AWS DevOps Pro Certification Blog Post Series: Code Commit

This is part of the blog post series: AWS DevOps Pro Certification

Caveat emptor

Using AWS costs money, some of these services may not be part of the AWS Free Tier. You can keep costs down by tearing down anything you've created whilst learning, but it's still possible to run up a hefty bill so pay attention to the instances you setup!

I'm very lucky to be able to use my employer's AWS account. You should ask your place of work if a similar arrangement can be made as part of your study.

Velocius quam asparagi conquantur

The format of the blog posts is liable to change as I try refine my mental model of each domain, so be sure to revisit the blog posts on a regular basis.


Code Commit is:


Spotted a little gem in the FAQ that asks how Code Commit compares against a versioned S3 bucket. Enabling versioning on an S3 bucket means that when you upload a file that already exists, the older version is replaced, but you can still view and download it through the version history (see screenshot).

Whilst this might be okay for reverting back to the previous version of the code, it's handled on a per-file basis. Now imagine trying to track all the files that make up a version of your code?

This is really an argument against version control systems (VCS) and file versioning. VCS was created to simplify change tracking in the source code.

Pro-tip: bit rusty on S3? Yup Helen's got you covered again with What's in the bucket?


SDLC automation

CodeCommit -> ???

This is the start of SDLC automation. Everything else hinges on a source code repository. CI can't build and test code until it can pull the code from somewhere.


This is loosely based around the Getting Started section of the User Guide.

The main difference is that I'm going to use the CLI instead of the Web UI to aid in learning these commands too.

Create a repo aws codecommit create-repository --repository-name hello-codecommit

    "repositoryMetadata": {
        "accountId": "123456",
        "repositoryId": "dc2c437d-e850-4a8b-82e7-7ad85fee99d1",
        "repositoryName": "hello-codecommit",
        "lastModifiedDate": 1553613552.003,
        "creationDate": 1553613552.003,
        "cloneUrlHttp": "",
        "cloneUrlSsh": "ssh://",
        "Arn": "arn:aws:codecommit:xxx:1234567890:hello-codecommit"

We're going to use SSH to communicate with our new repo, so let's set up a dedicated key (hello-codecommit) and upload the public key to our IAM account.

ssh-keygen -b 4096 -f hello-codecommit-ssh
# output has been omitted
aws iam upload-ssh-public-key --user booyaa \
  --ssh-public-key-body "$(cat"
    "SSHPublicKey": {
        "UserName": "booyaa",
        "Fingerprint": "FINGERPRINT",
        "SSHPublicKeyBody": "REDACTED",
        "Status": "Active",
        "UploadDate": "2019-03-26T15:46:14Z"

Make a note of your SSHPublicKeyId, we'll need to add new entry to your ssh config (~/.ssh/config):

Host git-codecommit.*
IdentityFile /path/to/hello-codecommit-ssh

Let's clone our empty repo, you can find the Git URL by looking at the output from running aws codecommit create-repository. The key name is cloneUrlSsh.

git clone ssh://
Cloning into 'hello-codecommit'...
# omitting boring git stuff
warning: You appear to have cloned an empty repository.

Let's go into our new repo, add a file, commit and push it back up.

cd hello-codecommit
echo "Hello world" > index.html
git add index.html
git commit -m 'initial commit'
git push

Next, let's create a feature branch so we can use the pull request feature.

git checkout -b feature/index-markup

replace the contents index.html with the following:

<!doctype html>
<html lang="en">
  <meta charset="utf-8">
  <title>Hello world</title>
  Hello world
git commit -am '(feat) use markup'
git push -u origin feature/index-markup
aws codecommit create-pull-request \
  --title "Feature: use markup for the index page" \
  --description "What: switch from plain text to markup. Why: markup allows for a richer web experience" \
  --client-request-token booyaa-markup-1234 \
  --targets repositoryName=hello-codecommit,sourceReference=feature/index-markup

The client-request-token switch is a token we randomly generated, it's used by the API to ensure request cannot be repeated with a changed parameter. If you run that command again, you get the output from the previous transaction instead of a new pull request.

The targets switch requires the repository name (hello-codecommit) and the branch you're raising a pull request for (feature/index-markup).

Finally let's teardown aws codecommit delete-repository --repository-name hello-codecommit-ui, you'll get back the repositoryId if you were successful.

API and CLI features and verbs


Verbs (CRUD)


AWS DevOps Pro Certification Blog Post Series