Cross account code commit role access using AWS CLI

Follow these steps to configure access using git-remote-codecommit. If you have not already installed git-remote-codecommit, download it from git-remote-codecommit on the Python Package Index website

To configure the AWS CLI and Git for cross-account access

Install the AWS CLI on the local computer. See instructions for your operating system in Installing the AWS CLI.

Install Git on the local computer.

Configure AWS CLI with below command:

#aws configure
When prompted, provide the following information:
AWS Access Key ID [None]: Your-IAM-User-Access-Key
AWS Secret Access Key ID [None]: Your-IAM-User-Secret-Access-Key
Default region name ID [None]: ap-south-1
Default output format [None]: json

Create profile with below command:
#aws configure — profile MyCrossAccountAccessProfile

When prompted, provide the following information:
AWS Access Key ID [None]: Your-IAM-User-Access-Key
AWS Secret Access Key ID [None]: Your-IAM-User-Secret-Access-Key
Default region name ID [None]: ap-south-1
Default output format [None]: json

In a plain-text editor, open the config file, also known as the AWS CLI configuration file. Depending on your operating system, this file might be located at ~/.aws/config on Linux, macOS, or Unix, or at drive:\Users\USERNAME\.aws\config on Windows.

In the file, find the entry that corresponds to the default profile you configured for access to repositories in AccountB. It should look similar to the following:

[default]
region = ap-south-1
output = json

Add account to the profile configuration. Provide the AWS account ID of Account. in our case:
[default]
account = 1111111111111
region = ap-south-1
output = json

In the file, find the entry that corresponds to the MyCrossAccountAccessProfile profile you just created. It should look similar to the following:

[profile MyCrossAccountAccessProfile]
region = ap-south-1
output = json

Add account, role_arn and source_profile to the profile configuration. Provide the AWS account ID of AccountA, the ARN of the role in AccountA that you assume to access the repository in the other account, and the name of your default AWS CLI profile in AccountB. For example:

[profile MyCrossAccountAccessProfile]
account = 222222222222
role_arn = arn:aws:iam::222222222222:role/code-commit-access-role
region = ap-south-1
source_profile = default
output = json

Save your changes, and close the plain-text editor.

To clone the cross-account repository to your local computer

At the command line or terminal, in the directory where you want to clone the repository, run the git clone command with the HTTPS (GRC) clone URL. For example:

git clone codecommit://MyCrossAccountAccessProfile@abc-node-js