Amazon Web Services (or AWS) contains a huge number of services, including one called CodeCommit: hosting for fully managed, secured and private Git repositories.

Intro: CodeCommit

AWS CodeCommit is a great service to work with your Git repositories: AWS provides highly available architecture, secure and fully managed for Git hosting, based on Amazon S3 and DynamoDB services. And your repositories are completely private. All that for a very low price of zero dollars (if you have up to 5 users), or $1.00 per month for more than 5 users. You get unlimited repositories, 50GB of space and 10.000 requests each month. Extra space and requests will be additional charges. More information is available here: aws.amazon.com/codecommit/pricing.

Finally, Amazon promises ‘seamless integration’ with other Git tools. But, if you have experience with some of the Amazon services, you know that things are not that simple.

I have decided to switch from using SVN to using Git. Since I don’t need collaboration tools on GitHub, and I already use many of the AWS services, it was logical for me to use AWS CodeCommit. Setting CodeCommit is easy, but settings users for it, and preparing Git on Windows to work with CodeCommit was all but easy to do. First, I wanted to use HTTP access method with username and password. But, CodeCommit has some strange methods for handling authentication, and I ended up with the system that was unable to store my username and password, and every 15 minutes, I had to enter username and password for working with the origin server.

So, I decided to switch to SSH authentication. But, that too proved complicated to do since I wanted to use TortoiseGit on Windows. But, after spending few days experimenting, I have managed to work out the solution to my problem: TortoiseGit using SSH for AWS CodeCommit.

AWS documentation includes information on how to set up SSH for using with Git, but this method will not work with TortoiseGit. TortoiseGit can use SSH generated from Putty PPK Key generator, so this tutorial will show you how to set CodeCommit with Putty SSH key. Before we start, make sure you install Git and TortoiseGit.

Step 1: AWS and CodeCommit Account

If you don’t have an account already, sign up for Amazon AWS. And, when you do that, enable CodeCommit for your account.

Step 2: Identity and Access Management

Before you get to creating your first repository, you need to setup a new user account (your main AWS account is ‘root’ account, and it can’t be used for direct access to CodeCommit). Open the IAM front page, to see something like this:

AWS IAM Console
AWS IAM Console

Click on the Users button, and you will get to the new page with all your AWS IAM users. On top of that page, find Add User button to create a new user. Give that user username and make sure to enable ‘Programmatic access’. Click on Next button to set up permissions for the new user account. To proceed, click to attach existing policies to the user account, and from the list of policies select AWSCodeCommitFullAccess:

User account permissions
User account permissions

Click Next button to review the information and Next again to create a user. On the last screen, you will get your first Access key and secret key for AWS access, and you can download file with this information for safe keeping.

Step 3: Use Putty to generate SSH key

If you don’t have it already, install Putty. Run Putty Key Generator, set it to RSA key type with 2048 bits key. It should look like this:

Putty KeyGen
Putty KeyGen

Now, click on the Generate button. You need to move the mouse around to generate a random sequence, and after that is done, you need to enter the key comment to help you identify your SSH key later, and you must enter the passphrase, and it is very important to save this passphrase for later use.

Generated SSH key
Generated SSH key

On top, you have a public key that you will use to setup AWS user, but before that, click to Save private key. Store this private key in the safe place, it will be used later by TortoiseGit, to make things easier give this key a file name related to CodeCommit (codecommit.ppk or similar). So, it is important to save passphrase, private key and public key sequence from Putty, all of that will be needed later.

Step 4: Configure IAM user with SSH key

Now, go back to the AWS IAM, click on the user you created, switch to the Security Credentials tab, and then find block SSH keys for AWS CodeCommit. Click on the Upload SSH public key button, and insert public key sequence from the Putty:

Enter SSH key
Enter SSH key

Upload this key, and you will now get SSH Key ID, and it will look like this:

SSH Key is ready
SSH Key is ready

Make sure to not this key for later use (APKAIPKKAVULLH5M4OZQ, it will be something like this, not exactly like this, it depends on the account and SSH key), it will be used for SSH Git URLs. And, with this, SSH key setup is completed. This key serves as a username for accessing repository.

Step 5: Create CodeCommit repository

Finally, create your first repository on CodeCommit. Click Create Repository button, and give your repository name and description. The name has to be URL safe, all lowercase letters and dashes, no spaces.

New repository
New repository

After the repository is created, you need to get the SSH URL for it. Click on the Clone URL, select SSH and copy the URL, it will look like this:

Repository SSH URL
Repository SSH URL

The URL looks like this:

ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/gd-rating-system

But, if you use this URL, every time you need to run Pull or Push from origin server with TortoiseGit, you will need to enter the username (SSH key ID from the previous step). So, I suggest to modify the URL to include the key, and new URL will look like this:

ssh://APKAIPKKAVULLH5M4OZQ@git-codecommit.us-east-1.amazonaws.com/v1/repos/gd-rating-system

And this is the final URL to use with TortoiseGit to get repository from CodeCommit and to work with it later.

Step 6: Checkout the repository using TortoiseGit

Now, create a folder somewhere on your computer where you want to have repositories located. I suggest you copy Putty SSH private key file there too (.ppk file from step 3). Open the newly created folder in Explorer, click right button anywhere in it, and you will get context menu opened, and from it choose Git Clone option. If this option is missing, then TortoiseGit is not installed. When you click this, a dialog will be displayed to add the repository from CodeCommit, set the local folder for it and also select SSH file for access. It will look like this:

TortoiseGit Checkout
TortoiseGit Clone

Make sure to note what is set here: URL is the repository URL with SSH Key ID included, Directory is the folder where the repository will be cloned, and finally, Load Putty Key needs to be enabled, and .ppk file selected. When you click OK, you will be asked to enter the passphrase for the SSH, and the TortoiseGit will clone the repository.

TortoiseGit finished cloning the repository
TortoiseGit finished cloning the repository

Conclusion

This method is tested on Windows 10 with the 64bit version of Putty, Git, and TortoiseGit, and it is the only way to use SSH for authentication of AWS CodeCommit Git repositories in TortoiseGit. Also, other Git clients using Putty SSH keys can use this same method.

No votes yet.
Please wait...

About the author

MillaN
MillaN
Dev4Press owner and lead developer

Programmer since the age of 12 and now WordPress developer with more than 8 years of WordPress experience, author of more than 100 plugins and more than 20 themes.

2 Comments

  1. Alok says:

    Thanks for writing an excellent blog. Have you tried using Git credentials with CodeCommit to configure https access? As an example, please look at the following:

    https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage

    0
    Be the first one to like this.
    Please wait...
    1. MillaN says:

      Hello,

      AWS CodeCommit can’t use standard Git credentials storages, so setting it to work over HTTPS with username and password is not easy, but possible, by using AWS CLI to manage credentials. The problem here is that it doesn’t have the option to remember passwords, or set password expiration time, so every 15 minutes, you would need to enter username and password. And if you do a lot with the origin server, or you have many repositories, this would be very frustrating. So, SSH is the best method to avoid authentication problems of other methods.

      Regards,
      Milan

      0
      Be the first one to like this.
      Please wait...

Leave a Reply

Your email address will not be published. Required fields are marked *