How do I perform Git operations on an AWS CodeCommit repository with an instance role on Amazon EC2 instances for Windows?

Short description

Set up the AWS Command Line Interface (AWS CLI) credential helper to perform Git operations on an AWS CodeCommit repository. Then, create an IAM role on your Amazon EC2 instance to perform pull and push actions.

Note: Credential helper is the only connection method that doesn't require an IAM user for CodeCommit repositories.

Resolution

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

1.    Create an IAM role for your EC2 instance, and then attach the following example IAM policy to the role. Replace arn:aws:codecommit:us-east-1:111111111111:SampleRepoName with the Amazon Resource Name (ARN) of your CodeCommit repository.

{  
    "Version": "2012-10-17",  
    "Statement": [  
        {  
            "Effect": "Allow",  
            "Action": [  
                "codecommit:GitPull",  
                "codecommit:GitPush"  
            ],  
            "Resource": "arn:aws:codecommit:us-east-1:111111111111:SampleRepoName"  
        }  
    ]  
}

Note: The policy for step 1 allows the IAM role to perform Git pull and push actions on the CodeCommit repository. For more examples on using IAM policies for CodeCommit, see Using identity-based policies (IAM Policies) for CodeCommit.

2.    Attach the IAM role that you created in step 1 to an instance.

3.    Install Git on your instance. For information on Windows instances, see Downloads on the Git website.

4.    Check the Git version to confirm that Git is properly installed:

C:\Users\Administrator> git --version

5.    Check the AWS CLI version to confirm that AWS CLI is installed:

C:\Users\Administrator> aws --version

6.    To set up the credential helper on the Amazon EC2 instance, run the following commands:

C:\Users\Administrator> git config --global credential.helper "!aws codecommit credential-helper $@"
C:\Users\Administrator> git config --global credential.UseHttpPath true

Note: The commands in step 6 specify the use of the Git credential helper with the AWS credential profile. The credential profile allows Git to authenticate with AWS to interact with CodeCommit repositories. To authenticate, Git uses HTTPS and a cryptographically-signed version of your instance role.

7.    To configure your name and email address explicitly, run the following commands:

C:\Users\Administrator> git config --global user.email "testuser@example.com"
C:\Users\Administrator> git config --global user.name "testuser"

8.    To clone the repository to the instance, copy the clone URL from the appropriate CodeCommit repository:

C:\Users\Administrator> git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/SampleRepoName

9.    Create a commit in your CodeCommit repository.

Related information

Set up the credential helper

How do I perform Git operations on an AWS CodeCommit repository with an instance role on Amazon EC2 instances for Amazon Linux 2?