This CodeCommit multiple accounts access setup tutorial shows how you can connect and commit to multiple CodeCommit repositories in different AWS accounts from the same machine easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).
Table of contents
Prerequisites
- One or more CodeCommit repositories.
- awscli tool installed.
- git tool installed.
- You’re using Linux or OS X.
Configure AWS Credentials
First of all, we need to set up a profile for awscli
utility for each AWS account for each organization
vim ~/.aws/credentials
Here’s the example structure to create profiles my_organization_account_1
and my_organization_account_2
for your accounts:
[my_organization_account_1]
region = us-east-2
aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_1
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_1
[my_organization_account_2]
region = us-east-1
aws_access_key_id = YOUR_AWS_ACCESS_KEY_FOR_ACCOUNT_2
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY_FOR_ACCOUNT_2
Here’s an alternative and more secure way to manage access to multiple AWS accounts: How to use aws-vault to securely access multiple AWS accounts.
For more information about AWS IAM service, check the A quick intro to AWS Identity and Access Management (IAM) article.
CodeCommit multiple accounts access setup – credentials helper
Once profiles are set up, we can connect and clone CodeCommit repositories. Let’s assume the repository repo_1
belongs to your first account described profile my_organization_account_1
.
Create an empty directory for this repository:
cd folder/with/projects
mkdir repo_1
Now, we can use aws codecommit credential-helper
to with --profile
argument to let git
connect to the CodeCommit repository in your first account. And we’re using git config --local
to specify configuration only for repo_1
git repository in the first account.
cd repo_1
git init
git config --local credential.helper \
'!aws codecommit credential-helper \
--profile my_organization_account_1 $@'
git config --local credential.UseHttpPath true
And lastly, all we need to do is to add a remote CodeCommit repository location (copy your URL from the CodeCommit Web console) and clone our project
git remote add origin \
https://git-codecommit.us-east-2.amazonaws.com/v1/repos/my_repository
git pull origin master
Connect to the CodeCommit repository using HTTPS (GRC)
HTTPS (GRC) is the protocol to use with git-remote-codecommit (GRC). This utility provides a simple method for pushing and pulling code from CodeCommit repositories by extending Git.
This is the AWS recommended method for supporting connections made with federated access, identity providers, and temporary credentials.
First, you need to install git-remote-codecommit
:
pip install git-remote-codecommit
Now you can clone the repository using the following command:
git clone codecommit::us-east-2://demo-repository
If you need to use the same AWS CodeCommit repository in different accounts, you can add additional Git remotes attached to AWS profiles:
git remote add \
my_organization_account_1 \
codecommit::us-east-2://my_organization_account_1@demo-repositorySummary
Summary
In this article, we’ve demonstrated how to connect and commit to multiple CodeCommit repositories in different AWS accounts easily and comfortably using AWS profiles, credentials helper, and HTTPS (GRC).