AWS CodeCommit and CodeBuild

With a solid monitoring foundation in place, we now turn to the DevOps side of the equation. DevOps is about shortening the feedback loop between writing code and running it in production — safely, repeatably, and automatically. AWS provides a suite of developer tools that together form a managed CI/CD pipeline. In this lesson we cover the first two: CodeCommit (source control) and CodeBuild (build and test).

---

AWS CodeCommit

What Is CodeCommit?

AWS CodeCommit is a fully managed source control service that hosts private Git repositories. It is functionally equivalent to hosting a Git remote on GitHub or GitLab, but it runs entirely within your AWS account.

Key Features

Feature	Details
Git-compatible	Works with any Git client — clone, push, pull, branch, merge
Fully managed	No servers to provision or scale; high availability and durability built in
Encryption	Repositories are encrypted at rest (AWS KMS) and in transit (HTTPS/SSH)
IAM integration	Access controlled via IAM policies — no separate user management
Triggers and notifications	React to repository events (push, PR created) via SNS or Lambda
Pull requests	Code review with inline comments, approval rules, and merge strategies
No repository size limit	No hard cap on repository size (AWS recommends keeping repos under 2 GB for optimal performance)

Authentication

CodeCommit supports three authentication methods:

1. HTTPS with Git credentials — generate a username/password pair in IAM
2. SSH — upload an SSH public key to your IAM user
3. AWS CLI credential helper — uses your configured AWS profile

Common Operations

# Clone a repository
git clone https://git-codecommit.eu-west-2.amazonaws.com/v1/repos/my-app

# Create a branch
git checkout -b feature/add-monitoring

# Push changes
git push origin feature/add-monitoring

Because CodeCommit is just Git, existing workflows — feature branches, pull requests, code reviews — work identically.

Triggers and Notifications

You can configure CodeCommit to fire events when:

• A push is made to a branch
• A pull request is created, updated, or merged
• A comment is added to a pull request

These events can trigger:

• SNS topics — send emails or fan out to other systems
• Lambda functions — run custom logic (e.g. lint checks, Slack notifications)
• CodePipeline — start a CI/CD pipeline (covered in a later lesson)

When to Use CodeCommit

CodeCommit is a good choice when:

• You want source control fully within your AWS account and VPC
• Your security policies require repositories to stay within a specific AWS Region
• You want IAM-based access control without managing a separate identity provider

If your team already uses GitHub or GitLab and is happy with it, there is no requirement to migrate — CodePipeline and CodeBuild integrate with external providers too.

Note: AWS announced in July 2024 that CodeCommit is no longer accepting new customers. Existing repositories continue to work, but new users should consider GitHub, GitLab, or Bitbucket as source providers for their AWS CI/CD pipelines.

---

AWS CodeBuild

What Is CodeBuild?

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces deployable artefacts. You do not need to provision, manage, or scale build servers — CodeBuild handles it all.

How It Works