AWS CodeCommit HTTPS访问,无需设置凭证帮助程序
[英]AWS CodeCommit HTTPS access without setting up credential helper
问题描述
We are transitioning from GitHub to AWS CodeCommit to have a tightly integrated environment. 
我们正在从GitHub过渡到AWS CodeCommit,以实现紧密集成的环境。
One need is to access one repository through HTTPS. 一个需要是通过HTTPS访问一个存储库。 This repo is accessed ny Spring Cloud Config Server product that uses jgit to read the repo and clone the files for its use. 此repo是通过Spring Cloud Config Server产品访问的,该产品使用jgit读取存储库并克隆文件以供其使用。
AWS CodeCommit apparently requires the use of the credential helper when connecting through HTTPS, but I don't the setup to be like that. AWS CodeCommit显然需要在通过HTTPS连接时使用凭据帮助程序,但我不会将设置设置为类似。 I want a user and password setup that jgit can use without the need to generate a temp credential using the credential helper. 我想要一个jgit可以使用的用户和密码设置,而无需使用凭证助手生成临时凭证。 Any way to accomplish this? 有没有办法实现这个目标?
Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS? 有没有办法配置CodeCommit访问固定用户和密码通过HTTPS访问存储库?
4 个解决方案
解决方案1
4 2015-08-23 14:34:39
Update 更新
As of December 22 2016, AWS CodeCommit supports the use of a static user name and password as a simplified way to authenticate to your AWS CodeCommit repositories over HTTPS : 截至2016年12月22日, AWS CodeCommit支持使用静态用户名和密码作为通过HTTPS向AWS CodeCommit存储库进行身份验证的简化方式 :
With Git credentials, you can generate a static user name and password in the Identity and Access Management (IAM) console that you can use to access AWS CodeCommit repositories from the command line, Git CLI, or any Git tool that supports HTTPS authentication.
Because these are static credentials, they can be cached using the password management tools included in your local operating system or stored in a credential management utility.
[...]
Initial Answer 初步答复
Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?
No, as outlined in Setting Up for AWS CodeCommit , you have to either use HTTPS or SSH, and the former requires a cryptographically signed version of your IAM user credentials or Amazon EC2 instance role whenever Git needs to authenticate with AWS in order to interact with repositories in AWS CodeCommit . 不,如设置AWS CodeCommit中所述 ,您必须使用HTTPS或SSH,前者需要加密签名版本的IAM用户凭据或Amazon EC2实例角色,只要Git需要通过AWS进行身份验证才能与之交互AWS CodeCommit中的存储库 。
However, as mentioned by Mark L. Smith in his answer to using native git not jgit in Eclipse git , while These credentials expire in ~15 minutes , nothing prevents you from implementing the signing process yourself, and Mark kindly provided a resp. 然而,正如Mark L. Smith在回答在Eclipse git中使用原生git而不是jgit所提到的那样 ,虽然这些凭证在约15分钟后到期 ,但没有什么能阻止你自己实现签名过程,而且Mark友好地提供了一个resp。 Example showing how to clone an AWS CodeCommit repository over HTTPS using jgit right away, see jgit-codecommit for details. 显示如何使用jgit立即通过HTTPS克隆AWS CodeCommit存储库 的示例 ,有关详细信息,请参阅jgit-codecommit 。
解决方案2
2 2015-08-06 18:12:24
To my knowledge (and I have been spending most of my time fooling around with CodeCommit for two weeks now), no, there's no way to use a username/password combination. 据我所知(我花了大部分时间在CodeCommit上花费了两个星期的时间),不,没有办法使用用户名/密码组合。 One of the key features of CodeCommit is that it integrates with your already existing AWS ecosystem by utilizing IAM users and/or roles to grant access more or less automatically, once set up. CodeCommit的一个主要功能是,它通过利用IAM用户和/或角色在设置后或多或少地自动授予访问权限,与您现有的AWS生态系统集成。 What is keeping your from using the credential helper? 什么阻止您使用凭证助手?
This may not be what you want, but have you tried creating an IAM user solely for allowing your server to access CodeCommit? 这可能不是您想要的,但您是否尝试过创建IAM用户,仅允许您的服务器访问CodeCommit? You could then generate an access key and secret key for that user and store them as a profile in the server's credentials file (which is typically ~/.aws/credentials). 然后,您可以为该用户生成访问密钥和密钥,并将其作为配置文件存储在服务器的凭证文件中(通常为〜/ .aws / credentials)。 Then you can set up the server's git config to use the credential helper with that profile, and it will automatically authenticate going forward. 然后,您可以设置服务器的git配置以使用该配置文件的凭据帮助程序,它将自动进行身份验证。 The key is to use IAM user credentials, so they are permanent, as opposed to IAM role credentials, which expire. 关键是使用IAM用户凭据,因此它们是永久性的,而不是IAM角色凭证,它将过期。
解决方案3
2 2017-07-11 17:54:13
Is there any way to configure CodeCommit to access a fixed user and password to access the repository through HTTPS?
The answer used to be 'no', but AWS CodeCommit now offers HTTPS Git Credentials 答案过去是'不',但AWS CodeCommit现在提供HTTPS Git凭证
These are static username/password credentials that can be cached using your standard credential managers (if you have one), and work with IDEs that support username/password auth. 这些是静态用户名/密码凭据,可以使用标准凭据管理器(如果有的话)进行高速缓存,并使用支持用户名/密码身份验证的IDE。 IDE Setup IDE设置
解决方案4
0 2018-12-06 06:40:52
This is now possible. 现在这是可能的。
1) Configure AWS credential helper. 1)配置AWS凭证帮助程序。 Follow this link for Unix like systems. 请按照此链接获取类似Unix的系统。 Setting up AWS credential helper. 设置AWS凭证帮助程序。
2) This command displays your AWS credentials if the git credential helper works correctly. 2)如果git凭证帮助程序正常工作,此命令将显示您的AWS凭据。 If not run the same command with --debug flag to find the issue. 如果没有使用--debug标志运行相同的命令来查找问题。
echo -e "protocol=https\npath=/v1/repos/myrepo\nhost=git-codecommit.us-east-1.amazonaws.com" | aws codecommit credential-helper get
3) Include the dependency in your build. 3)在构建中包含依赖项。
implementation('com.amazonaws:aws-java-sdk-core:1.11.463')
4) Then set the CodeCommit url in application.yml. 4)然后在application.yml中设置CodeCommit url。
spring.cloud.config.server.git.uri=https://git-codecommit.us-west-2.amazonaws.com/v1/repos/moa-config
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.