Paul Fryer Paul Fryer - 14 days ago 7
Git Question

How to authenticate against AWS CodeCommit git repo with IAM access id and secret key?

Is it possible to authenticate to a Git repo with an IAM user access key id and access secret key?

I'm trying this by using the access id as the username and the secret as the password, but getting a 403 error returned when I try to clone a repo.

enter image description here

I have verified the user is in a group that has access to the repository.
I'm using Git BASH in the screenshot above.

Background on Use Case
I'm considering developing a service where users can push Single Page Apps (SPA) and Functions to a private Git repository and the service will deploy the functions to Lambda / Azure Functions, deploy the SPA to a CDN, and set up a global load balancer for the functions, and create SSL certificates automatically. Basically I want to make is super easy for developers to deploy world class / world scale web site/services for super cheap. To kick this process off I need a way to get the code, so my thinking is provision a private repository for each user and let them push code there. I'm looking for something similar to what AppHarbor does, just push to Git with your credentials.

Answer

No, you cannot use the Access Key and Secret Key in Git like this directly.

Instead, you first:

  1. Configure AWS CLI with your access key and secret key using aws configure, then
  2. Use git config to get your Git credentials.

For example:

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

Source: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html