2

I have two AWS accounts A, B.

All my code commit repositories are present in account A.

Now I want to create the AWS code Build job in account B for repositories in account A.

I am trying to figure out to get the list of AWS repositories in account B from account A while selecting the source for creating a code build job.

enter image description here

I am not sure how to get the list of repositories from account A to account B in the source Repository field.

I have followed the below tutorial only till the second topic. https://docs.aws.amazon.com/codecommit/latest/userguide/cross-account.html

Any help will be appreciated.

Wagh
  • 4,202
  • 5
  • 39
  • 62
  • what is the reason you havent tried the last step https://docs.aws.amazon.com/codecommit/latest/userguide/cross-account-user-b.html ? – Jatin Mehrotra Feb 28 '22 at 06:55
  • in the last step you would need to switch role and then you can access your code commit repositoty – Jatin Mehrotra Feb 28 '22 at 07:02
  • Can I access the repositories in the AWS console of account B? In the source section of Code build? – Wagh Feb 28 '22 at 11:20
  • 1
    yes in aws cosole of accout B, there might be error for code build, you will need to establish code build service role and policy for codebuild to access that, this can help you https://prashant-48386.medium.com/cross-account-codepipeline-that-use-codecommit-from-another-aws-account-9d5ab4c892f6 – Jatin Mehrotra Feb 28 '22 at 13:06
  • This is ont he similar lines, code build would need sperate permissions https://stackoverflow.com/a/63700325/13126651 – Jatin Mehrotra Mar 01 '22 at 05:20

1 Answers1

2

You can configure access to CodeCommit repositories for IAM users and groups in another AWS account. This is often referred to as cross-account access.

Mainly you be need to do the following:

  1. Will need to create a policy and role for the repository with the needed permissions.

  2. Create a policy and attach to your CodeBuild Role allowing the access on the Resource for the created Role

eg.

"Resource": "arn:aws:iam::REPO_ACCOUNT:role/MyCrossAccountRepositoryContributorRole"

This will enable the CodeBuild to access the needed CodeCommit repository.

This page explain this very well: Configure cross-account access to an AWS CodeCommit repository using roles.

Also, check this blog post that explain a little more detailed what you want: AWS CodePipeline with a Cross-Account CodeCommit Repository.

valdeci
  • 13,962
  • 6
  • 55
  • 80
  • 1
    I would be really interested in how you got this to work with CodeBuild. I tried it multiple times and it simply doesnt work for me. No matter what permissions the CodeBuild Service role receives it doesnt assume the role in the codeCommit account and therefore is unable to find the codecommit repo as it is not in the codebuild account. With CodePipeline sourcing the CodeCommit Repo from another account and then calling Codebuild works as demonstrated within the blogpost. – Michael Aicher Aug 25 '22 at 13:47