Checking out AWS CodeCommit

Recently the git cloud server landscape became very interesting with the announcement by GitHub that the new pricing would be much more friendly toward users with many private repositories.

Recently the git cloud server landscape became very interesting with the announcement by GitHub that the new pricing would be much more friendly toward users with many private repositories.

Probably one reason for this is that the alternatives out there for low cost git hosting keep expanding, and GitHub must have seen the writing on the wall that it needed to get less stingy about private repositories.

But while GitHub is the most well known cloud repo offering, it’s not the only game in town. BitBucket, GitLab, and Microsoft Visual Studio Online are among other highly respectable code repository hosting platforms I’ve used that offer compelling services at similar prices.

Last year Amazon introduced its own Git-based repo offering, called CodeCommit. I’ve been intending to try it out, and finally have gotten around to it. Based on my initial experience, I’m glad I did!

AWS CodeCommit

I suspect one of the reasons pushing GitHub in th direction of free private repos is the introduction of CodeCommit by AWS last year. CodeCommit offers a very economical solution for private repos based on its uber-dependable AWS public cloud hosting platform.

While AWS isn’t providing all that GitHub has on offer — yet — it’s still a viable alternative for the basics of git hosting, and like everything else in AWS will probably evolve to compete beyond core functions over time.

The rest of this post is just a quick test I decided to do to create an XCode git repo on AWS CodeCommit in a similar way that I would usually do with GitHub. Then a quick summary with some thoughts at the end.

Uploading SSH Keys & Setting up IAM

As with GitHub and other git hosting services, the first step is to have a user account, and upload your public SSH key to that account.

Since CodeCommit is on AWS, the user account you need is an IAM Account. I already had one in my AWS account, so all I needed to do was to create a new SSH key pair on my Mac, add the public key to my IAM account on AWS, and add my IAM user to the policies as outlined in the getting started guide.

I found this process more complex than the same configuration on GitHub or BitBucket. For those not already familiar with AWS policies and the general flow of AWS portal administration, this could be off-putting. While I don’t ever remember reading the detailed instructions on GitHub (and I survived just fine), you definitely can’t skip reading the AWS CodeCommit documentation (though it is brief and well illustrated, so not a big chore). On the other hand, AWS is offering quite a bit more granular control and security with its platform — this is a trade-off. For my part I’ll gladly take extra security control in exchange for the effort of learning how to configure it.

Updating the SSH config file

The local side of the SSH authentication is to update the file ~/.ssh/config to let git know which private key to use when connecting to the CodeCommit server. These entries are similar to what you would have done using GitHub or BitBucket. Same process — this is a git thing, not an AWS thing.

Follow the instructions in points 10 and 11 in the the getting started guide, which explains how to do this quite clearly: CodeCommit Getting Started Guide. Thanks again AWS for great documentation!

Creating a shell repo

I tend to create a repo on a cloud provider’s system, and then connect my local git repo to it as a remote. CodeCommit supports this just like other providers. It also supports creating a remote and pulling the local from there — just like the providers.

Overall if you’ve used GitHub, this part of the process will feel very familiar.

Creating the repo can be done from the web console, which I found very simple. Alternatively, it can be done from the AWS CLI, which I found quite convenient, and easier to illustrate in a blog post, so I’ll use CLI from here.

My next step was to enter the command to create a repo, executed from any folder on my Mac:

$ aws codecommit create-repository --repository-name Test1 --repository-description "Quick test repo"

CodeCommit responded as such.

"Quick test repo" { "repositoryMetadata": { "repositoryName": "Test1", "cloneUrlSsh": "ssh://", "lastModifiedDate": 1463989097.607, "repositoryDescription": "Quick test repo", "cloneUrlHttp": "", "creationDate": 1463989097.607, "repositoryId": "e889d5cf-7c80-498e-ba56-884b468eba97", "Arn": "arn:aws:codecommit:us-east-1:************:Test1", "accountId": "*************" } }

So far, so good. Note the cloneUrlSsh, which is used n subsequent steps.

Connecting the XCode Project

I created my original project with XCode, and ticked the box to create a local git repository — so my local git work is 99% done, and all I need to do is add CodeConnect as a remote repo to the local one XCode created for me. Again, I’ll do that at the command line, but this time executed from the XCode project folder:

$ git remote add origin ssh://

There’s no response to this command, but for the curious, the effect of it can be checked in the .git/config file underneath the project folder:

[core] bare = false filemode = true ignorecase = true precomposeunicode = true logallrefupdates = true [core] repositoryformatversion = 0 [remote "origin"] url = ssh:// fetch = +refs/heads/*:refs/remotes/origin/*

Pushing the content

With all the setup complete, the proof is in the ability to push the repo content into AWS. Just for good measure, I’ll add files, execute a first commit, and then a push.

$ git add . $ git commit -m "First commit" $ git push origin master

Adding the ssh key passphrase to keychain

I did encounter one glitch — when trying to use git to push to the repo to the remote, I encountered a public key error, and my ssh key passphrase was failing to add to keychain via the interactive popup dialog box. To overcome this, I manually added the passphrase to keychain.

/usr/bin/ssh-add -k ~/.ssh/rob_kerr_aws_ssh

After the manual key add, the push worked just fine, and lightning fast:

Counting objects: 25, done. Delta compression using up to 4 threads. Compressing objects: 100% (21/21), done. Writing objects: 100% (25/25), 11.74 KiB | 0 bytes/s, done. Total 25 (delta 1), reused 0 (delta 0) remote: To ssh:// * [new branch] master -> master

Confirming the files made it to the remote repo

At this point all seemed to be OK, and the experience very much like using GitHub, BitBucket, or even a repo on OSX Server.

Just to check, I took a peek at the repo from the AWS portal — and found my files in the remote repo as expeted:

Generally I like AWS CodeCommit. Granted this entire try-out took just a few minutes, and I haven’t evaluated the full breadth of features nor used CodeCommit in a real project workflow as yet. But, for what it does, it looks pretty great, and the [CodeCommit pricing](CodeCommit pricing) for my use case would effectively be free — even less than the $7/month GitHub now charges for unlimited private repos on individual accounts.

Will I be switching to CodeCommit? Possibly. While GitHub provides more features and a more mature portal experience, at first glance CodeCommit seems to have the basic block and tackle hosted git covered, and the free tier limits seem to give me plenty of headroom. I’m happy to save some coin without losing many features I use. And since I use AWS already, I wouldn’t mind having one less cloud services account to keep track of.

Author: Rob Kerr

Consultant and expert in software development for the iOS and Android platforms. Microsoft MVP Alumnus.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.