Quick Links

CodeCommit is AWS's managed source control solution. It's a crucial component in AWS's CodeSuite CI/CD pipeline, which makes it easy to run frequent code builds and deploy application updates programmatically to your EC2 servers or Lambda functions.

What Is CodeCommit?

Really, CodeCommit by itself isn't fantastic. It works well as a basic source control provider, and you can certainly use it as your primary repository, but it does fall a bit short of the competition---GitHub, GitLab, BitBucket, and others---when it comes to day-to-day usability.

Where CodeCommit shines is its integration with AWS. AWS has a whole continuous development/continuous integration pipeline that they call CodeSuite. It starts with CodeCommit, which simply hosts your source code in the AWS ecosystem. Whenever you're ready to update, you can send the source over to CodeBuild, which can run all of your automated tests and build your project using build servers it fires up automatically. If the build is successful, you can deploy updates automatically to a fleet of EC2 servers or Lambda functions.

CodeCommit isn't required to use AWS's CI/CD pipeline, as CodeBuild supports source control from GitHub, BitBucket, and S3, but it's so simple to use Git with two remotes that we recommend the following configuration if you want to use CodePipeline:

  • Continue using your primary source control as normal, alongside Jira and whatever other third-party tools you use to streamline development.
  • On the operational side of things, when you're ready to release new changes, have the project manager (or any other authorized individual) pull all the changes from the primary repository, switch the remote to CodeCommit, and push all the new commits to AWS.
  • Once CodeCommit is updated, the pipeline can begin from there with all of the new code in CodeCommit.

This way, CodeCommit contains a perfect copy of your project and commit history whenever you're ready to release, without requiring you to actually use CodeCommit as your primary source control. This also keeps CodeCommit essentially free, as you're only really using one user, and aren't making thousands of commits per month. You're given 50 GB of storage before being charged (enough for most projects without huge binary files) and an unlimited number of repositories. The only charges are $1 per month for each active user beyond the first five, and $1 per month for each 2,000 Git requests beyond the first 10,000. You're also charged $0.06 per GB per month beyond the free 50.

If you're using GitHub or BitBucket already, you can instead choose to pull directly from there with a bit of setup. But, if you're using GitLab (or any other provider), you have to use this two remote setup in order to use CodePipeline (unless you want to manually upload code to S3, a much clunkier solution).

Setting Up an Additional CodeCommit Release Remote

First, you need to create the repository. From the AWS CodeSuite console, navigate over to CodeCommit, select "Repositories" in the sidebar, and click "Create Repository".

codecommit create repository

Give it a name, description, any tags you want, and click "Create".

You're then brought to the repo home screen, and if you're signed in with a root account, you'll be given a fat warning telling you that you cannot configure SSH connections for a root account, and that HTTPS connections are not recommended. You'll want to set up any connections to CodeCommit on IAM Users, probably the project manager's existing account. Sign in to that account, or head over to the IAM Console and make a new user specifically for this purpose (with Management Console access):

IAM console new user

You'll want to give access to CodeCommit on the role selection screen.

Keep the IAM Console open, because you need to add your public SSH key here. Click on the user that is being used for CodeCommit access, and under the "Security Credentials" tab, find a button for uploading public SSH keys.

IAM console upload SSH keys

Paste in your machine's private key, which you can usually find with: 

cat ~/.ssh/id_rsa.pub

You can add multiple keys here to give multiple machines access to CodeCommit over git. For each key, you're given an "SSH Key ID", copy it.

Open up ~/.ssh/config or create it if it doesn't already exist. Paste in the following configuration, subbing in your key ID: 

Host git-codecommit.*.amazonaws.com
    
    

            User IAM-SSH-KEY-ID
    
    

            IdentityFile ~/.ssh/id_rsa

Make sure the permissions are set to 600: 

chmod 600 ~/.ssh/config

This ensures git makes a proper connection using the IAM user you set up.

Once that's out of the way, you should be able to add a new remote as normal. Your primary remote is probably called "origin". Create a new one called "release", using the SSH URL CodeCommit gives you: 

git remote add release ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/RepoName

Then, when you run git push, specify the remote name and branch to which you're pushing: 

git push release master

You can also set up a separate branch for release deployments, with the upstream set to release by default, but this is the simplest setup and should work fine. Running the previous command updates CodeCommit, provided your local repository is up to date with your primary source control when you run it.