How to authenticate against AWS CodeCommit git repo with IAM access id and secret key?

Question

Is it possible to authenticate to a Git repo with an IAM user access key id and access secret key?

I'm trying this by using the access id as the username and the secret as the password, but getting a 403 error returned when I try to clone a repo.

I have verified the user is in a group that has access to the repository. I'm using Git BASH in the screenshot above.

Background on Use Case I'm considering developing a service where users can push Single Page Apps (SPA) and Functions to a private Git repository and the service will deploy the functions to Lambda / Azure Functions, deploy the SPA to a CDN, and set up a global load balancer for the functions, and create SSL certificates automatically. Basically I want to make is super easy for developers to deploy world class / world scale web site/services for super cheap. To kick this process off I need a way to get the code, so my thinking is provision a private repository for each user and let them push code there. I'm looking for something similar to what AppHarbor does, just push to Git with your credentials.

Answer 1

CodeCommit uses credential helper to authenticate Git operations and requires a Git config change as Matt mentioned. @Paul can you please share if you have a use case for using Secret Key / Access Key to authenticate Git requests on CodeCommit?

Answer 2

No, you cannot use the Access Key and Secret Key in Git like this directly.

Instead, you first:

1. Configure AWS CLI with your access key and secret key using aws configure, then
2. Use git config to get your Git credentials.

For example:

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

Source: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html