terragrunt
terragrunt copied to clipboard
gruntwork-io
Add CodeCommit as a source for Modules
Describe the solution you'd like
Id like to be able to use the HTTPS(GRC) protocol to retrieve my Terragrunt Modules from CodeCommit for example
terraform {
source = "codecommit::us-gov-west-1://AWS_PROFILE@REPO_NAME"
}
The error I get if I try to use this source is 1 error occurred: * download not supported for scheme 'codecommit'
Describe alternatives you've considered
I do not have alternatives available to me in this situation because I can only authenticate VIA SSO. Access Keys/ SSH/Git credentials are not an option due to org security requirements.
Additional context
The HTTPS(GRC) URL uses The Python git-remote-codecommit package as a wrapper to facilitate login using the AWS Profile. Some AWS Orgs do not allow IAM Users or access keys and only authenticate via SSO.
I've used Terragrunt with Codecommit for many years now. I'd suggest to just use the pure https schema, instead of the aws-custom "codecommit" schema (https grc in codecommit-speak).
For the pure https schema to work, you can specify the source like so:
source = "git::https://git-codecommit.<region>.amazonaws.com/v1/repos/<repo>?ref=<ref>"
And in your .gitconfig, add an entry like so:
[credential "https://git-codecommit.*.amazonaws.com"]
helper = !aws codecommit credential-helper $@
UseHttpPath = true
Then git will call the aws cli to authenticate using the active profile when it clones the repo. You can export AWS_PROFILE if you need to use a specific, non-default profile.
Thanks @lorengordon for the suggestion. I think the issue can be marked as solved.
