The current steps for setting up the AWS CLI credential helper here involve setting this value for all hosts, when this is not necessary. Furthermore, it is possible to reset the credential helper list by configuring the option to the empty string. This avoids issues for users also using other credential helpers such as osxkeychain or Git Credential Manager, that cannot access any repository after the temporary credentials expire. I would recommend the following setup steps:
git config --global credential."https://git-codecommit.*.amazonaws.com".helper ''
git config --global --add credential."https://git-codecommit.*.amazonaws.com".helper '!aws codecommit credential-helper $@'
git config --global credential."https://git-codecommit.*.amazonaws.com".UseHttpPath true
This will apply the configuration only for CodeCommit hosts, while also bypassing any other credential helpers. With the setup above, there is no need for any of the workarounds described in the documentation. After running the commands, the .gitconfig file should contain this section:
[credential "https://git-codecommit.*.amazonaws.com"]
helper =
helper = !aws codecommit credential-helper $@
UseHttpPath = true
For users using git-remote-codecommit, the following configuration could be applicable:
git config --global credential."https://git-codecommit.*.amazonaws.com".helper ''
This avoids the issue that Windows users have mentioned in this issue as well as here, which results in these messages being displayed:
fatal: Failed to write item to store. [0x6c6]
fatal: The array bounds are invalid
Additionally, the temporary credentials will not be stored in the Keychain anymore for macOS users. In all of the commands above, Windows users should replace single quotes with double quotes.