If you’ve ever spent time writing or maintaining code, you’re probably already familiar with Git repositories. They enable multiple developers to work on the same code bases without overwriting each other’s code and provide versioning so that if something goes wrong, developers can roll back their code to a positive state. These git repositories are hosted in source control services such as Github, GitLab, Bitbucket, and the star of the show today, AWS CodeCommit. 

AWS CodeCommit is a fully managed git-based source control service. If you look at any CI/CD pipeline, it usually begins with a service in which you commit your code changes. That means that AWS CodeCommit is often the starting point within CI/CD setups. With CodeCommit, pushing your code can kick off other steps of your CI/CD pipeline, such as a build process. This means CodeCommit is well integrated with AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline.

CodeCommit is designed to be simple all the way from the infrastructure level to the service functionality. From the infrastructure perspective, this service is fully managed and serverless, meaning there are no servers you need to provision, scale, or patch, and no server software to install and maintain. From the service functionality perspective, it’s designed with all the same features that you would expect from a git-based source control system. 

For example, CodeCommit supports all the familiar git commands, such as git push, git pull, git add, git commit, and more. It also follows the same terminology as other popular source control systems, using terms like repositories, commits, branches, and pull requests. 

When you create a repository, the only significant requirement you need is to give the new repository a name. After that, you can begin connecting to the repository using your terminal or a git client. 

There are three ways you can connect to a repository: via HTTPS, SSH, or HTTPS (GRC). 

The first option, HTTPS, uses port 443 and is generally helpful for two reasons: 

1. It provides a simple way to access your repository from anywhere

2. HTTPS is a port that is open in almost all firewalls. 

With the HTTPS connection option, you’ll need to ensure that your IAM user has appropriate credentials for accessing CodeCommit, by attaching the AWS CodeCommit managed policy directly to the user or the group they’re in. From there, you’ll need to generate git credentials for your IAM user. You can generate an HTTPS git credential in the IAM console, which will provide you an auto-generated username and password combination that you use to connect to the repository.

The second option, SSH, uses port 22. SSH is not always open as a port for communication and it’s less accessible than HTTPS. However, from a security standpoint, this may be a plus for your organization. With SSH, you’ll need to generate a public-private key pair and then upload the public key to your IAM user. From there, you’ll need to edit your local SSH configuration with your private key file and IAM user SSH key ID. Then you can clone the repository. 

Then last, if you’re using temporary credentials, such as federated credentials or using credentials from an Identity Provider, the recommended connection method is to use HTTPS (GRC), which stands for git-remote-codecommit. 

With this method, you’ll need to install Python. You also must have appropriate IAM permissions to the CodeCommit repository. From there, you’ll use pip to install git-remote-codecommit and then clone the repo. 

From a security perspective, CodeCommit encrypts your repository data in transit and at rest by default. It also integrates with IAM. Not only is authenticated access into a CodeCommit repository managed through the use of an IAM user account, IAM is also used to provide fine-grained identity-based access to your repositories. 

For example, an IAM user who has the following attached policy will be allowed to perform equivalent get, pull, and push commands on the two repositories named CloudAcademyRepo1 and CloudAcademyRepo2.

Finally, the pricing for this service is based on the number of active users of your repositories. For each active user, you receive an allowance of 10 GB-month of storage and 2,000 Git requests for that month. If you need additional usage, you will be charged at $0.06 per GB-month and $0.001 per Git request. That’s it for this one - see you next time.