Reputation: 46
Connect to CodeCommit from EC2 using temporary credentials
I've set up an EC2 instance, given it an instance profile with an IAM role that permits it access to my codecommit repository, and now I'm trying to pull from it using git. Since I'm using temporary credentials from the iam role I don't have a credentials profile... but that should be ok.
I've tried:
git config --global credential.helper '!aws codecommit credential-helper $@'
But that doesn't work
If I put the following into a file, say 'repodesc'
protocol=https
path=/v1/repos/reponame
host=git-codecommit.us-east-1.amazonaws.com'
and then run
cat repodesc | aws codecommit credential-helper get
it sends me back a temporary username and password... so I know that's working...
So using that I tried:
git pull https://user:[email protected]/v1/repos/reponame
But that fails. Says the format's wrong.
I don't want to do this with ssh, because it defeats the whole point of temporary credentials. I want to do this the right way. But it's INFURIATING.
I've looked at the overly verbose amazon documentation a million times and can't seem to find my way to the page with the answer on.
Any help would be hugely appreciated. I'm literally pulling my hair out.
Upvotes: 0
Views: 602
Answers (1)
Reputation: 46
Found a solution
The issue was with git and ubuntu14.04. Seems the default package uses gnutls for authentication, rather than openssl, and it's not handling the proxy well. So I had to rebuild git with libcurl4-openssl-dev instead. The solution, along with detailed build instructions came from here:
Once that was built all I had to do was the following, as before:
git config --global credential.helper '!aws codecommit credential-helper $@'
git pull https://git-codecommit.us-east-1.amazonaws.com/v1/repos/reponame master
(Or use git clone if that's what you're into)
It was a bit ugly to rebuild so as far as I'm aware this isn't really a solution. I'll update this if I find something more elegant.
Upvotes: 1
Related Questions
- Remove credentials from Git
- running git clone against AWS CodeCommits gets me a 403 error
- Branch from a previous commit using Git
- Failed to connect SourceTree to AWS CodeCommit
- Cannot clone from aws code-commit repo. Repo is "not found"
- How to mirror a Gitlab repository to make pull from AWS code-commit?
- How does CodeCommit discriminate between identical repos in different accounts?
- Can I override git-credential-osxkeychain on OS X Yosemite?
- Integrating codecommit with jenkins running on EC2