AWS SSO, Codecommit (GRC git clone link) and npm install

Question

Single Sign On (SSO) is implemented on AWS account. After running aws sso login, cloning a node a repo using (GRC link) works. However, running npm install in repo results in different errors.

ex. package.json

...
"dependencies": {
    ...
    "common-resource-1": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/common-resource-1#develop",
   ...
}
...

The errors

npm ERR! Error while executing:
npm ERR! /usr/local/bin/git ls-remote -h -t https://git-codecommit.us-east-1.amazonaws.com/v1/repos/common-resource-1
npm ERR!
npm ERR! some-user@git-codecommit.us-east-1.amazonaws.com : Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128

That makes sense because there are no ssh or https creds. git-remote-codecommit python package is installed as recommended buy AWS https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-git-remote-codecommit.html

However, the following returns repo information: /usr/local/bin/git ls-remote -h -t codecommit://common-resource-1

also tried with putting the following in package.json "common-resource-2": "codecommit::east-1://common-resource-2#develop", The error I get is

npm ERR! code EUNSUPPORTEDPROTOCOL
npm ERR! Unsupported URL Type "codecommit:": codecommit::east-1://common-resource-2#develop

This is an issue for many repos, since other repos use common-resource-1 and common-resource-2 repos.

Any help with this would be greatly appreciated.

Went back and forth with AWS Support. They said there is no way to achieve this with only SSO. They suggested using the git credentials (IAM -> security credentials tab -> HTTP Git credentials for AWS Codecommit) when cloning repos. And also suggested opening a request with npm cli to allow of custom protocols. I will do another post asking if there is a resource that can be added to npm to use custom protocols. — user2517182, Sep 19 '22 at 14:56

user2517182 · Accepted Answer · 2022-09-26T18:58:16.583

2

If on a mac:

Remove any keychains entries that may pertain to the domain and/or repository in question. This was my main problem.

Use the git credential-helper with aws command as followings:

[credential "https://git-codecommit.us-east-1.amazonaws.com"]
     UseHttpPath = true
     helper = !aws codecommit credential-helper $@

Note: if on mac and it still does not work, may have to add dummy value for the username attribute.

[credential "https://git-codecommit.us-east-1.amazonaws.com"]
     UseHttpPath = true
     helper = !aws codecommit credential-helper $@
     username = "dummy"

edited Sep 26 '22 at 18:58

answered Sep 19 '22 at 19:06

user2517182

1,241
3
15
37

I will wait a bit to see if a better answer shows up, and if not then I will make this as the answer. – user2517182 Sep 19 '22 at 19:07

AWS SSO, Codecommit (GRC git clone link) and npm install

1 Answers1

Linked