2
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

AWS CLIからAWS CodeCommitのSSH設定&HTTPS認証ヘルパー設定

Last updated at Posted at 2018-01-02

業務で使うためのaws-cliコマンドのメモ

CodeCommitのリポジトリアクセス方法?

記のように3種類の方法がある

No  プロトコル   説明 
1  SSH   暗号キーペアによる認証 
2  HTTPS   aws-cliのIAMプロファイルによるIDフェデレーション(HTTPS認証ヘルパー) 
3  HTTPS   マネコンからCodeCommit用のID,PWを生成する方法 

1,2 の方法について記載します。

前提条件

  • aws-cliがインストールされている
  • IAMに適切な管理ポリシーが設定されている

AWS CodeCommit用の管理ポリシー

管理ポリシー 説明
AWSCodeCommitFullAccess CodeCommitのすべての制御
AWSCodeCommitPowerUser リポジトリの削除ができない
AWSCodeCommitReadOnly 読み取り専用
AdministratorAccess なんでもできる管理者ポリシー(非推薦)

CodeCommit用のSSH認証ファイル作成

  • 変数は適切に変更して使ってください
作成
IAM_USER=codecommit-handson
SSH_NAME=~/.ssh/${IAM_USER}-$(date +%Y%m%d)
ssh-keygen -t rsa -b 2048 -f ${SSH_NAME} -N '' -C ''
作成結果
Generating public/private rsa key pair.
Your identification has been saved in /Users/yu/.ssh/codecommit-handson-20180102.
Your public key has been saved in /Users/yu/.ssh/codecommit-handson-20180102.pub.
The key fingerprint is:
SHA256:Ncp+5fEJ/l0BLz+AfeKuPwTM0TvYxyz123456789N/g 
The key's randomart image is:
+---[RSA 2048]----+
|            .    |
|           + o o |
|          = X.+.+|
|       . o BoBo=o|
|        S  .*=+++|
|       .   +.=*.+|
|        . . +.+oo|
|         .  .+ o=|
|           .oo+E+|
+----[SHA256]-----+
確認
ssh-keygen -l -f ${SSH_NAME}
確認結果
2048 SHA256:Ncp+5fEJ/l0BLz+AfeKuPwTM0TvYxyz123456789N/g /Users/yu/.ssh/codecommit--handson-20180102.pub (RSA)

CodeCommit用SSH設定

SSHの認証Keyによってアクセスする場合

IAMユーザにアップロード

アップロード
SSH_PUBKEY=$(cat ${SSH_NAME}.pub)
SSH_PUBKEY_ID=$(aws iam upload-ssh-public-key \
--user-name ${IAM_USER} \
--ssh-public-key-body "${SSH_PUBKEY}" \
--output text \
--query SSHPublicKey.SSHPublicKeyId) && echo ${SSH_PUBKEY_ID}
結果_例)
APKAI3YRE4AABBCCDDEE

確認およびconfig用テキスト作成

確認
cat << ETX
Host git-codecommit.*.amazonaws.com
  User ${SSH_PUBKEY_ID}
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ${SSH_NAME} 
ETX

結果を ~/.ssh/configに追加

結果_例)
Host git-codecommit.*.amazonaws.com
  User APKAI3YRE4AABBCCDDEE
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
  IdentityFile ~/.ssh/codecommit-handson-20180102

接続確認

確認
ssh git-codecommit.ap-northeast-1.amazonaws.com
結果
Warning: Permanently added 'git-codecommit.ap-northeast-1.amazonaws.com,52.119.218.16' (RSA) to the list of known hosts.
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.ap-northeast-1.amazonaws.com closed by remote host.
Connection to git-codecommit.ap-northeast-1.amazonaws.com closed.

CodeCommit用のHTTPS認証ヘルパー設定

gitconfigの設定

gitconfig設定
git config --global credential.helper '!aws --profile codecommit-handson codecommit credential-helper $@'
git config --global credential.UseHttpPath true

~/.gitconfigに下記の情報が追加される

~/.gitconfig
[credential]
	helper = !aws --profile codecommit-handson codecommit credential-helper $@
	UseHttpPath = true

テストレポジトリを作成しcloneしてみる

作成
REPO_NAME=${IAM_USER}-$(date +%Y%m%d%H%M%S)
aws codecommit create-repository --repository-name ${REPO_NAME} \
--repository-description "codecommit handson 2018"
結果
{
    "repositoryMetadata": {
        "repositoryName": "codecommit-handson-20180103140202", 
        "cloneUrlSsh": "ssh://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202", 
        "lastModifiedDate": 1514955723.245, 
        "repositoryDescription": "codecommit handson 2018", 
        "cloneUrlHttp": "https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202", 
        "creationDate": 1514955723.245, 
        "repositoryId": "8842d149-b58f-4531-9081-020f07d9fc5c", 
        "Arn": "arn:aws:codecommit:ap-northeast-1:674xxxxxxxxx:codecommit-handson-20180103140202", 
        "accountId": "674xxxxxxxxx"
    }
}

結果のURLcloneUrlSshはSSH情報、cloneUrlHttpはHTTPSから接続できます。

例-sshの場合
git clone ssh://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202
例-httpsの場合
git clone https://git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/codecommit-handson-20180103140202

リポジトリの削除

削除
aws codecommit delete-repository \
--repository-name "codecommit-handson-20180103140202"
結果
{
    "repositoryId": "8842d149-b58f-4531-9081-020f07d9fc5c"
}

以上。

2
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
2
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?