AWS DevOps Pro Certification Blog Post Series: Code Commit

Photo by Elisey Vavulin on Unsplash

Caveat emptor

Using AWS costs money, some of these services may not be part of the AWS Free Tier. You can keep costs down by tearing down anything you've created whilst learning, but it's still possible to run up a hefty bill so pay attention to the instances you setup!

I'm very lucky to be able to use my employer's AWS account. You should ask your place of work if a similar arrangement can be made as part of your study.

Velocius quam asparagi conquantur

The format of the blog posts is liable to change as I try refine my mental model of each domain, so be sure to revisit the blog posts on a regular basis.

What?

Code Commit is:

• a managed Version Control service
• Git-based (using HTTPS or SSH for connections)
• Files are encrypted at rest, keys can be found in can be found in IAM > Encryption Keys.
  • AWS CLI: aws kms list-aliases | jq '.Aliases[] | select(.AliasArn | contains("codecommit"))'
• Security credentials for HTTPS and SSH connections are defined in IAM per user. Pro-tip: if you need to brush up on IAM, see Helen Anderson's excellent guide:
  
  

  
  

  
  

  Article No Longer Available

  
  

  
  

  
  

Why?

Spotted a little gem in the FAQ that asks how Code Commit compares against a versioned S3 bucket. Enabling versioning on an S3 bucket means that when you upload a file that already exists, the older version is replaced, but you can still view and download it through the version history (see screenshot).

Whilst this might be okay for reverting back to the previous version of the code, it's handled on a per-file basis. Now imagine trying to track all the files that make up a version of your code?

This is really an argument against version control systems (VCS) and file versioning. VCS was created to simplify change tracking in the source code.

Pro-tip: bit rusty on S3? Yup Helen's got you covered again:

When?

SDLC automation: [CodeCommit] -> ???

How?

This is loosely based around the Getting Started section of the User Guide.

The main difference is that I'm going to use the CLI instead of the Web UI to aid in learning these commands too.

Create a repo aws codecommit create-repository --repository-name hello-codecommit

{
    "repositoryMetadata": {
        "accountId": "123456",
        "repositoryId": "dc2c437d-e850-4a8b-82e7-7ad85fee99d1",
        "repositoryName": "hello-codecommit",
        "lastModifiedDate": 1553613552.003,
        "creationDate": 1553613552.003,
        "cloneUrlHttp": "https://git-codecommit.xxx.amazonaws.com/v1/repos/hello-codecommit",
        "cloneUrlSsh": "ssh://git-codecommit.xxx.amazonaws.com/v1/repos/hello-codecommit",
        "Arn": "arn:aws:codecommit:xxx:1234567890:hello-codecommit"
    }
}

We're going to use SSH to communicate with our new repo, so let's set up a dedicated key (hello-codecommit) and upload the public key to our IAM account.

ssh-keygen -b 4096 -f hello-codecommit-ssh
# output has been omitted
aws iam upload-ssh-public-key --user booyaa \
  --ssh-public-key-body "$(cat hello-codecommit-ssh.pub)"

{
    "SSHPublicKey": {
        "UserName": "booyaa",
        "SSHPublicKeyId": "VALUE_OF_SSHPUBLICKEYID",
        "Fingerprint": "FINGERPRINT",
        "SSHPublicKeyBody": "REDACTED",
        "Status": "Active",
        "UploadDate": "2019-03-26T15:46:14Z"
    }
}

Make a note of your SSHPublicKeyId, we'll need to add new entry to your ssh config (~/.ssh/config):

Host git-codecommit.*.amazonaws.com
User VALUE_OF_SSHPUBLICKEYID
IdentityFile /path/to/hello-codecommit-ssh

Let's clone our empty repo, you can find the Git URL by looking at the output from running aws codecommit create-repository. The key name is cloneUrlSsh.

git clone ssh://git-codecommit.xxx.amazonaws.com/v1/repos/hello-codecommit
Cloning into 'hello-codecommit'...
# omitting boring git stuff
warning: You appear to have cloned an empty repository.

Let's go into our new repo, add a file, commit and push it back up.

cd hello-codecommit
echo "Hello world" > index.html
git add index.html
git commit -m 'initial commit'
git push

Next, let's create a feature branch so we can use the pull request feature.

git checkout -b feature/index-markup

replace the contents index.html with the following:

<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Hello world</title>
</head>
<body>
  Hello world
</body>
</html>

git commit -am '(feat) use markup'
git push -u origin feature/index-markup
aws codecommit create-pull-request \
  --title "Feature: use markup for the index page" \
  --description "What: switch from plain text to markup. Why: markup allows for a richer web experience" \
  --client-request-token booyaa-markup-1234 \
  --targets repositoryName=hello-codecommit,sourceReference=feature/index-markup

The client-request-token switch is a token we randomly generated, it's used by the API to ensure request cannot be repeated with a changed parameter. If you run that command again, you get the output from the previous transaction instead of a new pull request.

The targets switch requires the repository name (hello-codecommit) and the branch you're raising a pull request for (feature/index-markup).

Finally let's teardown aws codecommit delete-repository --repository-name hello-codecommit-ui, you'll get back the repositoryId if you were successful.

API and CLI features and verbs

Features

• Repository
• Branch
• File/Folder
• Commit/Differences/Blob
• PullRequest
• Comments
• Trigger

Verbs (CRUD)

• create
• batch-get/get/list/describe
• update/put
• delete

Outliers

• test-repository-triggers
• merge-pull-request-by-fast-forward

To go to the next part of the series, click on the grey dot below which is next to the current marker (the black dot).