:** When you try to access a CodeCommit repository from the console or the AWS CLI, an error message appears containing the phrase `Repository can't be decrypted`.

**Possible fixes:** The most common cause for this error is that the AWS KMS key used to encrypt and decrypt data for this repository is not active or pending deletion. An active AWS managed key or customer managed key in AWS Key Management Serviceis required for CodeCommit. Open the AWS KMS console, choose **AWS managed keys** or **Customer managed keys**, and make sure that the key used for the repository is present in the AWS Region where the repository exists and that its state is **Active**. For more information about CodeCommit and AWS Key Management Service, see [AWS KMS and encryption](encryption.md). 

**Important**  
If the key that was used to encrypt and decrypt the data for the repository has been permanently deleted or is otherwise inaccessible, data in the repositories encrypted with that key cannot be accessed.

## Console error: Cannot browse the code in a CodeCommit repository from the console


**Problem:** When you try to browse the contents of a repository from the console, an error message appears denying access.

**Possible fixes:** The most common cause for this error is that an IAM policy applied to your Amazon Web Services account denies one or more of the permissions required for browsing code from the CodeCommit console. For more information about CodeCommit access permissions and browsing, see [Authentication and access control for AWS CodeCommit](auth-and-access-control.md). 

## Display error: Cannot view a file or a comparison between files


**Problem:** When you try to view a file or a comparison between two versions of a file in the CodeCommit console, an error appears stating that the file or difference is too large to display.

**Possible fixes:** The most common cause for this error is that either the file is too large to display, contains one or more lines that exceeds the character limit for a single line in a file, or that the difference between the two versions of the file exceeds the line limit. For more information, see [Quotas](limits.md). To view the file or the differences between the version of the file, you can open the file locally in your preferred IDE, use a Git diff tool, or run the **git diff** command. 

# Troubleshooting triggers and AWS CodeCommit
Troubleshooting triggers

The following information might help you troubleshoot issues with triggers in AWS CodeCommit.

**Topics**
+ [

## Trigger error: A repository trigger does not run when expected
](#troubleshooting-ti1)

## Trigger error: A repository trigger does not run when expected


**Problem:** One or more triggers configured for a repository does not appear to run or does not run as expected.

**Possible fixes:** If the target of the trigger is an AWS Lambda function, make sure you have configured the function's resource policy for access by CodeCommit.

Alternatively, edit the trigger and make sure the events for which you want to trigger actions have been selected and that the branches for the trigger include the branch where you want to see responses to actions. Try changing the settings for the trigger to **All repository events** and **All branches** and then testing the trigger. For more information, see [Edit triggers for a repository](how-to-notify-edit.md).

## Turn on debugging


**Problem:** I want to turn on debugging to get more information about my repository and how Git is executing commands. 

**Possible fixes:** Try the following:

1. At the terminal or command prompt, run the following commands on your local machine before running Git commands:

   On Linux, macOS, or Unix:

   ```
   export GIT_TRACE_PACKET=1
   export GIT_TRACE=1
   export GIT_CURL_VERBOSE=1
   ```

   On Windows:

   ```
   set GIT_TRACE_PACKET=1
   set GIT_TRACE=1
   set GIT_CURL_VERBOSE=1
   ```
**Note**  
Setting `GIT_CURL_VERBOSE` is useful for HTTPS connections only. SSH does not use the `libcurl` library.

1. To get more information about your Git repository, we recommend installing the latest version of [git-sizer](https://github.com/github/git-sizer?tab=readme-ov-file#getting-started). Follow the instructions for intalling the utility appropriate to your operating system and environment. Once installed, at the command line or terminal, change directories to your local repository and then run the following command:

   ```
   git-sizer --verbose
   ```
**Tip**  
Consider saving the output of the command to a file so that you can easily share it with others when troubleshooting problems, particularly over time.