CodeCommit Multiple Accounts Access Setup

This CodeCommit multiple accounts access setup tutorial shows how you can connect and commit to multiple CodeCommit repositories in different AWS accounts from the same machine easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).

Prerequisites

• One or more CodeCommit repositories.
• awscli tool installed.
• git tool installed.
• You’re using Linux or OS X.

Configure AWS Credentials

First of all, we need to set up a profile for awscli utility for each AWS account for each organization

vim ~/.aws/credentials

Here’s the example structure to create profiles my_organization_account_1 and my_organization_account_2 for your accounts:

[my_organization_account_1]
region = us-east-2
aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_1
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_1
[my_organization_account_2]
region = us-east-1
aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_2
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_2

Here’s an alternative and more secure way to manage access to multiple AWS accounts: How to use aws-vault to securely access multiple AWS accounts.

For more information about AWS IAM service, check the A quick intro to AWS Identity and Access Management (IAM) article.

CodeCommit multiple accounts access setup – credentials helper

Once profiles are set up, we can connect and clone CodeCommit repositories. Let’s assume the repository repo_1 belongs to your first account described profile my_organization_account_1.

Create an empty directory for this repository:

cd folder/with/projects
mkdir repo_1

Now, we can use aws codecommit credential-helper to with --profile argument to let git connect to the CodeCommit repository in your first account. And we’re using git config --local to specify configuration only for repo_1 git repository in the first account.

cd repo_1
git init
git config --local credential.helper \
    '!aws codecommit credential-helper \
    --profile my_organization_account_1 $@'
git config --local credential.UseHttpPath true

And lastly, all we need to do is to add a remote CodeCommit repository location (copy your URL from the CodeCommit Web console) and clone our project

git remote add origin \
    https://git-codecommit.us-east-2.amazonaws.com/v1/repos/my_repository
git pull origin master

Connect to the CodeCommit repository using HTTPS (GRC)

HTTPS (GRC) is the protocol to use with git-remote-codecommit (GRC). This utility provides a simple method for pushing and pulling code from CodeCommit repositories by extending Git.

This is the AWS recommended method for supporting connections made with federated access, identity providers, and temporary credentials.

First, you need to install git-remote-codecommit:

pip install git-remote-codecommit

Now you can clone the repository using the following command:

git clone codecommit::us-east-2://demo-repository

If you need to use the same AWS CodeCommit repository in different accounts, you can add additional Git remotes attached to AWS profiles:

git remote add \
    my_organization_account_1 \
    codecommit::us-east-2://my_organization_account_1@demo-repositorySummary

Summary

In this article, we’ve demonstrated how to connect and commit to multiple CodeCommit repositories in different AWS accounts easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).