Setup for SSH users not using the Amazon CLI - Amazon CodeCommit
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setup for SSH users not using the Amazon CLI

If you want to use SSH connections for your repository, you can connect to Amazon CodeCommit without installing the Amazon CLI. The Amazon CLI includes commands that are useful when you use and manage CodeCommit repositories, but it is not required for initial setup.

This topic assumes:

  • You have set up an IAM user with the policies or permissions required for CodeCommit and the IAMUserSSHKeys managed policy or equivalent permissions required for uploading keys. For more information, see Using identity-based policies (IAM Policies) for CodeCommit.

  • You already have, or know how to create, a public-private key pair. We strongly recommend that you use a secure passphrase for your SSH key.

  • You are familiar with SSH, your Git client, and its configuration files.

  • If you are using Windows, you have installed a command-line utility, such as Git Bash, that emulates the bash shell.

If you need more guidance, follow the instructions in For SSH connections on Linux, OS X, or Unix or For SSH connections on Windows.

Step 1: Associate your public key with your IAM user

  1. Sign in to the Amazon Web Services Management Console and open the IAM console at

  2. In the IAM console, in the navigation pane, choose Users, and from the list of users, choose your IAM user.

  3. On the Security Credentials tab, choose Upload SSH public key.

  4. Paste the contents of your SSH public key into the field, and then choose Upload SSH Key.


    The public-private key pair must be SSH-2 RSA, in OpenSSH format, and contain 2048 bits. The key looks similar to this:


    IAM accepts public keys in the OpenSSH format only. If you provide your public key in another format, you see an error message that says the key format is not valid.

  5. Copy the SSH key ID (for example, APKAEIBAERJR2EXAMPLE) and close the console.

Step 2: Add CodeCommit to your SSH configuration

  1. At the terminal (Linux, OS X, or Unix) or bash emulator (Windows), edit your SSH configuration file by typing cat>> ~/.ssh/config:

    Host git-codecommit.* User Your-SSH-Key-ID, such as APKAEIBAERJR2EXAMPLE IdentityFile Your-Private-Key-File, such as ~/.ssh/codecommit_rsa or ~/.ssh/id_rsa

    If you have more than one SSH configuration, make sure you include the blank lines before and after the content. Save the file by pressing the Ctrl and d keys simultaneously.

  2. Run the following command to test your SSH configuration:


    Enter the passphrase for your SSH key file when prompted. If everything is configured correctly, you should see the following success message:

    You have successfully authenticated over SSH. You can use Git to interact with CodeCommit.

Next steps

You have completed the prerequisites. Follow the steps in Getting started with CodeCommit to start using CodeCommit.

To connect to a repository, follow the steps in Connect to a repository. To create a repository, follow the steps in Create a repository.