I needed a way for a EC2 instance to clone a CodeCommit repository without using HTTPS credentials or a SSH key. Specifically I wanted to use policies and roles assigned to the EC2 instance to permit it to execute the desired action. Once working the configuration is surprisingly simple. Getting it to that state was not.
The solution turned out the be relatively straight forward once all the parts are configured correctly. It really only involves 5 Terraform resources. The last one being the secret sauce that makes it all work properly.
So I put this all together into a GitHub repository for posterity. The code is well commented and explains what everything does.