Menu
We are transitioning from GitHub to AWS CodeCommit to have a tightly integrated environment.
One need is to access one repository through HTTPS. This repo is accessed ny Spring Cloud Config Server product that uses jgit to read the repo and clone the files for its use.
AWS CodeCommit apparently requires the use of the credential helper when connecting through HTTPS, but I don't the setup to be like that. I want a user and password setup that jgit can use without the need to generate a temp credential using the credential helper. Any way to accomplish this?
Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?
902
As of December 22 2016, AWS CodeCommit supports the use of a static user name and password as a simplified way to authenticate to your AWS CodeCommit repositories over HTTPS:
With Git credentials, you can generate a static user name and password in the Identity and Access Management (IAM) console that you can use to access AWS CodeCommit repositories from the command line, Git CLI, or any Git tool that supports HTTPS authentication.
Because these are static credentials, they can be cached using the password management tools included in your local operating system or stored in a credential management utility. This allows you to get started with AWS CodeCommit within minutes. You don’t need to download the AWS CLI or configure your Git client to connect to your AWS CodeCommit repository on HTTPS. You can also use the user name and password to connect to the AWS CodeCommit repository from third-party tools that support user name and password authentication, including popular Git GUI clients (such as TowerUI) and IDEs (such as Eclipse, IntelliJ, and Visual Studio).
[...]
Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?
No, as outlined in Setting Up for AWS CodeCommit, you have to either use HTTPS or SSH, and the former requires a cryptographically signed version of your IAM user credentials or Amazon EC2 instance role whenever Git needs to authenticate with AWS in order to interact with repositories in AWS CodeCommit.
However, as mentioned by Mark L. Smith in his answer to using native git not jgit in Eclipse git, while These credentials expire in ~15 minutes, nothing prevents you from implementing the signing process yourself, and Mark kindly provided a resp. Example showing how to clone an AWS CodeCommit repository over HTTPS using jgit right away, see jgit-codecommit for details.
71
To my knowledge (and I have been spending most of my time fooling around with CodeCommit for two weeks now), no, there's no way to use a username/password combination. One of the key features of CodeCommit is that it integrates with your already existing AWS ecosystem by utilizing IAM users and/or roles to grant access more or less automatically, once set up. What is keeping your from using the credential helper?
This may not be what you want, but have you tried creating an IAM user solely for allowing your server to access CodeCommit? You could then generate an access key and secret key for that user and store them as a profile in the server's credentials file (which is typically ~/.aws/credentials). Then you can set up the server's git config to use the credential helper with that profile, and it will automatically authenticate going forward. The key is to use IAM user credentials, so they are permanent, as opposed to IAM role credentials, which expire.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
