#Setting Up AWS CodeCommit (Mac)
For all possibilities, amazon has guides here: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up.html
We chose to use HTTPS here
If git asks you to manually enter username or password it is incorrectly configured!
Similar to RSA, the AWS CLI credential-helper should be using your keys to create and send a dynamic password that updates every 15 minutes.
##Install AWS Command Line Tools http://docs.aws.amazon.com/cli/latest/userguide/installing.html
Test if you have python's pip with pip -h
If pip is not found run in terminal
curl -O https://bootstrap.pypa.io/get-pip.py ; python get-pip.py
After pip is confirmed to be installed run
sudo pip install awscli --ignore-installed six
Test that AWS CLI is installed by typing aws help then use :q to exit from vim
##Setting up the Git Credential
Create a new directory and navigate to it.
Create a local git repo with git init then run the following as well:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
and now your ~/.gitconfig will end with
[credential]
helper = !aws codecommit credential-helper $@
UseHttpPath = true
NOTE: AWS seems to require to set these as globals every time you are adding & cloning a new CodeCommit repo. After you have cloned the repo locally and set the config strings in local (demonstrated in the Using Sourcetree section) the global aws credential lines can be removed and sourcetree and command line git continue to work. You cannot keep these in global if you're using any other repo besides aws
##Get Access Tokens from AWS & Adding to CLI
You need your Access Key ID and Secret Access Key from AWS. They may have been emailed to you. Otherwise, you can login to Amazon IAM to Users and click on your username.
There click "Create Access Key" to create and save your Key and Secret.
Back in terminal run aws configure and enter your credentials.
bash$ aws configure
...AWS Access Key ID [None]: <Downloaded>
...AWS Secret Access Key [None]: <Downloaded>
...Default region name [None]: us-east-1
...Default output format [None]: json
##Block Keychain
Open Keychain Access
Open each item. Set to "Confirm before allowing access" and check "ask for keychain password."
Remove all items in the list "Always allow access by these applications"
Click save, enter your password, and click allow to save.
Afterwards if the keychain dialog box appears duing a commit from any app except "Keychain Access", click DENY.
using terminal
Add the remote using
git remote add origin <url to AWS codecommit>
Then clone with
git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo
You can now either add the repo with Sourcetree by using "Add Existing Local Repository" or use git clone origin.
##Using Sourcetree
Sourcetree defaults to looking in the --local for git and otherwise asks upfront for the username and password.
To circumvent this either edit .git/config manually or go to
- SourceTree
- Repository Settings
- Edit Config file
Add or modify to contain the following:
[credential]
helper = /usr/local/bin/aws codecommit credential-helper $@
UseHttpPath = true
###Try to push to the code commit repo:
- If it asks you for username and password, it is configured incorrectly and credential helper is not running
- When it ask your for keychain access click DENY. If you accidentally click accept, go into your keychain and reset settings as demonstrated in the section above. Otherwise your login will not work in <=15 minutes.
- If things so go smoothly: HOORAY!
There is more on avoiding password caching here
###References http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html
http://docs.aws.amazon.com/codecommit/latest/userguide/how-to-migrate-repository.html
https://geekprotem.com/2015/07/10/aws-codecommit-with-sourcetree/
http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
It works, but I have to constantly deny access to the keychain. Any way to get it to stop prompting for that?