Amazon Partner

Tuesday, 12 July 2022

Using IAM ROLE/AWS CLI Credential for Codecommit Repository

What is CodeCommit: 

CodeCommit is a managed version control service that hosts private Git repositories in the AWS cloud. To use CodeCommit, you configure your Git client to communicate with CodeCommit repositories.

You can use a different types of credentials with IAM for authentication supported by CodeCommit.

* Git Credentials - Username/Password pair you can use for CodeCommit Repo over HTTPS

* SSH Keys - public/Private key pair to be used with CodeCommit Repo over SSH

* AWS Cli Access keys - Temporary Access keys with AWS Cli credential helper to CodeCommit Repo over HTTPS


Access Architecture




Install git-remote-codecommit and configure the AWS CLI 

 

1. Install git-remote-codecommit

Before you install git-remote-codecommit make sure you have the latest version of pip.

        pip --version

        Update pip to latest version :

        curl -O https://bootstrap.pypa.io/get-pip.py
        python3 get-pip.py --user


        Install git-remote-codecommit using pip

              pip install git-remote-codecommit

 

3. Install and configure AWS CLI

 

Install latest version or AWS CLI

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

3. Create AWS Profile for Credentials.

 Use AWS CLI to configure Profile Named or default. If you have only one account default profile is okay, but working in an Enterprise environment means you have more than one AWS Account, and Managing all can be challenging, so it's recommended to have a meaningful name for your profile. 

             

            aws configure set role_arn arn:aws:iam::111111111111:role/AWS-Role-Name --profile AWS-Account-A
            aws configure set source_profile default --profile AWS-Account-A
            aws configure set role_session_name "YourName" --profile AWS-Account-A

          If you want to verify the Changes, manually view or edit file  ~/.aws/config, if will look similar to following.

                [default]
                region = us-east-1
                output = json

                [profile AWS-Account-A]
                source_profile = default
                role_session_name = YourName
                role_arn = arn:aws:iam::111111111111:role/AWS-Role-Name


Connect to AWS CodeCommit using AWS Profile/STS Token

  

            Test AWS Profile is working okay and is connecting successfully.

$ aws sts get-caller-identity --profile AWS-Account-A

$ git clone codecommit://AWS-Account-A@AWSCodeCommitRepoName