Update: AWS CodeCommit web repository viewer

As of Tasks for AWS 2.18 and Identity Federation for AWS 2.11, you can use the AWS CodeCommit web repository viewer to gain deep links with optional Single Sign-On (SSO) so that you can click through to commits and diffs in the CodeCommit console from build and deployment results.

• This feature is provided by Identity Federation for AWS (Bamboo), which is bundled and free for Tasks for AWS licensees, see the resp. FAQ for details.

Hi , thanks for describing your use case.

While CodeCommit would ideally be integrated as a full blown Bamboo source repository provider similar to Bitbucket and GitHub, your specific scenario might already be partially achievable without any dedicated add-on support.

• I have not verified either one of these approaches myself yet, am just exploring them as we speak (we will add resp. KB articles once we have fully tested them ourselves, might take a bit though) - please let us know whether they work for you and might cover your current needs already.

The documented standard integration between CodeCommit and Git is a bit more involved and based on integrating the AWS CLI's codecommit credential-helper get command as a git credentials helper - accordingly, you would need to roughly follow the steps in either one of the following approaches to achieve your goal:

AWS CodeCommit via IAM role for EC2

1. Set Up the Credential Helper on the Bamboo elastic agent image.

   • You might want to use a dedicated image for this purpose so that you can use Git with CodeCommit and other Git providers at the same time.

2. Configure the Bamboo elastic agent's IAM role for Amazon EC2 with the desired/required user access permissions for the target repositories.

3. You should be all set at this point, because the AWS CLI will pick up the temporary AWS security credentials provided by the agent's IAM role automatically via its credentials provider chain mechanism, as outlined in Configuration Settings and Precedence.

AWS CodeCommit via AWS Credentials Variables task

Our AWS Credentials Variables task provides managed temporary AWS security credentials for other tools by injecting them into AWS unaware tasks like the Bamboo Script task.

• This task is provided by Identity Federation for AWS (Bamboo), which is included and free to use for Tasks for AWS licensees.

1. Set Up the Credential Helper on the Bamboo elastic agent image.

   • You might want to use a dedicated image for this purpose so that you can use Git with CodeCommit and other Git providers at the same time.

2. Configure an Identity Federation for AWS connector with the desired/required user access permissions for the target repositories.

3. Follow steps 1 and 2 in How to work around limitations with the AWS Command Line Interface (AWS CLI) to configure a Script task with temporary AWS security credentials, and handle the desired Git operations via the Git CLI right within this script.

   • That is, other than when using the IAM role, you can not facilitate the 'Source Code Checkout' task in this scenario, because the injected environment variables are only available during execution of the script task at hand!

4. You should be all set at this point, because the AWS CLI will pick up the temporary AWS security credentials provided by the environment variables via its credentials provider chain mechanism, as outlined in Configuration Settings and Precedence.

Keen for this. Love to have IAM role of the bamboo agent to be able to authenticate to AWS for CodeCommit.

I'm accepting this epic on the grounds of its title and our desire to support CodeCommit one way or another at some point in the future. However, this is not yet a commitment to implementing it in Tasks for AWS itself, or in any other add-on - please vote for this issue (and ideally describe your use case) so that we can hopefully make this happen one day.