General AWS CodeCommit Concepts
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.
Git is an Open Source distributed source control system:
- Centralized repository for all of your code, binaries, images, and libraries.
- Tracks and manages code changes.
- Maintains version history.
- Manages updates from multiple sources.
- Enables collaboration.
It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.
CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure.
You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
Provides version control for version changes that happen over time.
You can easily commit, branch, and merge your code.
CodeCommit repositories are private.
CodeCommit scales seamlessly.
CodeCommit is integrated with Jenkins, CodeBuild and other CI tools.
CodeCommit is one of the AWS continuous integration tools (CodeBuild compiles and test code):
You can transfer your files to and from AWS CodeCommit using HTTPS or SSH.
Repositories are automatically encrypted at rest through AWS Key Management Service (AWS KMS) using customer-specific keys.
Authentication and Access Control
AWS CodeCommit uses AWS Identity and Access Management to control and monitor who can access data as well as how, when, and where they can access it.
CodeCommit also helps monitor your repositories via AWS CloudTrail and AWS CloudWatch.
You need to configure your Git client to communicate with CodeCommit repositories.
As part of this configuration, you provide IAM credentials that CodeCommit can use to authenticate you.
IAM supports CodeCommit with three types of credentials:
- Git credentials, an IAM -generated user name and password pair you can use to communicate with CodeCommit repositories over HTTPS.
- SSH keys, a locally generated public-private key pair that you can associate with your IAM user to communicate with CodeCommit repositories over SSH.
- AWS access keys, which you can use with the credential helper included with the AWS CLI to communicate with CodeCommit repositories over HTTPS.
IAM policies for authorizing access for users/roles to repositories.
CodeCommit only supports identity-based policies, not resource-based policies.
You can attach tags to CodeCommit resources or pass tags in a request to CodeCommit.
To control access based on tags, you provide tag information in the condition element of a policy using the
aws:TagKeys condition keys.
You can trigger notifications in CodeCommit using AWS SNS or AWS Lambda or AWS CloudWatch Event rules.
Notifications are in relation to pull request and comment events – triggers are related to pushing to a branch or creating / deleting a branch.
Use cases for notifications SNS / AWS Lambda:
- Deletion of branches.
- Trigger for pushes that happen in the master branch.
- Notify external build system.
- Trigger AWS Lambda function to perform codebase analysis.
Use cases for CloudWatch Event Rules:
- Trigger for pull request updates (created / updated / deleted / commented).
- Commit comment events.
- CloudWatch Event Rules go into an SNS Topic.