This CodeCommit multiple accounts access setup tutorial shows how you can connect and commit to multiple CodeCommit repositories in different AWS accounts from the same machine easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).
Table of contents
- One or more CodeCommit repositories.
- awscli tool installed.
- git tool installed.
- You’re using Linux or OS X.
Configure AWS Credentials
First of all, we need to set up a profile for
awscli utility for each AWS account for each organization
Here’s the example structure to create profiles
my_organization_account_2 for your accounts:
[my_organization_account_1] region = us-east-2 aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_1 aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_1 [my_organization_account_2] region = us-east-1 aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_2 aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_2
Here’s an alternative and more secure way to manage access to multiple AWS accounts: How to use aws-vault to securely access multiple AWS accounts.
For more information about AWS IAM service, check the A quick intro to AWS Identity and Access Management (IAM) article.
CodeCommit multiple accounts access setup – credentials helper
Once profiles are set up, we can connect and clone CodeCommit repositories. Let’s assume the repository
repo_1 belongs to your first account described profile
Create an empty directory for this repository:
cd folder/with/projects mkdir repo_1
Now, we can use
aws codecommit credential-helper to with
--profile argument to let
git connect to the CodeCommit repository in your first account. And we’re using
git config --local to specify configuration only for
repo_1 git repository in the first account.
cd repo_1 git init git config --local credential.helper \ '!aws codecommit credential-helper \ --profile my_organization_account_1 $@' git config --local credential.UseHttpPath true
And lastly, all we need to do is to add a remote CodeCommit repository location (copy your URL from the CodeCommit Web console) and clone our project
git remote add origin \ https://git-codecommit.us-east-2.amazonaws.com/v1/repos/my_repository git pull origin master
Connect to the CodeCommit repository using HTTPS (GRC)
HTTPS (GRC) is the protocol to use with git-remote-codecommit (GRC). This utility provides a simple method for pushing and pulling code from CodeCommit repositories by extending Git.
This is the AWS recommended method for supporting connections made with federated access, identity providers, and temporary credentials.
First, you need to install
pip install git-remote-codecommit
Now you can clone the repository using the following command:
git clone codecommit::us-east-2://demo-repository
If you need to use the same AWS CodeCommit repository in different accounts, you can add additional Git remotes attached to AWS profiles:
git remote add \ my_organization_account_1 \ codecommit::us-east-2://my_organization_account_1@demo-repositorySummary
In this article, we’ve demonstrated how to connect and commit to multiple CodeCommit repositories in different AWS accounts easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).