Sometimes, you might have to fetch your own git repository from an AMI. In order to achieve this, you need a role which allows your EC2 instance to access the git repository. So, in your IAM create a new role with the attached policy AWSCodeCommitReadOnly and a trust relationship for EC2.
You’ll also have to give yourself the permission to pass a role to an EC2 instance.
When you startup an instance using
create_instance you can now pass the
Instance Profile ARN to the EC2 instance. Pay attention not to use the
On the current AMI of Ubuntu (Ubuntu Server 14.04, ami-fce3c696) there’s a higher burden. If you want to use CodeCommit from this AMI without setting up SSH keys (i.e. using HTTPS and the credential helper), you’ll receive this nice little error:
error: gnutls_handshake() failed
According to askubuntu, this is a problem with gnutls and can be solved by replacing it with openssl. So, you’ll have to do this first. We can automatize the steps from the answer into our startup script:
After this step you have to setup the credential helper for git:
The Ubuntu AMI does not include the awscli and the one in the Ubuntu
repository is outdated and does not include
codecommit commands. So, you
should install awscli from pip.
Now you are ready to clone your git repository: