Skip to content

How to use CodeCommit with Git, across multiple AWS Accounts

As an AWS geek, I have multiple AWS accounts that I work in.  Therefore I started running into problems with trying to work from the command line within different accounts.  I found a few articles online that helped get me a few steps closer, but still, keep running into problems.  Finally, I figured it out and I wanted to share.  Btw, this is for Linux, so if you’re a Windows user, you’ll have to update to the proper syntax. However, you really should use Linux nowadays.  With the Windows 10 Linux Subsystem, it just makes sense, and if I can figure it out, you most certainly can too.  I can still work in both worlds, Windows and Linux. You can even configure the environments to share a common space. That’s what I do, so I develop with my Windows tools, then do everything else from the Linux shell. My aws cli, git, etc.. are all run within Linux.  Reminds me of PeeWee Herman at the Alamo… “We have both kinds of music, Country and Western”.  Ok back to the topic at hand.

 

First I wanted to start with the AWS side of things.  This article assumes you are already familiar with Git CLI, AWS CodeCommit, and AWS in general from a developer perspective.  I’m also hoping that you have multiple AWS accounts setup, each account has an IAM User, and that you have access keys for each account user already generated and securely stored.  If you have not done any of this, then stop and go do that now.  For this article, you should also have a repository setup in each account, within CodeCommit.  Ok, now we’re ready…

  • You must have multiple profiles setup in your AWS credential file.  This is the “credentials” file (yes no extension) within .aws folder that was created when you installed the AWS CLI.  You did do this already, right?

[Profile1]
aws_access_key_id = YourAccessKeyHere
aws_secret_access_key = YourSecretAccessKeyHere

[Profile2]
aws_access_key_id = YourOtherAccessKeyHere
aws_secret_access_key = YourOtherSecretAccessKeyHere

 

  • Now, although this part is not used with the following method, you should have in the config file in that same folder something like the following:

[Profile1]
region = us-east-1
output = json

[Profile1]
region = us-east-2
output = json

 

  • The next step is to build the command that you will execute

name=First.Last \
email=YourEmail@here.com\
region=us-east-1 \
repository_name=YourRepoName \
repository_url= TheURLToYourRepo \
profile=AWSProfileYouWantToUseLikeRepo1 \
repository_endpoint=$(aws codecommit get-repository \
–region “$region” \
–repository-name “$repository_name” \
–output json \
–query ‘repositoryMetadata.cloneUrlHttp’) \
git clone $repository_url \
–config ‘credential.helper=!aws codecommit –profile ‘$profile’ –region ‘$region’ credential-helper $@’ \
–config ‘credential.UseHttpPath=true’ –config ‘credential.UseHttpPath=true’ \
–config user.name=$name \
–config user.email=$email \
$repository_name
cd $repository_name

 

  • Finally, go to the folder you want to clone this into, copy and past it, then run it.

 

  • A few tips I learned
    • If you have already cloned the repo before, clone this one into a new folder so it can reset the git files properly
    • if you have problems, run this command and you should see the parameters for each prole, and if not, set them up by pasting them into the prompt.

$ aws configure –profile Profile1
AWS Access Key ID [****************Last4OfKey]:
AWS Secret Access Key [****************Last4OfKey]:
Default region name [YourRegion]:
Default output format [json or text]:

Hit the enter key for each line, if the value is missing, you can fix this by pasting it in there before hitting enter.

That should do it.  Hopefully, this will help you avoid the issues I ran into.

Written for ServerlessArchitecture.com
Written by Jeff Mangan

Leave a Reply