Setting up the git CLI to authenticate with AWS CodeCommit
This post captures my notes for setting up the git CLI to use my AWS identity to clone CodeCommit repositories.
You can set up how git provides authorization credentials in the git config. For example, if you want to define a handle for authenticating with a specific URL, you can add something like the following to your git config:
[credential "https://some.hosting.service"]
username = janedoeGit also lets you use “helpers.” Helpers are external credential providers. To use the AWS CLI as a credential helper, you would define the helper as a shell snippet where the AWS CLI is called such that it returns credentials to authenticate with CodeCommit. The AWS CLI command to retrieve credentials looks like this:
1printf "protocol=https\n host=git-codecommit.us-east-1.amazonaws.com\n path=/v1/repos/some-repo-id" \
| aws codecommit credential-helper get- 1
- line delimited repo protocol/host/path info.
The command above ⬆️ returns a username/password.
To configure git to use the AWS codecommit credential helper. You modify the git config to direct git to run a shell snippet to retrieve authorization credentials:
- 1
- You can optionally provide a full URL to a specific repo here (see above).
- 2
-
You need to set this to true because the
aws codecommit credential helpercommand expects the host and path repo info.
You can also use git to modify the config:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath trueAnd now you can interact with CodeCommit repos with git!
This is a helpful command to find the clone URL for a CodeCommit repo:
aws codecommit get-repository --repository-name some-repo-name \
| jq -r '.repositoryMetadata.cloneUrlHttp' \
| pbcopy