I have a CodeCommit repo in Account A, that I would like to use as a source provider for my CodeBuild project in Account B.
I have created a Role in Account A with full codecommit access to Account B. I am lost on how to proceed further with this.
How do I use this role that in Account A in my CodeBuild project that is in Account B?
2
Answers
I realised that I cannot do this directly with CodeBuild so I created a CodePipeline, CMK, and an artifact bucket with the necessary permissions for the source code to get uploaded to it first. I followed this blog post to do it through the console and CLI, and then created CF templates for later re-use.
https://prashant-48386.medium.com/cross-account-codepipeline-that-use-codecommit-from-another-aws-account-9d5ab4c892f6
You can setup a cross-account pipeline using AWS CodePipeline, which accesses the repository from Account A from another account – typically that would your CI/CD account. The CI/CD account then usually also deploys again to other accounts such as Test, QA or Prod.
See this AWS blog post for a description on how this can be implemented. There is also a GitHub example from AWS, along with a accompanying workshop, that guides you through the full process. Just note that the GitHub sample + workshop assume the repo to be in the same account as the pipeline, while the blog post and your scenario have the repo in a different account.