Use git-remote-codecommit to Clone AWS CodeCommit Repositories without Creating IAM Users

Up until March 2020, the only way to connect to AWS CodeCommit repositories was to create an IAM user, generate Git credentials for this user in the IAM console & provide them to Git on your machine. But what if you’re in an environment where no IAM users are involved, such as federated access or single sign-on in AWS Control Tower. This article describes how to use the newly introduced git-remote-codecommit to clone CodeCommit repositories in an AWS Control Tower single sign-on environment.

 

Prerequisites

 

You’ll need the following installed on your system to follow this guide:

 

  • Python 3+
  • PIP, the Python package manager
  • Git
 

Step 1 — Install git-remote-codecommit

 

At your terminal, run:

pip install git-remote-codecommit

The installation is complete when you see this:

Successfully built git-remote-codecommit

 

Step 2 — Configure AWS Profile

 

Run the following at your terminal to create a user profile:

 

aws configure

Provide these values when prompted:

 

AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: 
Default output format [None]: 

You’ll find them in the Control Tower single sign-on page as shown below:

 

 

Step 3 — Clone Repo

 

Finally, to clone your CodeCommit repository, run this at your terminal:

git clone codecommit://repo-name local-dir

That uses the default profile. If you named your profile in step 2, run:

git clone codecommit://profile-name@repo-name local-dir

To clone a repo from another region, run:

git clone codecommit::ap-south-1://repo-name local-dir

Harish KM is a Cloud Evangelist & a Full Stack Engineer at QloudX. He is very passionate about cloud-native solutions & using the best tools for his projects. With 10+ Cloud & IT certifications, he is an expert in a multitude of application languages & is up to date with all new offerings & services from cloud providers, especially AWS.

Leave a Reply

Your email address will not be published. Required fields are marked *