Help us understand the problem. What is going on with this article?

AWS CLIからAWS CodeCommitのSSH設定&HTTPS認証ヘルパー設定

More than 1 year has passed since last update.

業務で使うためのaws-cliコマンドのメモ

CodeCommitのリポジトリアクセス方法?

記のように3種類の方法がある

No  プロトコル   説明 
1  SSH   暗号キーペアによる認証 
2  HTTPS   aws-cliのIAMプロファイルによるIDフェデレーション(HTTPS認証ヘルパー) 
3  HTTPS   マネコンからCodeCommit用のID,PWを生成する方法 

1,2 の方法について記載します。

前提条件

  • aws-cliがインストールされている
  • IAMに適切な管理ポリシーが設定されている

AWS CodeCommit用の管理ポリシー

管理ポリシー 説明
AWSCodeCommitFullAccess CodeCommitのすべての制御
AWSCodeCommitPowerUser リポジトリの削除ができない
AWSCodeCommitReadOnly 読み取り専用
AdministratorAccess なんでもできる管理者ポリシー(非推薦)

CodeCommit用のSSH認証ファイル作成

  • 変数は適切に変更して使ってください
作成
IAM_USER=codecommit-handson
SSH_NAME=~/.ssh/${IAM_USER}-$(date +%Y%m%d)
ssh-keygen -t rsa -b 2048 -f ${SSH_NAME} -N '' -C ''
作成結果
Generating public/private rsa key pair.
Your identification has been saved in /Users/yu/.ssh/codecommit-handson-20180102.
Your public key has been saved in /Users/yu/.ssh/codecommit-handson-20180102.pub.
The key fingerprint is:
SHA256:Ncp+5fEJ/l0BLz+AfeKuPwTM0TvYxyz123456789N/g 
The key's randomart image is:
+---[RSA 2048]----+
|            .    |
|           + o o |
|          = X.+.+|
|       . o BoBo=o|
|        S  .*=+++|
|       .   +.=*.+|
|        . . +.+oo|
|         .  .+ o=|
|           .oo+E+|
+----[SHA256]-----+
確認
ssh-keygen -l -f ${SSH_NAME}
確認結果
2048 SHA256:Ncp+5fEJ/l0BLz+AfeKuPwTM0TvYxyz123456789N/g /Users/yu/.ssh/codecommit--handson-20180102.pub (RSA)

CodeCommit用SSH設定

SSHの認証Keyによってアクセスする場合

IAMユーザにアップロード

アップロード
SSH_PUBKEY=$(cat ${SSH_NAME}.pub)
SSH_PUBKEY_ID=$(aws iam upload-ssh-public-key \
--user-name ${IAM_USER} \
--ssh-public-key-body "${SSH_PUBKEY}" \
--output text \
--query SSHPublicKey.SSHPublicKeyId) && echo ${SSH_PUBKEY_ID}
結果_例)
APKAI3YRE4AABBCCDDEE

確認およびconfig用テキスト作成

確認
cat << ETX
Host git-codecommit.*.amazonaws.com
  User ${SSH_PUBKEY_ID}
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ${SSH_NAME} 
ETX

結果を ~/.ssh/configに追加

結果_例)
Host git-codecommit.*.amazonaws.com
  User APKAI3YRE4AABBCCDDEE
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ~/.ssh/codecommit-handson-20180102

接続確認

確認
ssh git-codecommit.ap-northeast-1.amazonaws.com
結果
Warning: Permanently added 'git-codecommit.ap-northeast-1.amazonaws.com,52.119.218.16' (RSA) to the list of known hosts.
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.ap-northeast-1.amazonaws.com closed by remote host.
Connection to git-codecommit.ap-northeast-1.amazonaws.com closed.

CodeCommit用のHTTPS認証ヘルパー設定

gitconfigの設定

gitconfig設定
git config --global credential.helper '!aws --profile codecommit-handson codecommit credential-helper $@'
git config --global credential.UseHttpPath true

~/.gitconfigに下記の情報が追加される

~/.gitconfig
[credential]
    helper = !aws --profile codecommit-handson codecommit credential-helper $@
    UseHttpPath = true

テストレポジトリを作成しcloneしてみる

作成
REPO_NAME=${IAM_USER}-$(date +%Y%m%d%H%M%S)
aws codecommit create-repository --repository-name ${REPO_NAME} \
--repository-description "codecommit handson 2018"
結果
{
    "repositoryMetadata": {
        "repositoryName": "codecommit-handson-20180103140202", 
        "cloneUrlSsh": "ssh://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202", 
        "lastModifiedDate": 1514955723.245, 
        "repositoryDescription": "codecommit handson 2018", 
        "cloneUrlHttp": "https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202", 
        "creationDate": 1514955723.245, 
        "repositoryId": "8842d149-b58f-4531-9081-020f07d9fc5c", 
        "Arn": "arn:aws:codecommit:ap-northeast-1:674xxxxxxxxx:codecommit-handson-20180103140202", 
        "accountId": "674xxxxxxxxx"
    }
}

結果のURLcloneUrlSshはSSH情報、cloneUrlHttpはHTTPSから接続できます。

例-sshの場合
git clone ssh://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202
例-httpsの場合
git clone https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202

リポジトリの削除

削除
aws codecommit delete-repository \
--repository-name "codecommit-handson-20180103140202"
結果
{
    "repositoryId": "8842d149-b58f-4531-9081-020f07d9fc5c"
}

以上。

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした