Allow codecommit authentication with STS instead of user/password

[fbourqui]

Hello,

We have all our IAM users that require mfa to login with their AWS access key, we do not allow them to create ServiceSpecificAccessKey (we plan to move to saml federation with ADFS, and we want only to use STS short time token).

The users run a script similar to samlapi.py, (see below link to aws blog), and need to provide his mfa to get sts token, we store the token in ~/.aws/credentials

For other ide like VS code, or git command line we can use aws helper: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html with: helper = !aws --profile my-profile-sts codecommit credential-helper $@

This could provide a solution for #89 Add Federated Access Support to Eclipse Toolkit. Would need to use: https://aws.amazon.com/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/ to get sts token.

[SumeetSingh786]

We need feature to add session tokens or temporary credentials using MFA device

[edwinwiles]

Strong request for MFA support. The company I work for requires MFA for all accounts.

Edit: Whether that support comes by way of actually accepting input from an MFA device directly, or simply accepting an STS generated via a helper, doesn't matter as much as getting access to work at all with MFA. A co-worker has been attempting this for several days now with a variety of IDE, with no real success.

[edwinwiles]

OT: only way to contact individual.

@fbourqui You mentioned getting VS Code to work

For other ide like VS code, or git command line we can use aws helper: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html with: helper = !aws --profile my-profile-sts codecommit credential-helper $@

Did that include getting AWS CLI commands working through VS Code? Or just getting VS Code able to work with CodeCommit?

Thanks!

[eschulma]

@edwinwiles I am fairly certain that syntax is git specific, having set that up for CodeCommit a few days ago.

I would like to request that the toolkit support SSO, as in the issue #89 you already linked to.

[ryan-max-mule]

@eschulma I left a comment on #89 as well, just checking to see if there was a solution for this. Can anyone recommend a way to utilize an HTTPS (GRC) URL in the AWS Toolkit for Eclipse's CodeCommit component, or some other way to clone/push code with a federated user?

[eschulma]

@ryan-max-mule I do it all from the command line. It's easy enough. I use yawsso (on GitHub) to get credentials into the necessary AWS file. Be aware that the Eclipse Toolkit is effectively dead, although they took my pull request to bring it up to Java 11 there has not been a new release in years. We still use it for CodeDeploy but nothing else.

I will add you need to set environment variables as well. See Medium and AWS documentation for guides.