General AWS CodeCommit

Concepts
AWS CodeCommit
» » » » AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that

hosts secure Git-based repositories.

Git is an Open Source distributed source control system:

Centralized repository for all of your code, binaries, images, and

libraries.
Tracks and manages code changes.
Maintains version history.
Manages updates from multiple sources.
Enables collaboration.

It makes it easy for teams to collaborate on code in a secure and

highly scalable ecosystem.

CodeCommit eliminates the need to operate your own source control

system or worry about scaling its infrastructure.

You can use CodeCommit to securely store anything from source

code to binaries, and it works seamlessly with your existing Git tools.

Provides version control for version changes that happen over time.

You can easily commit, branch, and merge your code.

CodeCommit repositories are private.

CodeCommit scales seamlessly.

CodeCommit is integrated with Jenkins, CodeBuild and other CI

tools.

CodeCommit is one of the AWS continuous integration tools

(CodeBuild compiles and test code):

Encryption
You can transfer your files to and from AWS CodeCommit using
HTTPS or SSH.

Repositories are automatically encrypted at rest through AWS Key

Management Service (AWS KMS) using customer-specific keys.

Authentication and Access Control

AWS CodeCommit uses AWS Identity and Access Management to
control and monitor who can access data as well as how, when, and
where they can access it.

CodeCommit also helps monitor your repositories via AWS CloudTrail

 and AWS CloudWatch.

Authentication
You need to configure your Git client to communicate with
CodeCommit repositories.

As part of this configuration, you provide IAM credentials that

CodeCommit can use to authenticate you.

IAM supports CodeCommit with three types of credentials:

Git credentials, an IAM -generated user name and password pair

you can use to communicate with CodeCommit repositories
over HTTPS.
SSH keys, a locally generated public-private key pair that you
can associate with your IAM user to communicate with
CodeCommit repositories over SSH.
AWS access keys, which you can use with the credential helper
included with the AWS CLI to communicate with CodeCommit
repositories over HTTPS.

Authorization

IAM policies for authorizing access for users/roles to repositories.

CodeCommit only supports identity-based policies, not resource-

based policies.

You can attach tags to CodeCommit resources or pass tags in a

request to CodeCommit.

To control access based on tags, you provide tag information in the

condition element of a policy using
the codecommit:ResourceTag/key-name, aws:RequestTag/key-name,
:
 or aws:TagKeys condition keys.

Notifications
You can trigger notifications in CodeCommit using AWS SNS or AWS
Lambda or AWS CloudWatch Event rules.

Notifications are in relation to pull request and comment events –

triggers are related to pushing to a branch or creating / deleting a
branch.

Use cases for notifications SNS / AWS Lambda:

Deletion of branches.
Trigger for pushes that happen in the master branch.
Notify external build system.
Trigger AWS Lambda function to perform codebase analysis.

Use cases for CloudWatch Event Rules:

Trigger for pull request updates (created / updated / deleted /

commented).
Commit comment events.
CloudWatch Event Rules go into an SNS Topic.
: