Open in app

Sign in

Write

Sign in

CI-CD on AWS — Part 2: AWS CodeCommit

Achintha Bandaranaike
9 min readJul 22, 2023

--

AWS CodeCommit concept we need to introduce is version control. It’s the ability to understand the various changes that happen to code over time and possibly roll back. So to have version control that means that you can see what happened in the past, who committed some code, what changed, what was added was removed and so on, and then roll back. And so get version control there is an underline technology called Git. Git repository can be synchronized on your computer, but it's also very usually uploaded onto a central online repository.

Prior reading: CI-CD on AWS — Part 1 : Introduction to CI/CD

CI-CD on AWS — Part 1

CI/CD is a software development methodology that combines continuous integration and continuous deployment practices…

achinthabandaranaike.medium.com

Benefits of Git Repo:

  • Collaborate with other developers. It allows organizations up to maybe hundreds of thousands of developers to work on the same code at the same time.
  • The code is backed-up. So the code lives on the cloud and not on just someone’s computer.
  • Fully viewable and editable. So we can see who committed to what line of code and when, and we can revert them. You can roll back and do a lot of good things with the code repositories.

Why we want to AWS CodeCommit:

  • Git repositories can be expensive
  • There is like some industries that offer 3rd party services including GitHub, GitLab, Bitbucket, and so on.
  • Private Git Repository (Your code actually lives and stays within your vpc on AWS)
  • No size limit on the repository(scale seamlessly)
  • Fully managed and Highly Available
  • Integrated with Jenkins, AWS CodeBuild, and other CI tools.

CodeCommit Security:

  • Interactions are done using Git

Authentication:

SSH keys: In which case as a user you can configure your SSH keys to be able to go into a Git repo(configure SSH keys in their IAM Console)

HTTPS: If you wanted to get access using standard login and password to git repo.

Authorization

IAM policies to manage users/roles permissions to repositories

Encryption

Repos are automatically encrypted at rest using AWS KMS. That means no one else, but you can retrieve it.

While you push your code to code-commit you have encryption in transit because you use HTTPS or SSH protocols, which are both secure for this.

Cross-account Access

Dont share your SSH keys or your AWS credentials

Use an IAM role in your AWS account and use STS the AssumeRoleAPI to get access to a code commit repo.

CodCommit vs GitHub:

How does CodeCommit work?

Set up a code repository on CodeCommit and clone it on your local machine

Pre-requisites:

  • You should have an AWS account.
  • Install and configure the AWS Command Line Interface (CLI) on your local machine.

Step 1: Generate Git credentials

Login and Open the AWS Management Console and navigate to the CodeCommit service

In the code commit console, we have seen on the left-hand side, we have access to CodeCommit, CodeBuild, CodeDeploy, and CodePipeline all in one UI. So right now we’ll be starting with CodeCommits.

So I currently have no repos. So let's get started in create a repository.

Put a repo name and create your new repository.

Now “my-ci-cd-repo” is successfully created.

So here we are reached with connection steps. And so as we can see, we have HTTPS, SSH, or HTTPS GRC.

You need to set up Git Credentials in your AWS IAM.

  • Go to the IAM console
  • Click on Users in the left-hand menu, and then click on your username.

Note: You can create a new separate IAM user for code commit tasks.

  • Add permission for git access for IAM user
  • Search and select “AWSCodeCommitFullAccess” and “AWSCodeCommitPowerUser” and click Next.
  • Click Add Button and add the policies to the user.
  • Go to the Security credentials section.
  • In the “HTTPS Git credentials for AWS CodeCommit” section, click on “Generate credentials”.
  • Click on the Download credentials button to download your Git credentials and click on “Close”.

Now your Git credentials are created.

Use those credentials in your local and then clone the repository from CodeCommit.

  • Navigate to the created repository and select add file option to create a file manually.
  • In my case, I don't create a new file. I upload my existing file for this git repository.
  • Provide the content of the file along with the commit information.
  • You can see now my repository has the ec2-resources.tf file in it, which is the one I use from “How to Deploy a Two-Tier Architecture in AWS using Terraform” . for the upper corner you can see the green bar and commit ID. This is something specific to Git. And the commit has been done onto a branch and that branch is called Main. It's the default branch and the first branch to get created. But in code commit you can go ahead and create more branches if you want developers to collaborate together.
  • Pull requests: Pull request is to allow developers to merge their changes from a different branch into your master branch. EX: You need to create a pull request to help you merge your changes from other branches into your main branch.
  • Commits: So we can see we did our first commit right here. We can browse the repository at the time of this commits.

We can look at a commit Visualizer. So if you had multiple commits they would appear here. And also Compere commits in compare commits section. You can compare a certain branch to another branch.

Branches: So currently we only have the Main Branch. And its the default branch. But we could go ahead and create another branch if we wanted to call it “cicd-dev”.

Note: In this scenario, we don't want to create another branch.

Settings: This section's most important tab is “Notifications”. This is where we will create notification rules, for our code repository.

Events are represents some changes happening on your codecommit repository. After that, you can select the target of these notification rules. So it could be an SNS topic or AWS chatbot slack. In this case, I create SNS topic for my notification rule.

This SNS topic notifies whenever above mentioned events happen and triggers an email alert.

So next tab we can see “triggers”. Triggers are more on specific actual code events. So we can have push to existing branch, create branch or tag, delete branch or tag. This service you want to trigger is based on two events, Amazon SNS and AWS Lambda. My case is SNS. We can select the same SNS topic for this(previously I created it).

We are creating different triggers now. That will be sending a notification to SNS whenever something happens in our code commit repository.

Now we are successfully creating new trigger for our main branch changes.

How to push codes directly into Codcommit without using AWS Console?

  1. Go to the repository and clone HTTPS url
  1. Open the server terminal and use the git clone command to clone the repository from CodeCommit to the server (in this case Im using a mac os terminal)
git clone <your-codecommit-repo-clone-https-url>
  • You will be prompted to enter your Git credentials. Enter the username and password that you downloaded earlier.

So now we have a new folder called “my-ci-cd-repo”. So I’ll go init and then because I have a terminal that is integrated with Git.

I do ls , I can see now ec2-resources.tf file here.

This you can prove Git connectivity between your computer and the Git repo in the aws code commit.

Add a new file from local and commit to your local branch.

  • Copy new files into the local repository directory.

So I have another directory “terraform” and I copied terraform directory all files to my “my-ci-cd-repo” directory.

cp -a terraform/. my-ci-cd-repo/
  • type git status command
git status

Now you get the message from Git “You have a few files that have been added right here, in your repository and there are untracked.

  • For adding them we do “git add” Using “.” to add the files in this directory.
git add .

So now type git status again and you can see that these files have been added and they are very new files.

  • So now we do a commit message. To the repository, you can commit whatever you want really.
git commit -m "added new files in my-ci-cd-repo"
  • type git push to my changes onto the code commit.
git push

So now as you can see the commit has been pushed to code commit.

  • Verify that the changes have been pushed to the CodeCommit repository:
  • Go to the code commit repository that you created earlier, you should see the new file listed in the repository’s files.

You can see my new files have been pushed directly into my code commit repository.

Go to the commits section and verify.

Great! We successfully commit has been pushed to code commit and add new files with git.

Thanks for reading! Let’s see you in the next article. Don’t forget to follow me via medium and leave a 👏

AWS
DevOps
Ci Cd Pipeline
Codecommit
Automation

--

--

Achintha Bandaranaike

Written by Achintha Bandaranaike

276 Followers

AWS Community Builder ☁️| Cloud Enthusiast | 3xAWS | 3xAzure | Terraform Certified | 1xGCP

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams