Setting up CodeCommit for SSH users using AWS CLI
In the previous recipe, we saw how we can access the repository using the username and password. In this section, we will use SSH private and public keys to access the repository. We will be accessing the repository using SSH connections.
This topic assumes that you already have, or know how to create, a pair of public/private keys. You should be familiar with SSH and its configuration files.
Getting ready
Before setting up CodeCommit for SSH users, we need the AWS CLI installed and configured with the respective AWS account. To install the AWS CLI on our development machine, we need to perform these steps:
- We need to install python-pip and AWS CLI tools. Usually, in CentOS/RHEL, python-pip comes with EPEL (Extra Package for Enterprise Linux):
# yum install epel-release python-pip
# pip install awscli- Once we have the
awsclicommand installed in our system, we have to configure it using the access and secret Key, as well as the region we will use the AWS account in. If you remember, we had created a user while generating thehttps gitcredentials, but at that moment, we also downloaded another type of credentials, the secret and access key. So, we need that over here. - Now, let's configure AWS CLI:
awsstar@awsstar:~$ aws configure
AWS Access Key ID [None]: AKIxxxxxxxxxxxxxDDA
AWS Secret Access Key [None]: b+GEuc2u3xxxxxxxxxxxxxx+av/5eK
Default region name [None]: us-east-1
Default output format [None]:- Once the configuration is done, let's try to list the repository:
awsstar@awsstar:~$ aws codecommit list-repositories
{
"repositories": [
{
"repositoryName": "NixSrj",
"repositoryId": "73caf1e3-65a9-44bf-8c6a-a3bd3e0260b0"
},
{
"repositoryName": "ECS-POC",
"repositoryId": "62063220-b0fc-4519-9d54-896be46a7521"
},
{
"repositoryName": "terraform-Openshift",
"repositoryId": "20f88492-81bb-4068-8867-5d17a1d3ec5b"
}
]
}- So it's showing the repository, which means the credentials are working fine and we are good to go to create a repository now.
How to do it...
- Create a repository,
HelloWorld:
awsstar@awsstar:~$ aws codecommit create-repository --repository- name HelloWorld --repository-description "This repository includes static page of HelloWorld"
{
"repositoryMetadata": {
"repositoryName": "HelloWorld",
"cloneUrlSsh": "ssh://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld",
"lastModifiedDate": 1501778613.664,
"repositoryDescription": "This repository includes static page of HelloWorld",
"cloneUrlHttp": "https://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld",
"creationDate": 1501778613.664,
"repositoryId": "53866a81-8576-4e79-ab5a-36882c33b717",
"Arn": "arn:aws:codecommit:us-east-1:160384169139:HelloWorld",
"accountId": "160384169139"
}
}- Now, check it using the following command:
awsstar@awsstar:~$ aws codecommit list-repositories
{
"repositories": [
{
"repositoryName": "HelloWorld",
"repositoryId": "53866a81-8576-4e79-ab5a-36882c33b717"
}
]
} - Let's try to clone the
HelloWorldrepository from CodeCommit to our development machine; but before that, we have to establish SSH authentication. To do that, we have to perform the following operations to generate the SSH keys:
awsstar@awsstar:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/awsstar/.ssh/id_rsa):
Created directory '/home/awsstar/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/awsstar/.ssh/id_rsa.
Your public key has been saved in /home/awsstar/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NMUiRSDRD9SxrSIcYm9A4BYau2TOaeEfk5TgRmy3i4o root@aa21529d724f
The key's randomart image is:
+---[RSA 2048]----+
|+=. o+o=+o. |
|=*o...+ o+. |
|+O=oo ++.. |
|Oo+*.. ..o |
|.*.+* . S |
|...oo. . |
|o . |
|E |
| |
+----[SHA256]-----+- The preceding command will create two keys; one is the public key (
id_rsa.pub) and the other one is the private key (id_rsa). - Now, we have to upload the public key to the user of AWS we created:
awsstar@awsstar:~$ cd .ssh
awsstar@awsstar:~/.ssh$ aws iam upload-ssh-public-key --user-name awsccuser --ssh-public-key-body "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk437p8/JmhGOdM9oYNK/r1xpOnuA2cQNfYys7lnE9gXJdTEjniHNFcJZMkIVmtYQGAqEh37BWGfXl4s5iw/NSfkDuZf8zegAgyPryR0KTTUG2f/rrtyLtlAPlSXjtCmHakZzhwIoRJtzkDbSpKoUOD8fNnS3kKIwk7Dp3+gGLLgo9eoZdud9h/E5+NpORog7wg7xaTgg3mwa9StaPHKMxJNwNc71dIuUyAh2S6bDbHB3QWLNfrJABYqPq5HGFh3KLogH9GHBMajshLEOS4Ygk3uC8FzB+eP4oneuWd2n68N3qg5RmX0U5lAL8s3+ppuhmjlbSvDOdBUJdpgEL/AQZ awsstar@awsstar"- We need to make a note of some details, such as the SSHPublicKeyId provided as output in thew JSON format, while uploading the SSH public key.
- We have to bring about some modification in the
configfile lying in$HOME/.ssh/config:
awsstar@awsstar:~$ vi .ssh/config
Host git-codecommit.us-east-1.amazonaws.com
User APKAIGJDPRJL3INHSJ6Q
IdentityFile ~/.ssh/id_rsa- Once we are done saving the
configfile, let's see the connectivity between the development machine and AWS CodeCommit:
awsstar@awsstar:~$ ssh git-codecommit.us-east-1.amazonaws.com
The authenticity of host 'git-codecommit.us-east-1.amazonaws.com (54.239.20.155)' can't be established.
RSA key fingerprint is SHA256:eLMY1j0DKA4uvDZcl/KgtIayZANwX6t8+8isPtotBoY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'git-codecommit.us-east- 1.amazonaws.com,54.239.20.155' (RSA) to the list of known hosts.
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.
Connection to git-codecommit.us-east-1.amazonaws.com closed.- We get the output that says
Successfully authenticated over SSH, so now we are ready to clone the repository. We can clone the SSH URL of the repository, which we obtain from the JSON output while creating the repository:
awsstar@awsstar:~$ git clone ssh://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld
Cloning into 'HelloWorld'...
warning: You appear to have cloned an empty repository.
checking connectivity... done
awsstar@awsstar:~$ ls
HelloWorld
awsstar@awsstar:~$- So, we cloned an empty repository; now it's time to put a sample
index.htmlfile in the CodeCommitHelloWorldrepository:
awsstar@awsstar:~/HelloWorld$ echo '<h1> Hello World </h1>' > index.html
awsstar@awsstar:~/HelloWorld$ git add .
awsstar@awsstar:~/HelloWorld$ git commit -m " index.html push "
[master (root-commit) bc76f76] index.html push
1 file changed, 1 insertion(+)
create mode 100644 index.html
root@awsstar:~/HelloWorld# git push origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 233 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld
* [new branch] master -> master- In this stage, we successfully pushed our local file into the AWS CodeCommit
HelloWorldrepository.
