Terraform: EC2 access to CodeCommit without HTTPS or SSH credentials.

The Problem

I needed a way for a EC2 instance to clone a CodeCommit repository without using HTTPS credentials or a SSH key. Specifically I wanted to use policies and roles assigned to the EC2 instance to permit it to execute the desired action. Once working the configuration is surprisingly simple. Getting it to that state was not.

The Solution

Sometimes I feel like web apps are like this.

The solution turned out the be relatively straight forward once all the parts are configured correctly. It really only involves 5 Terraform resources. The last one being the secret sauce that makes it all work properly.

  • aws_instance
  • aws_iam_role
  • aws_iam_role_policy_attachment
  • aws_security_group
  • aws_iam_instance_profile

So I put this all together into a GitHub repository for posterity. The code is well commented and explains what everything does.

References