Skip to content

Instantly share code, notes, and snippets.

@JohannMG
Last active December 28, 2023 05:42
Show Gist options
  • Save JohannMG/17e7ac9ce813fdafe60e to your computer and use it in GitHub Desktop.
Save JohannMG/17e7ac9ce813fdafe60e to your computer and use it in GitHub Desktop.
Setting Up AWS CodeCommit (Mac) with Sourcetree and disabling keychain

#Setting Up AWS CodeCommit (Mac)

For all possibilities, amazon has guides here: http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up.html

We chose to use HTTPS here

If git asks you to manually enter username or password it is incorrectly configured!

Similar to RSA, the AWS CLI credential-helper should be using your keys to create and send a dynamic password that updates every 15 minutes.

##Install AWS Command Line Tools http://docs.aws.amazon.com/cli/latest/userguide/installing.html

Test if you have python's pip with pip -h

If pip is not found run in terminal

curl -O https://bootstrap.pypa.io/get-pip.py ; python get-pip.py

After pip is confirmed to be installed run

sudo pip install awscli --ignore-installed six

Test that AWS CLI is installed by typing aws help then use :q to exit from vim

##Setting up the Git Credential

Create a new directory and navigate to it.

Create a local git repo with git init then run the following as well:

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true

and now your ~/.gitconfig will end with

[credential]
	helper = !aws codecommit credential-helper $@
	UseHttpPath = true

NOTE: AWS seems to require to set these as globals every time you are adding & cloning a new CodeCommit repo. After you have cloned the repo locally and set the config strings in local (demonstrated in the Using Sourcetree section) the global aws credential lines can be removed and sourcetree and command line git continue to work. You cannot keep these in global if you're using any other repo besides aws

##Get Access Tokens from AWS & Adding to CLI You need your Access Key ID and Secret Access Key from AWS. They may have been emailed to you. Otherwise, you can login to Amazon IAM to Users and click on your username. #

There click "Create Access Key" to create and save your Key and Secret.

Back in terminal run aws configure and enter your credentials.

bash$ aws configure 
	...AWS Access Key ID [None]: <Downloaded>
	...AWS Secret Access Key [None]: <Downloaded>
	...Default region name [None]: us-east-1
	...Default output format [None]: json

##Block Keychain

Open Keychain Access #

Open each item. Set to "Confirm before allowing access" and check "ask for keychain password." Remove all items in the list "Always allow access by these applications" #

Click save, enter your password, and click allow to save. #

Afterwards if the keychain dialog box appears duing a commit from any app except "Keychain Access", click DENY. #

Pulling from Remote

using terminal

Add the remote using

git remote add origin <url to AWS codecommit>

Then clone with

git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo

You can now either add the repo with Sourcetree by using "Add Existing Local Repository" or use git clone origin.

##Using Sourcetree

Sourcetree defaults to looking in the --local for git and otherwise asks upfront for the username and password.

To circumvent this either edit .git/config manually or go to

  • SourceTree
  • Repository Settings
  • Edit Config file

Add or modify to contain the following:

[credential]
	helper = /usr/local/bin/aws codecommit credential-helper $@
	UseHttpPath = true

###Try to push to the code commit repo:

  • If it asks you for username and password, it is configured incorrectly and credential helper is not running
  • When it ask your for keychain access click DENY. If you accidentally click accept, go into your keychain and reset settings as demonstrated in the section above. Otherwise your login will not work in <=15 minutes.
  • If things so go smoothly: HOORAY!

There is more on avoiding password caching here

###References http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html

http://docs.aws.amazon.com/codecommit/latest/userguide/how-to-migrate-repository.html

https://geekprotem.com/2015/07/10/aws-codecommit-with-sourcetree/

http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html

@jlaskowski
Copy link

It works, but I have to constantly deny access to the keychain. Any way to get it to stop prompting for that?

@JohannMG
Copy link
Author

@jlaskowski Make sure you're selecting Always Allow button when it pops up

@jlaskowski
Copy link

jlaskowski commented Mar 12, 2020

You mention twice above to select Deny. I clicked Allow just now and it says what you see below. If I keep clicking deny, it works.

"git --no-optional-locks -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree fetch origin
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/nifi-flows/': The requested URL returned error: 403
Completed with errors, see above"

@JohannMG
Copy link
Author

@jlaskowski Oh that's right. It's been almost 5 years since I used this. Sorry I can't help more.

@kmturley
Copy link

kmturley commented Dec 8, 2020

AWS CLI guide says to run:
git config --global credential.helper '!aws codecommit credential-helper $@'

Sourcetree doesn't have aws-cli in path, so you should instead use the exact path to aws-cli (this example is for mac):
git config --global credential.helper '/usr/local/bin/aws codecommit credential-helper $@'

@asmaier
Copy link

asmaier commented Nov 30, 2021

You can save a few steps by installing AWS Command Line Tools with brew:

brew install awscli

@ssheff
Copy link

ssheff commented Sep 19, 2023

well still having the issue:
git --no-optional-locks -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree fetch origin
fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo/': The requested URL returned error: 403
Completed with errors, see above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment