Menu
AWS CodeCommit
User Guide (API Version 2015-04-13)

Setup Steps for SSH Connections to AWS CodeCommit Repositories on Windows

Before you can connect to AWS CodeCommit for the first time, you must complete the initial configuration steps. This topic walks you through the steps for setting up your computer and AWS profile, connecting to an AWS CodeCommit repository, and cloning that repository to your computer (also known as creating a local repo). If you're new to Git, you might also want to review the information in Where Can I Learn More About Git?.

Step 1: Initial Configuration for AWS CodeCommit

Follow these steps to set up an AWS account, create an IAM user, and configure access to AWS CodeCommit.

To create and configure an IAM user for accessing AWS CodeCommit

  1. Create an AWS account by going to http://aws.amazon.com and choosing Sign Up.

  2. Create an IAM user, or use an existing one, in your AWS account. Make sure you have an access key ID and a secret access key associated with that IAM user. For more information, see Creating an IAM User in Your AWS Account.

    Note

    AWS CodeCommit requires AWS Key Management Service. If you are using an existing IAM user, make sure there are no policies attached to the user that expressly deny the AWS KMS actions required by AWS CodeCommit. For more information, see AWS KMS and Encryption.

  3. Sign in to the IAM console at https://console.aws.amazon.com/iam/.

  4. In the IAM console, in the navigation pane, choose Users, and then choose the IAM user you want to configure for AWS CodeCommit access.

  5. On the Permissions tab, choose Add Permissions.

  6. In Grant permissions, choose Attach existing policies directly.

  7. Select AWSCodeCommitFullAccess from the list of policies, or another managed policy for AWS CodeCommit access. For more information about managed policies for AWS CodeCommit, see Managed Policies for AWS CodeCommit.

    • To use Git credentials to connect to AWS CodeCommit, select the IAMSelfManageServiceSpecificCredentials and IAMReadOnlyAccess managed policies.

    • To use SSH to connect to AWS CodeCommit, select the IAMUserSSHKeys and IAMReadOnlyAccess managed policies.

    After you have selected the policies you want to attach, choose Next: Review to review the list of policies that will be attached to the IAM user. If the list is correct, choose Add permissions.

    For more information about AWS CodeCommit managed policies and sharing access to repositories with other groups and users, see Share a Repository and Access Permissions Reference.

Note

If you want to use AWS CLI commands with AWS CodeCommit, install the AWS CLI. For more information, see Command Line Reference.

Step 2: Install Git

To work with files, commits, and other information in AWS CodeCommit repositories, you must install Git on your local machine. AWS CodeCommit supports Git versions 1.7.9 and later.

To install Git, we recommend websites such as Git Downloads.

Note

Git is an evolving, regularly updated platform. Occasionally, a feature change might affect the way it works with AWS CodeCommit. If you encounter issues with a specific version of Git and AWS CodeCommit, review the information in Troubleshooting.

If the version of Git you installed does not include a Bash emulator, such as Git Bash, install one. You will use this emulator instead of the Windows command line when you configure SSH connections.

SSH and Windows: Set Up the Public and Private Keys for Git and AWS CodeCommit

  1. Open the Bash emulator.

    Tip

    You might need to run the emulator with administrative permissions.

    From the emulator, run the ssh-keygen command, and follow the directions to save the file to the .ssh directory for your profile.

    For example:

    Copy
    $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/drive/Users/user-name/.ssh/id_rsa): Type a file name here, for example /c/Users/user-name/.ssh/codecommit_rsa Enter passphrase (empty for no passphrase): <Type a passphrase, and then press Enter> Enter same passphrase again: <Type the passphrase again, and then press Enter> Your identification has been saved in drive/Users/user-name/.ssh/codecommit_rsa. Your public key has been saved in drive/Users/user-name/.ssh/codecommit_rsa.pub. The key fingerprint is: 45:63:d5:99:0e:99:73:50:5e:d4:b3:2d:86:4a:2c:14 user-name@client-name The key's randomart image is: +--[ RSA 2048]----+ | E.+.o*.++| | .o .=.=o.| | . .. *. +| | ..o . +..| | So . . . | | . | | | | | | | +-----------------+

    This generates:

    • The codecommit_rsa file, which is the private key file.

    • The codecommit_rsa.pub file, which is the public key file.

  2. Run the following commands to display the value of the public key file (codecommit_rsa.pub):

    Copy
    cd .ssh notepad codecommit_rsa.pub

    Copy the contents of the file, and then close Notepad without saving. The contents of the file will look similar to the following:

    Copy
    ssh-rsa EXAMPLE-AfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCVVMxCzAJB gNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb2 5zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhc NMTEwNDI1MjA0NTIxWhcNMTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAw DgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDAS=EXAMPLE user-name@computer-name
  3. Sign in to the IAM console at https://console.aws.amazon.com/iam/.

  4. In the IAM console, in the navigation pane, choose Users, and from the list of users, choose your IAM user.

  5. On the user details page, choose the Security Credentials tab, and then choose Upload SSH public key.

  6. Paste the contents of your SSH public key into the field, and then choose Upload SSH public key.

  7. Copy or save the information in SSH Key ID (for example, APKAEIBAERJR2EXAMPLE).

    
            The SSH Key ID in the IAM console
  8. In the Bash emulator, type the following commands to create a config file in the ~/.ssh directory, or edit it if one already exists:

    Copy
    notepad ~/.ssh/config
  9. Add the following lines to the file, where the value for User is the SSH key ID you copied earlier, and the value for IdentityFile is the path to and name of the private key file:

    Copy
    Host git-codecommit.*.amazonaws.com User APKAEIBAERJR2EXAMPLE IdentityFile ~/.ssh/codecommit_rsa

    Note

    If you gave your private key file a name other than codecommit_rsa, be sure to use it here.

    Save the file as config (not config.txt), and then close Notepad.

    Important

    The name of the file must be config with no file extension, or the SSH connections will fail.

  10. Run the following command to test your SSH configuration:

    Copy
    ssh git-codecommit.us-east-2.amazonaws.com

    You will be asked to confirm the connection because git-codecommit.us-east-2.amazonaws.com is not yet included in your known hosts file. The AWS CodeCommit server fingerprint is displayed as part of the verification:

    Public fingerprints for AWS CodeCommit

    Server Cryptographic hash type Fingerprint
    git-codecommit.us-east-2.amazonaws.com MD5 a9:6d:03:ed:08:42:21:be:06:e1:e0:2a:d1:75:31:5e
    git-codecommit.us-east-2.amazonaws.com SHA256 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ
    git-codecommit.us-east-1.amazonaws.com MD5 a6:9c:7d:bc:35:f5:d4:5f:8b:ba:6f:c8:bc:d4:83:84
    git-codecommit.us-east-1.amazonaws.com SHA256 eLMY1j0DKA4uvDZcl/KgtIayZANwX6t8+8isPtotBoY
    git-codecommit.us-west-2.amazonaws.com MD5 a8:68:53:e3:99:ac:6e:d7:04:7e:f7:92:95:77:a9:77
    git-codecommit.us-west-2.amazonaws.com SHA256 0pJx9SQpkbPUAHwy58UVIq0IHcyo1fwCpOOuVgcAWPo
    git-codecommit.eu-west-1.amazonaws.com MD5 93:42:36:ea:22:1f:f1:0f:20:02:4a:79:ff:ea:12:1d
    git-codecommit.eu-west-1.amazonaws.com SHA256 tKjRkOL8dmJyTmSbeSdN1S8F/f0iql3RlvqgTOP1UyQ
    git-codecommit.ap-northeast-1.amazonaws.com MD5 8e:a3:f0:80:98:48:1c:5c:6f:59:db:a7:8f:6e:c6:cb
    git-codecommit.ap-northeast-1.amazonaws.com SHA256 Xk/WeYD/K/bnBybzhiuu4dWpBJtXPf7E30jHU7se4Ow
    git-codecommit.ap-southeast-1.amazonaws.com MD5 65:e5:27:c3:09:68:0d:8e:b7:6d:94:25:80:3e:93:cf
    git-codecommit.ap-southeast-1.amazonaws.com SHA256 ZIsVa7OVzxrTIf+Rk4UbhPv6Es22mSB3uTBojfPXIno
    git-codecommit.ap-southeast-2.amazonaws.com MD5 7b:d2:c1:24:e6:91:a5:7b:fa:c1:0c:35:95:87:da:a0
    git-codecommit.ap-southeast-2.amazonaws.com SHA256 nYp+gHas80HY3DqbP4yanCDFhqDVjseefVbHEXqH2Ec
    git-codecommit.eu-central-1.amazonaws.com MD5 74:5a:e8:02:fc:b2:9c:06:10:b4:78:84:65:94:22:2d
    git-codecommit.eu-central-1.amazonaws.com SHA256 MwGrkiEki8QkkBtlAgXbYt0hoZYBnZF62VY5RzGJEUY
    git-codecommit.ap-northeast-2.amazonaws.com MD5 9f:68:48:9b:5f:fc:96:69:39:45:58:87:95:b3:69:ed
    git-codecommit.ap-northeast-2.amazonaws.com SHA256 eegAPQrWY9YsYo9ZHIKOmxetfXBHzAZd8Eya53Qcwko
    git-codecommit.sa-east-1.amazonaws.com MD5 74:99:9d:ff:2b:ef:63:c6:4b:b4:6a:7f:62:c5:4b:51
    git-codecommit.sa-east-1.amazonaws.com SHA256 kW+VKB0jpRaG/ZbXkgbtMQbKgEDK7JnISV3SVoyCmzU
    git-codecommit.us-west-1.amazonaws.com MD5 3b:76:18:83:13:2c:f8:eb:e9:a3:d0:51:10:32:e7:d1
    git-codecommit.us-west-1.amazonaws.com SHA256 gzauWTWXDK2u5KuMMi5vbKTmfyerdIwgSbzYBODLpzg
    git-codecommit.eu-west-2.amazonaws.com MD5 a5:65:a6:b1:84:02:b1:95:43:f9:0e:de:dd:ed:61:d3
    git-codecommit.eu-west-2.amazonaws.com SHA256 r0Rwz5k/IHp/QyrRnfiM9j02D5UEqMbtFNTuDG2hNbs

    After you have confirmed the connection, you should see confirmation that you have added the server to your known hosts file and a successful connection message. If you do not see a success message, double-check that you saved the config file in the ~/.ssh directory of the IAM user you configured for access to AWS CodeCommit, that the config file has no file extension (for example, it must not be named config.txt), and that you specified the correct private key file (codecommit_rsa, not codecommit_rsa.pub).

    For information to help you troubleshoot problems, run the ssh command with the -v parameter:

    Copy
    ssh -v git-codecommit.us-east-2.amazonaws.com

    You can find more information to help you troubleshoot connection problems in Troubleshooting.

Step 4: Connect to the AWS CodeCommit Console and Clone the Repository

If an administrator has already sent you the name and connection details for the AWS CodeCommit repository, you can skip this step and clone the repository directly.

  1. Open the AWS CodeCommit console at https://console.aws.amazon.com/codecommit.

  2. In the region selector, choose the region where the repository was created. Repositories are specific to an AWS region. For more information, see Regions and Git Connection Endpoints.

  3. Choose the repository you want to connect to from the list. This opens the Code page for that repository.

    Note

    If you see a Welcome page instead of a list of repositories, there are no repositories associated with your AWS account. To create a repository, see Create an AWS CodeCommit Repository or follow the steps in the Git with AWS CodeCommit Tutorial tutorial.

  4. Choose Clone URL, and then copy the SSH URL.

  5. In the Bash emulator, using the SSH URL you just copied, run the git clone command to clone the repository. This command will create the local repo in a subdirectory of the directory where you run the command. For example, to clone a repository named MyDemoRepo to a local repo named my-demo-repo in the US East (Ohio) region:

    Copy
    git clone ssh://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo

    Alternatively, open a command prompt, and using the URL and the SSH key ID for the public key you uploaded to IAM, run the git clone command. The local repo will be created in a subdirectory of the directory where you run the command. For example, to clone a repository named MyDemoRepo to a local repo named my-demo-repo:

    Copy
    git clone ssh://Your-SSH-Key-ID@git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo my-demo-repo

    For more information about how to connect to repositories, see Connect to the AWS CodeCommit Repository by Cloning the Repository.

Next Steps

You have completed the prerequisites. Follow the steps in AWS CodeCommit Tutorial to start using AWS CodeCommit.