Working with multiple AWS organizations? Using separate SSH keys for each AWS CodeCommit access is the cleanest and safest way to go. Here’s how to do it properly and integrate it seamlessly into Visual Studio Code.
Step 1: Generate SSH Keys
Generate a separate SSH key for each organization:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/organisationReplace "organisation" with the short name of your AWS org. You’ll now have:
-
~/.ssh/organisation -
~/.ssh/organisation.pub
Step 2: Upload Public Key to AWS IAM
-
Go to the AWS Console
-
Navigate to IAM > Users > [Your User] > Security Credentials
-
Under SSH keys for AWS CodeCommit, click Upload SSH Public Key
-
Upload the contents of your
.pubfile -
Save the SSH Key ID shown after upload
You’ll need this ID for your SSH config.
Step 3: Edit Your SSH Config File
Edit your SSH config to point each Host alias to a different identity file:
nano ~/.ssh/configExample config for one org:
Host codecommit-myorg
HostName git-codecommit.ap-southeast-2.amazonaws.com
User APKAEXAMPLESSHKEYID
IdentityFile ~/.ssh/myorg
IdentitiesOnly yesRepeat this block for each organization, changing the Host, IdentityFile, and User.
Step 4: Clone Repositories Using Custom SSH Alias
To clone a repo from this org:
git clone ssh://codecommit-myorg/v1/repos/your-repo-nameReplace
codecommit-myorgwith the alias you set in your SSH config.
Step 5: Open the Repo in VS Code
Open your freshly cloned repo like a pro:
code your-repo-nameStep 6: Ensure VS Code Uses Custom SSH Config (Optional)
Sometimes, VS Code’s terminal might use a default SSH setup. To be safe, export this:
export GIT_SSH_COMMAND="ssh -F ~/.ssh/config"You can even add that line to your shell profile (e.g., .bashrc or .zshrc) to persist it.
Why This Setup Works
-
Keeps credentials separate per org
-
Avoids the mess of switching IAM users or regions
-
Works smoothly with both CLI and VS Code
-
Reproducible and secure
Got feedback? Ping me on LinkedIn.