CodeCommit – miro.borodziuk.eu

Version control is the ability to understand the various changes that
happened to the code over time (and possibly roll back).
All these are enabled by using a version control system such as Git
A Git repository can live on one’s machine, but it usually lives on a
central online repository
Benefits are:
- Collaborate with other developers
- Make sure the code is backed-up somewhere
- Make sure it’s fully viewable and auditable
Git repositories can be expensive.
The industry includes:
- GitHub: free public repositories, paid private ones
- BitBucket
- Etc…
And AWS CodeCommit:
- private Git repositories
- No size limit on repositories (scale seamlessly)
- Fully managed, highly available
- Code only in AWS Cloud account => increased security and compliance
- Secure (encrypted, access control, etc…)
- Integrated with Jenkins / CodeBuild / other CI tools

Credentials for connecting to the CodeCommit we can find at:

IAM -> users -> user_name -> Security Credentials -> HTTPS Git credentials for AWS CodeCommit -> Generate credentials

To create a repository we go to:

CodeCommit -> Create Repository -> repository name -> Create

To get an URL to repo we click on Clone HTTPS.

On linux instance install git:

yum -y install git

1	yum -y install git

Configure git

git config --global user.email your@email

1	git config --global user.email your@email

First commit

git status
git add .
git commit -m "first commit"
git push origin master

git status

git add .

git commit -m "first commit"

git push origin master

W need to change index.html file and then second commit

git status
git add index.html
git commit -m "Modified index.html to v2"
git config --global user.email mborodziuk@gmail.com
git push origin master

git status

git add index.html

git commit -m "Modified index.html to v2"

git config --global user.email mborodziuk@gmail.com

git push origin master

Changing the index.html and changing a branch to “my-feature”.

git checkout -b my-feature
git status
# On branch master
# Changes not staged for commit:
# (use "git add <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# modified: index.html
#
no changes added to commit (use "git add" and/or "git commit -a")

git add .
git commit -m "modified index.html to v3"
git push --set-upstream origin my-feature
Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702
Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com':

git checkout -b my-feature

git status

# On branch master

# Changes not staged for commit:

# (use "git add <file>..." to update what will be committed)

# (use "git checkout -- <file>..." to discard changes in working directory)

# modified: index.html

no changes added to commit (use "git add" and/or "git commit -a")

git add .

git commit -m "modified index.html to v3"

git push --set-upstream origin my-feature

Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702

Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com':

If we want to put some new features to the master branch we should merge branches on AWS console by pull request:

CodeCommit -> pull request -> create pull request -> Destination -> Source -> Compare -> Title -> Create pull request -> Merge (if we happy with the changes) -> Merge pull request

New branch with new features will be merged with master branch and new branch will be deleted from CodeCommit.

Junior developers should not have ability to push to the master branch.

In AWS console:

1. Create a group junior-devs
2. Add inline policy for this group
Copy from
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html
And paste to:
IAM -> groups -> junior-devs -> inline policies -> click here ->
-> custom policy -> select -> paste to Policy Dokument -> policy name = CannotPushToMasterInCodecommit -> ApplyPolicy

Modify the policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"codecommit:GitPush",
"codecommit:DeleteBranch",
"codecommit:PutFile",
"codecommit:MergeBranchesByFastForward",
"codecommit:MergeBranchesBySquash",
"codecommit:MergeBranchesByThreeWay",
"codecommit:MergePullRequestByFastForward",
"codecommit:MergePullRequestBySquash",
"codecommit:MergePullRequestByThreeWay"
],
"Resource": "arn:aws:codecommit:*:*:*",
"Condition": {
"StringEqualsIfExists": {
"codecommit:References": [
"refs/heads/master"
]
},
"Null": {
"codecommit:References": false
}
}
}
]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Deny",

"Action": [

"codecommit:GitPush",

"codecommit:DeleteBranch",

"codecommit:PutFile",

"codecommit:MergeBranchesByFastForward",

"codecommit:MergeBranchesBySquash",

"codecommit:MergeBranchesByThreeWay",

"codecommit:MergePullRequestByFastForward",

"codecommit:MergePullRequestBySquash",

"codecommit:MergePullRequestByThreeWay"

"Resource": "arn:aws:codecommit:*:*:*",

"Condition": {

"StringEqualsIfExists": {

"codecommit:References": [

"refs/heads/master"

]

"Null": {

"codecommit:References": false

}

]

}

3. Add user to the junior-devs group

After user is added to the junior-devs group with attached policy he can’t push to the master branch:
# switch to master branch

git checkout -f master

mc (editing index.html file)

git status
# On branch master
# Changes not staged for commit:
# (use "git add <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# modified: index.html
#
no changes added to commit (use "git add" and/or "git commit -a")

[root@miro my-webpage]# git add index.html

[root@miro my-webpage]# git commit -m "modified index to 4"
[master eccfeda] modified index to 4
1 file changed, 1 insertion(+), 1 deletion(-)
[root@miro my-webpage]# git push origin master
Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702
Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com':
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 289 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
To https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage
! [remote rejected] master -> master (You don't have permission to push changes to this branch.)
error: failed to push some refs to 'https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage'

git checkout -f master

mc (editing index.html file)

git status

# On branch master

# Changes not staged for commit:

# (use "git add <file>..." to update what will be committed)

# (use "git checkout -- <file>..." to discard changes in working directory)

# modified: index.html

no changes added to commit (use "git add" and/or "git commit -a")

[root@miro my-webpage]# git add index.html

[root@miro my-webpage]# git commit -m "modified index to 4"

[master eccfeda] modified index to 4

1 file changed, 1 insertion(+), 1 deletion(-)

[root@miro my-webpage]# git push origin master

Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702

Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com':

Counting objects: 5, done.

Delta compression using up to 2 threads.

Compressing objects: 100% (3/3), done.

Writing objects: 100% (3/3), 289 bytes | 0 bytes/s, done.

Total 3 (delta 2), reused 0 (delta 0)

To https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage

! [remote rejected] master -> master (You don't have permission to push changes to this branch.)

error: failed to push some refs to 'https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage'

Triggers and notifications

To create a notification we click on:

Repostitory_name -> Settings -> Notifications -> Create Notification rule -> Notification name -> Events that trigger notification -> Create target -> Tarhet type (SNS Topic) -> Topic Name -> Create -> Submmit

To create trigger:

Repostitory_name -> Settings -> Triggers -> Create trigger -> Trigger name -> Events -> Push to existing branch -> Service details -> choose Amazon SNS -> SNS Topic (choose name) -> Create trigger

After creating a trigger we can see our rule in the CloudWatch -> Events -> Rules.This one CloudWatch notification rule (awscodestarnotifications-rule) is what allows for all notification rules in CodeCommit.

To create a rrule in CloudWatch:

Events->Rules -> Create rule -> Service Name (CodeCommit) -> Event Type (for ex. Repository State Change)

Targets -> SNS Topic -> Topic -> name

By creating a notification rules in CodeCommit we can automate whatever is happening in our repository stright to automation pipeline which is SNS, SQS, Lambda etc. From CodeCommit you are able to setup notification, triggers and cloud watch events rules to build some automation directly to SNS, Lambda etc.

Lambda

We will create a function from scratch:

Lambda -> Create function -> Function name (lambda-codecommit) -> Runtime (Python 2.7) -> Change default execution role -> Execution role -> Create a new role with basic Lambda permissions -> Create function

Creating a trigger:

Lambda -> Functions -> lambda-codecommit -> Add trigger -> TriggerConfiguration -> CodeCommit -> Repository name (my-webpage) -> Trigger name (MyLambdaTrigger) -> Events (All repository events) -> Branch names (All branches) -> Add

Let’s add some code. To do that refresh the lambda page.

From refrence link (6) copy code of lambda for python:

import json
import boto3

codecommit = boto3.client('codecommit')

def lambda_handler(event, context):
#Log the updated references from the event
references = { reference['ref'] for reference in event['Records'][0]['codecommit']['references'] }
print("References: " + str(references))

#Get the repository from the event and show its git clone URL
repository = event['Records'][0]['eventSourceARN'].split(':')[5]
try:
response = codecommit.get_repository(repositoryName=repository)
print("Clone URL: " +response['repositoryMetadata']['cloneUrlHttp'])
return response['repositoryMetadata']['cloneUrlHttp']
except Exception as e:
print(e)
print('Error getting repository {}. Make sure it exists and that your repository is in the same region as this function.'.format(repository))
raise e

import json

import boto3

codecommit = boto3.client('codecommit')

def lambda_handler(event, context):

#Log the updated references from the event

references = { reference['ref'] for reference in event['Records'][0]['codecommit']['references'] }

print("References: " + str(references))

#Get the repository from the event and show its git clone URL

repository = event['Records'][0]['eventSourceARN'].split(':')[5]

try:

response = codecommit.get_repository(repositoryName=repository)

print("Clone URL: " +response['repositoryMetadata']['cloneUrlHttp'])

return response['repositoryMetadata']['cloneUrlHttp']

except Exception as e:

print(e)

print('Error getting repository {}. Make sure it exists and that your repository is in the same region as this function.'.format(repository))

raise e

Now click on Deploy and then Test.

Event template (AWS Code Commit Repository) -> Event name -> MySampleCodeCommit -> Create

Now click again Test. There is an error in test but everything is ok.

Reference links: