How to set up custom subdomain mapping to aws codecommit?

Question

Say, I own mydomain.com and I also host this domain in Route 53. I want to set up a subdomain, say, git.mydomain.com pointing to codecommit host. For example, git.mydomain.com => git-codecommit.us-west-2.amazonaws.com

I created a CNAME record in Route 53 to do that. I think DNS did pick up the change.

Trying "git.mydomain.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;git.mydomain.com.      IN  ANY

;; ANSWER SECTION:
git.mydomain.com.   41  IN  CNAME   git-codecommit.us-west-2.amazonaws.com.

However, when I try to clone the reop by running

git clone ssh://git.mydomain.com/v1/repos/reponame

, I keep getting

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights

It works when I just do

git clone ssh://git-codecommit.us-west-2.amazonaws.com/v1/repos/reponame

Do anyone know how to set this up properly?

Thank you very much.

Answer 1

If you have this issue, try adding the following to your ssh configuration

Host git.yourdomain.com
  User {iam ssh user key id} 
  IdentityFile path/to/id_file

In my case, ssh agent didn't pick up from default location so I had to specify it in the configuration.

Answer 2

The SSL certificate of git-codecommit.us-west-2.amazonaws.com does not list your domain. Therefore you cannot use a CNAME where SSL is required, like for SSH or HTTPS. What you are attempting will only work for HTTP connections, or TCP connections that do not require TLS. See this answer Why isn’t it possible to use a CNAME redirect with HTTPS for more information.