Amazon Web Services (or AWS) contains a huge number of services, including one called CodeCommit: hosting for fully managed, secured and private Git repositories.
Intro: CodeCommit
AWS CodeCommit is a great service to work with your Git repositories: AWS provides highly available architecture, secure and fully managed for Git hosting, based on Amazon S3 and DynamoDB services. And your repositories are completely private. All that for a very low price of zero dollars (if you have up to 5 users), or $1.00 per month for more than 5 users. You get unlimited repositories, 50GB of space, and 10.000 requests each month. Extra space and requests will be additional charges. More information is available here: aws.amazon.com/codecommit/pricing.
Finally, Amazon promises ‘seamless integration’ with other Git tools. But, if you have experience with some of the Amazon services, you know that things are not that simple.
I have decided to switch from using SVN to using Git. Since I don’t need collaboration tools on GitHub, and I already use many of the AWS services, it was logical for me to use AWS CodeCommit. Setting CodeCommit is easy, but settings users for it, and preparing Git on Windows to work with CodeCommit was all but easy to do. First, I wanted to use the HTTP access method with a username and password. But, CodeCommit has some strange methods for handling authentication, and I ended up with a system that was unable to store my username and password, and every 15 minutes, I had to enter my username and password for working with the origin server.
So, I decided to switch to SSH authentication. But, that too proved complicated to do since I wanted to use TortoiseGit on Windows. But, after spending a few days experimenting, I have managed to work out the solution to my problem: TortoiseGit using SSH for AWS CodeCommit.
AWS documentation includes information on how to set up SSH for use with Git, but this method will not work with TortoiseGit. TortoiseGit can use SSH generated from the Putty PPK Key generator, so this tutorial will show you how to set CodeCommit with the Putty SSH key. Before we start, make sure you install Git and TortoiseGit.
Step 1: AWS and CodeCommit Account
If you don’t have an account already, sign up for Amazon AWS. And, when you do that, enable CodeCommit for your account.
Step 2: Identity and Access Management
Before you get to creating your first repository, you need to set up a new user account (your main AWS account is a ‘root’ account, and it can’t be used for direct access to CodeCommit). Open the IAM front page, to see something like this:
Click on the Users button, and you will get to the new page with all your AWS IAM users. On top of that page, find Add User button to create a new user. Give that user username and make sure to enable ‘Programmatic access’. Click on the Next button to set up permissions for the new user account. To proceed, click to attach existing policies to the user account, and from the list of policies select AWSCodeCommitFullAccess:
Click Next button to review the information and Next again to create a user. On the last screen, you will get your first Access key and secret key for AWS access, and you can download file with this information for safe keeping.
Step 3: Use Putty to generate SSH key
If you don’t have it already, install Putty. Run Putty Key Generator, set it to RSA key type with 2048 bits key. It should look like this:
Now, click on the Generate button. You need to move the mouse around to generate a random sequence, and after that is done, you need to enter the key comment to help you identify your SSH key later, and you must enter the passphrase, and it is very important to save this passphrase for later use.
On top, you have a public key that you will use to set up an AWS user, but before that, click to Save private key. Store this private key in a safe place, it will be used later by TortoiseGit, to make things easier give this key a file name related to CodeCommit (codecommit.ppk or similar). So, it is important to save the passphrase, private key, and public key sequence from Putty, all of that will be needed later.
Step 4: Configure IAM user with SSH key
Now, go back to the AWS IAM, click on the user you created, switch to the Security Credentials tab, and then find block SSH keys for AWS CodeCommit. Click on the Upload SSH public key button, and insert the public key sequence from the Putty:
Upload this key, and you will now get SSH Key ID, and it will look like this:
Make sure to not this key for later use (APKAIPKKAVULLH5M4OZQ, it will be something like this, not exactly like this, it depends on the account and SSH key), it will be used for SSH Git URLs. And, with this, SSH key setup is completed. This key serves as a username for accessing the repository.
Step 5: Create a CodeCommit repository
Finally, create your first repository on CodeCommit. Click Create Repository button, and give your repository name and description. The name has to be URL safe, with all lowercase letters and dashes, and no spaces.
After the repository is created, you need to get the SSH URL for it. Click on the Clone URL, select SSH and copy the URL, it will look like this:
The URL looks like this:
ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/gd-rating-system
But, if you use this URL, every time you need to run Pull or Push from the origin server with TortoiseGit, you will need to enter the username (SSH key ID from the previous step). So, I suggest modifying the URL to include the key, and the new URL will look like this:
ssh://APKAIPKKAVULLH5M4OZQ@git-codecommit.us-east-1.amazonaws.com/v1/repos/gd-rating-system
And this is the final URL to use with TortoiseGit to get the repository from CodeCommit and to work with it later.
Step 6: Checkout the repository using TortoiseGit
Now, create a folder somewhere on your computer where you want to have repositories located. I suggest you copy Putty SSH private key file there too (.ppk file from step 3). Open the newly created folder in Explorer, click right button anywhere in it, and you will get context menu opened, and from it choose Git Clone option. If this option is missing, then TortoiseGit is not installed. When you click this, a dialog will be displayed to add the repository from CodeCommit, set the local folder for it and also select SSH file for access. It will look like this:
Make sure to note what is set here: URL is the repository URL with SSH Key ID included, Directory is the folder where the repository will be cloned, and finally, Load Putty Key needs to be enabled, and .ppk file selected. When you click OK, you will be asked to enter the passphrase for the SSH, and the TortoiseGit will clone the repository.
Conclusion
This method is tested on Windows 10 with the 64bit version of Putty, Git, and TortoiseGit, and it is the only way to use SSH for authentication of AWS CodeCommit Git repositories in TortoiseGit. Also, other Git clients using Putty SSH keys can use this same method.
Thanks for writing an excellent blog. Have you tried using Git credentials with CodeCommit to configure https access? As an example, please look at the following:
https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
Hello,
AWS CodeCommit can’t use standard Git credentials storages, so setting it to work over HTTPS with username and password is not easy, but possible, by using AWS CLI to manage credentials. The problem here is that it doesn’t have the option to remember passwords, or set password expiration time, so every 15 minutes, you would need to enter username and password. And if you do a lot with the origin server, or you have many repositories, this would be very frustrating. So, SSH is the best method to avoid authentication problems of other methods.
Regards,
Milan