AWS CodeCommit HTTPS access without setting up credential helper

Claudio Martins picture Claudio Martins · Aug 6, 2015 · Viewed 7.8k times · Source

We are transitioning from GitHub to AWS CodeCommit to have a tightly integrated environment.

One need is to access one repository through HTTPS. This repo is accessed ny Spring Cloud Config Server product that uses jgit to read the repo and clone the files for its use.

AWS CodeCommit apparently requires the use of the credential helper when connecting through HTTPS, but I don't the setup to be like that. I want a user and password setup that jgit can use without the need to generate a temp credential using the credential helper. Any way to accomplish this?

Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?

Answer

Steffen Opel picture Steffen Opel · Aug 23, 2015

Update

As of December 22 2016, AWS CodeCommit supports the use of a static user name and password as a simplified way to authenticate to your AWS CodeCommit repositories over HTTPS:

With Git credentials, you can generate a static user name and password in the Identity and Access Management (IAM) console that you can use to access AWS CodeCommit repositories from the command line, Git CLI, or any Git tool that supports HTTPS authentication.

Because these are static credentials, they can be cached using the password management tools included in your local operating system or stored in a credential management utility. This allows you to get started with AWS CodeCommit within minutes. You don’t need to download the AWS CLI or configure your Git client to connect to your AWS CodeCommit repository on HTTPS. You can also use the user name and password to connect to the AWS CodeCommit repository from third-party tools that support user name and password authentication, including popular Git GUI clients (such as TowerUI) and IDEs (such as Eclipse, IntelliJ, and Visual Studio).

[...]


Initial Answer

Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?

No, as outlined in Setting Up for AWS CodeCommit, you have to either use HTTPS or SSH, and the former requires a cryptographically signed version of your IAM user credentials or Amazon EC2 instance role whenever Git needs to authenticate with AWS in order to interact with repositories in AWS CodeCommit.

However, as mentioned by Mark L. Smith in his answer to using native git not jgit in Eclipse git, while These credentials expire in ~15 minutes, nothing prevents you from implementing the signing process yourself, and Mark kindly provided a resp. Example showing how to clone an AWS CodeCommit repository over HTTPS using jgit right away, see jgit-codecommit for details.