Access AWS CodeCommit from Jenkins running on EC2 (Ubuntu)

Question

I'm trying to integrate Jenkins with AWS CodeCommit. Jenkins is running on an AWS EC2 Instance with Ubuntu 14.04.

I followed this Blogpost: http://blogs.aws.amazon.com/application-management/post/Tx1C8B98XN0AF2E/Integrating-AWS-CodeCommit-with-Jenkins

The problem is, that sudo -u jenkins aws configure isn't executed because the jenkins user has no permissions.

What would you do?

The following commands aren't working as well:

sudo -u jenkins git config --global credential.helper '!aws codecommit credential-helper $@'
sudo -u jenkins git config --global credential.useHttpPath true
sudo -u jenkins git config --global user.email "me@mycompany.com"
sudo -u jenkins git config --global user.name "MyJenkinsServer"

What rights does the jenkins user need?

Thanks in advance.

Answer 1

I was able to achieve this integration using SSH. To some extent, I followed these instructions: Setting up for CodeCommit

Assuming Jenkins Home is /var/lib/jenkins/

1. Create an ssh key on the Jenkins EC2 instance (/var/lib/jenkins/.ssh/id_rsa)

   ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id-rsa -a -N
   

2. Upload the public key to an IAM user (IAM user must have CodeCommit access)

   aws iam upload-ssh-public-key --user-name <username> --ssh-public-key-body file:///var/lib/jenkins/.ssh/id_rsa.pub
   

3. Collect the SSHPublicKeyID when you upload the key

   {
    "SSHPublicKey": {
    "UserName": "jenkins",
    "Status": "Active",
    "SSHPublicKeyBody": "ssh-rsa <rsa-key> <host>\n",
    "UploadDate": "2015-09-02T19:18:24.309Z",
    "Fingerprint": "xxx",
    "SSHPublicKeyId": "APK***"
    }
   }
   

4. Create/modify SSH config file

   Host git-codecommit.*.amazonaws.com
     User APK*******
     IdentityFile /var/lib/jenkins/.ssh/id_rsa
     StrictHostKeyChecking no
   

5. Where the APK*** is the value of the Key ID retrieved in step 3

6. Copy or move this file to /var/lib/jenkins/.ssh/config (or wherever Jenkins is installed on your EC2 instance)
7. Ensure 'jenkins' user has 0600 permissions to /var/lib/jenkins/.ssh directory
8. Create a Jenkins job as described in the blog post you first used. For the repository URL, however, enter the SSH url instead. (no credentials needed)

Answer 2

After doing all of above steps. If it is still not works. clone any branch within /var/lib/jenkins/.ssh. It will add known host entry.

sudo -u jenkins git clone ssh://git-codecommit.<your-region>.amazonaws.com/v1/repos/<your test branch>`