Use git-remote-codecommit to Clone AWS CodeCommit Repositories without Creating IAM Users
Up until March 2020, the only way to connect to AWS CodeCommit repositories was to create an IAM user, generate Git credentials for this user in the IAM console & provide them to Git on your machine. But what if you’re in an environment where no IAM users are involved, such as federated access or single sign-on in AWS Control Tower. This article describes how to use the newly introduced git-remote-codecommit to clone CodeCommit repositories in an AWS Control Tower single sign-on environment.
Prerequisites
You’ll need the following installed on your system to follow this guide:
- Python 3+
- PIP, the Python package manager
- Git
Step 1 — Install git-remote-codecommit
At your terminal, run:
pip install git-remote-codecommit
The installation is complete when you see this:
Successfully built git-remote-codecommit
Step 2 — Configure AWS Profile
Run the following at your terminal to create a user profile:
aws configure
Provide these values when prompted:
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
You’ll find them in the Control Tower single sign-on page as shown below:
Step 3 — Clone Repo
Finally, to clone your CodeCommit repository, run this at your terminal:
git clone codecommit://repo-name local-dir
That uses the default profile. If you named your profile in step 2, run:
git clone codecommit://profile-name@repo-name local-dir
To clone a repo from another region, run:
git clone codecommit::ap-south-1://repo-name local-dir
Harish KM is a Cloud Evangelist & a Full Stack Engineer at QloudX.
He is very passionate about cloud-native solutions & using the best tools for his projects. With 10+ Cloud & IT certifications, he is an expert in a multitude of application languages & is up to date with all new offerings & services from cloud providers, especially AWS.