Overview

• codecommit: source code control
• codebuild: CI
• codedeploy: CD
• codepipeline: combines source control, build, and deployment

CodeCommit

Security

• Authentication in Git:
  • SSH Keys: can configure SSH keys in IAM Console
  • HTTPS: do with AWS CLI Authentication helper or Generating HTTPS credentials
  • MFA: can be enable
• Authorization in Git:
  • IAM Policies manage user / roles
• Encryption:
  • automatically encrypt repositories at rest using KMS
  • encrypted in transit (can only use HTTPS or SSH)
• Cross Account access:
  • never share SSH keys
  • never share AWS credentials
  • use IAM Role and use AWS STS (with AssumeRole API)

Notifications

• can trigger notifications in CodeCommit using AWS SNS, Lambda, CloudWatch Event Rules
• use cases for SNS, Lambda
  • deletion of branches
  • pushes that happens in master branch
  • notify external Build System
  • trigger Lambda to perform codebase analysis
• use cases for CloudWatch Event Rules
  • pull request updates (created/upload/deleted/commented)
  • commit comment events
  • CloudWatch Event Rules goes into an SNS topic

CodeCommit vs GitHub:

• both are git repositories
• both support code reivew (pull request)