Connect Securely to AWS CodeCommit with MFA
The instructions on this page describe how to successfully connect to a CodeCommit repo from your command line using MFA. It assumes you're connecting via HTTPS (i.e. not SSH).
- Ensure you have created temporary credentials from your terminal by following the instructions at Generating Temporary Credentials
- Go to your terminal and type
aws s3 lsto ensure you can access the AWS API using your temporary credentials.
- Go to the IAM Console
- Select Users
- Find and select your User name
- Click on the Security credentials tab
- Scroll to the HTTPS Git credentials for AWS CodeCommit section
- Click the Generate button and download the credentials locally
- Go to your AWS console and find the CodeCommit service.
- Click the Create repository button,
- Enter a unique repository name and a description and click Create.
- From the newly created repo, click on the Create file button.
- Enter some test text. Enter a File name (For example, file.txt), Author name, Email address, a Commit message and click Commit changes.
- From your terminal, type:
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
- From the AWS CodeCommit console, click Clone URL from the repo you just created and select Clone HTTPS (This copies the command to your clipboard).
- Go back to your terminal and paste (or type) the git clone command. It should look something like
git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/codecommit-demo
More information can be found at Step 3: Set Up the Credential Helper . Take particular note if you are using the default version of Git on macOS as it stores your credentials in the Keychain Access Utility so you will need to delete these values every time you obtain a new MFA token.