Up until March 2020, the only way to connect to AWS CodeCommit repositories was to create an IAM user, generate Git credentials for this user in the IAM console & provide them to Git on your machine. But what if you’re in an environment where no IAM users are involved, such as federated access or single sign-on in AWS Control Tower. This article describes how to use the newly introduced git-remote-codecommit to clone CodeCommit repositories in an AWS Control Tower single sign-on environment.

Prerequisites

You’ll need the following installed on your system to follow this guide:

• Python 3+
• PIP, the Python package manager
• Git

Step 1 — Install git-remote-codecommit

At your terminal, run:

pip install git-remote-codecommit

The installation is complete when you see this:

Successfully built git-remote-codecommit

Step 2 — Configure AWS Profile

Run the following at your terminal to create a user profile:

aws configure

Provide these values when prompted:

AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]: 
Default output format [None]: 

You’ll find them in the Control Tower single sign-on page as shown below:

Step 3 — Clone Repo

Finally, to clone your CodeCommit repository, run this at your terminal:

git clone codecommit://repo-name local-dir

That uses the default profile. If you named your profile in step 2, run:

git clone codecommit://profile-name@repo-name local-dir

To clone a repo from another region, run:

git clone codecommit::ap-south-1://repo-name local-dir