Reputation: 106
How to config AWS CodeCommit config file for an specific repo
Im having the following issue. As part of my job, I handle multiple AWS Accounts, each of which have a separate AWS CodeCommit repos and account-specific IAM Users (which result on different User IDs)
I want to find a way that I can config my ssh to access different accounts depending on the repo
Currently it works correctly, as my config file looks like this:
Host git-codecommit.*.amazonaws.com
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
What I need, is to be able to add different repos that use different accounts so that I don't have to edit the config file everytime I switch from one project to another i.e.
#Use this User ID and ssh-key for repo A
Host git-codecommit.*.amazonaws.com
User IAMUSERIDFROMACCOUNT1
IdentityFile ~/.ssh/codecommit_rsa
#Use this User ID and ssh-key for repo B
Host git-codecommit.*.amazonaws.com
User IAMUSERFROMANOTHERAWSACCOUNT
IdentityFile ~/.ssh/codecommit_rsa
I have browsed everywhere without finding the right answer. Thanks in advance for any help on this topic.
Regards
Upvotes: 6
Views: 2596
Answers (3)
Reputation: 1
Most probably you have entered the complete path of the repo in the HOST instead of the Code Commit Repo FQDN public endpoint within the "~/.ssh/config" :-
[[email protected] .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ--> ??
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
[[email protected] .ssh]# git clone ssh://APKAEIBAERJR2EXAMPLE@git-
codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
Cloning into 'my-webpage'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository
exists.
[[email protected] .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com **---> CORRECT **
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
[[email protected] .ssh]# git clone ssh://APKAEIBAERJR2EXAMPLE@git-
codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
Cloning into 'my-webpage'...
remote: Counting objects: 12, done.
Receiving objects: 100% (12/12), done.
[root@ip-10-0-6-161 .ssh]# ll
total 36
Detailed Steps are provided in below AWS documentation:-
Setup steps for SSH connections to AWS CodeCommit repositories on Linux
1. Step 1:- generate a ssh key on the EC2
[[email protected] .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
**/root/.ssh/codecommit_rsa**
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/codecommit_rsa.
Your public key has been saved in /root/.ssh/codecommit_rsa.pub.
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The key's randomart image is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2. Step 2:-
create you credentials using ssh-keygen and upload the public key to an IAM user in the "SSH keys for AWS CodeCommit" section
[[email protected] .ssh]# ll ~/.ssh/
total 36
-rw------- 1 root root 1679 Mar 16 02:06 codecommit_rsa
-rw-r--r-- 1 root root 432 Mar 16 02:06 codecommit_rsa.pub ----> *** upload to IAM ***
3. Step 3:-
Your ~/.ssh/config file should be:-
[[email protected] .ssh]# pwd
/root/.ssh
[[email protected] .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
Note: your DNS FQDN public endpoint for AWS CodeCommit can be anything, above is in sydney: ap-southeast-2 region, check yours from the clone drop down in the codecommit console. OR just use a wildcard for allowing codecommit
AWS CodeCommit Clone URL - SSH
Upvotes: 0
Reputation: 6133
This worked for me.
You need to change SSH Key ID. SSH Kye ID you can get from IAM Users -> select_user -> security_credentials-> SSH Key ID
file name ~/.ssh/config
Host git-codecommit.ap-south-1.amazonaws.com
User <SSH Key ID>
IdentityFile ~/.ssh/id_rsa
HostName git-codecommit.ap-south-1.amazonaws.com
Host git-codecommit.us-east-2.amazonaws.com
User <SSH Key ID>
IdentityFile ~/.ssh/id_rsa
HostName git-codecommit.us-east-2.amazonaws.com
Upvotes: 1
Reputation: 4420
You are on the right track :-). You need to modify your config file and make a Host entry for each User/IdentityFile pair. For example:
Host git-account1
User IAMUSERIDFROMACCOUNT1
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
Host git-account2
User IAMUSERIDFROMACCOUNT2
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
Host git-account3
User IAMUSERIDFROMACCOUNT3
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
Your git command lines would look like this:
git clone ssh://git-account1/v1/repos/AccountOneRepo
git clone ssh://git-account2/v1/repos/AccountTwoRepo
git clone ssh://git-account3/v1/repos/AccountThreeRepo
Upvotes: 12
Related Questions
- How can I git stash a specific file?
- How do I change the URI (URL) for a remote Git repository?
- How do I make Git forget about a file that was tracked, but is now in .gitignore?
- How do I modify a specific commit?
- How can I reset or revert a file to a specific revision?
- How can I change the commit author for a single commit?
- How do I clone a Git repository into a specific folder?
- How do I "git clone" a repo, including its submodules?
- How do I stash only one file out of multiple files that have changed?
- How do I find and restore a deleted file in a Git repository?