Software Engineering

How to Setup Credential Helper for AWS CodeCommit


AWS CodeCommit is a git code repository service by Amazon Web Services.

You will want to clone your repository and setup your remotes using credential helper.

Step 1 – Setup Credential Helper

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

This will write to your local user’s ~/.gitconfig, and the file will look something like:

[credential]    
    helper = !aws --profile CodeCommitProfile codecommit credential-helper $@
    UseHttpPath = true

You can edit this file by running the following git command:

git config --global --edit

Step 2 – Optional – If using MacOS

By connecting to the CodeCommit repository with HTTPS, the access is by default temporary, and connections will start failing after about 15 minutes.

To fix this, you need to:

  • Install a version of Git that does not use the keychain by default.
  • Configure the Keychain Access utility to not provide credentials for CodeCommit repositories.
  1. Open the Keychain Access utility. (You can use Finder to locate it.)
  2. Search for git-codecommit.us-east-2.amazonaws.com. Highlight the row, open the context menu or right-click it, and then choose Get Info.
  3. Choose the Access Control tab.
  4. In Confirm before allowing access, choose git-credential-osxkeychain, and then choose the minus sign to remove it from the list.

After you remove git-credential-osxkeychain from the list, you see a pop-up message whenever you run a Git command. Choose Deny to continue. If you find the pop-ups too disruptive, here are some other options:

Step 3 – Git Clone the Repository

At this stage you can now git clone the repository in CodeCommit.

Open the CodeCommit console at https://console.aws.amazon.com/codesuite/codecommit/home.

Find the repository you want to connect to from the list and choose it. Choose Clone URL, and then choose the protocol you want to use when cloning or connecting to the repository. This copies the clone URL.

git clone https://git-codecommit.us-east-2.amazonaws.com/v1/repos/your-repo your-repo-directory

Additional notes

If you are cloning as part of a profile name in your ~/.aws/config, then you will need to set the AWS_PROFILE environment variable as follows:

export AWS_PROFILE = "<profile_name"