AWS CodeCommit is a version control service hosted by AWS that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud.
Setting up your local machine to use CodeCommit is not straightforward. You need to set up your cli profile and manage keys. You have to create users and keys in IAM. It can become annoying when you have to keep putting in your username and password every time you push a change. More importantly, you need to make sure that the solution is secure. Otherwise you might end up seeing your Organization getting famously breached like this.
So we looked for a solution to make life easier for CodeCommit users and secure at the same time. Luckily, AWS already has a managed service that is perfect for this requirement – AWS SSO.
In this post, I’ll show you how to set it up and how to use it from the command line to issue Git commands.
Setting it up
To set up SSO to use for CodeCommit, follow these simple steps.
- Login to your master account and open SSO
- Select AWS Accounts and select the Permission sets tab. Click the Create permission set button
- Fill up the form as shown in the following images. You can change the name and session duration. Ignore relay state for now.
For the permissions, copy and paste the content of this policy document - Create Tags, Review and Save
- Go to Groups and click the Create group button
- Name the group and add users. Refer to the following images for filling up the form
- Go to AWS Accounts. Select the accounts you want to add the permission set to by ticking the box
- Click the Assign users button
- Finally, install git-remote-codecommit on your local machine
Git commands in action
Login to AWS SSO Console and select the account. Select “Command line programmatic access“
Copy the credentials and paste them into your terminal
- You can now start using git commands.
Follow the format below to avoid getting prompted with username and password when cloning, pushing, or pulling to/from a repository.
Clone a repository:
git clone codecommit://MyRepositoryName
Pull from a repository:
git pull codecommit://MyRepositoryName
Push to a repository:
git push codecommit://MyRepositoryName
Conclusion
Over the many years of working as an IT professional, I have witnessed some cases where Simplicity and ease of use was prioritized over Security. Nowadays, this is just unacceptable. With the ever growing threats and bad actors waiting to pounce with the slightest of errors, it is vital for a thriving business to put Security first. With AWS, you don’t need to choose one over the other. You can have an easy to use and secure service at the same time.