Introduction To CodeCommit


In this article, we will talk about AWS CodeCommit by answering three questions - What, Why, and How. It is always better to understand ‘What’ a service is and ‘Why’ we use it, before going onto ‘How’ to use it.

What is AWS CodeCommit?

AWS CodeCommit is a source and version control service offered by AWS. It is the place to manage our source files centrally and privately. It lets you create repositories to which developers contribute their code. CodeCommit supports git - to manage the administration of files with code commit.

Why Use CodeCommit?

CodeCommit is like any other git tools like GitHub, BitBucket, or GitLab. So why use code commit?
  1. It is better to use CodeCommit when you have your build and deployment environment in AWS. If you run Dev, Stage, Prod on AWS using AWS Services, codecommit is the closest GIT repository and an easy to integrate option.
  2. Fully Managed - You don't need to Host and manage version control systems. CodeCommit is a AWS managed service , It is scalable, and highly available by default.
  3. It works with git tools, so a developer finds no difference while working with codecommit.
  4. User Management - Permissions to the repositories in code commit is given through IAM. It eliminates the need to create users in the source control system by leveraging the already existing IAM users.
  5. Secure - CodeCommit helps you own private repositories with granular access to them, so it is highly secure.

How to use CodeCommit?

Create Repository
To use CodeCommit and upload source files to it, the first step is to create repositories. Go to

Provide a name to the repository, and the repository will be created.
Authorization to Repository
Access to CodeCommit Repository is managed by IAM(Identity and Access Management). Create an IAM user if you do not have a user, attach a CodeCommit Policy to it.
In the below example, I have a IAM User Created called RepoUser. There are two ways to attach permissions to this user.
  • Using AWS Managed Policy -
You can attach any one of the above three managed policies to the user.
AWSCodeCommitFullAccess gives complete access to all the repositories present. This policy should be given to the CodeCommit Administrator only.
AWSCodeCommitPowerUser gives all the permissions except deletion of repository.
AWSCodeCommitReadOnly gives only the read permissions
I highly recommend creating a user-based policy rather than using AWS Managed Policy for granular access.
  • Using Custom Policy
A particular user should only be provided access to the repository he is working on. You should always create policies that give limited permission to limited repositories.
For example:
The following policy gives the user all “GET” and “PUT” permissions, except Delete Repository permission to a specific repository - DemoRepository. 
  1. {  
  2.     "Version""2012-10-17",  
  3.     "Statement": [{  
  4.         "Sid""Stmt1594484142024",  
  5.         "Action": ["codecommit:Get*""codecommit:Put*"],  
  6.         "Effect""Allow",  
  7.         "Resource""arn:aws:codecommit:<region>:<accountID>:<Reponamae>"  
  8.     }, {  
  9.         "Sid""Stmt1594484142025",  
  10.         "Action": ["codecommit:DeleteRepository"],  
  11.         "Effect""Deny",  
  12.         "Resource""arn:aws:codecommit:<region>:<accountID>:<Reponamae>"  
  13.     }]  
  14. }  
  15. Replace < accountID > < region > < Reponame > with their respective value  
In this way, we can achieve granularity and the least access principle for the repository permissions.
Authentication for repository

In the above step, we have given user permissions for what actions it can perform in the repository. We call that Authorization. Now we will authenticate a user to use CodeCommit. There are two ways for Authentication:


Select IAM User and go to security credentials. You will find ‘HTTPS Git credentials for AWS CodeCommit’ as below. Generate Credentials.

You will be provided a username and a password for authentication. Use this credentials when asked for while Git Pull, Git Push operations


You can also use SSH based Authentication. Generate SSH keys using keygen in Linux/mac and upload your public key content here.

Connecting to repository

To connect to the repository, you need to clone the repository to a local folder. There are two methods for this:

To clone the URL to local using HTTPS, you can use:

Git clone <repository URL>
  1. git clone   

An alternative to the HTTPS method, you can connect to your repository using Public-Private SSH keys. This eliminates the need to enter User and Password for Push and Pull requests. One use case in which the SSH method can be used is programmatically connecting to the repository in an automation script.
  1. git clone ssh://   
After cloning the repository, you can start using the repository

Working with Files

One way is to use GIT for file operations to the repository. Use the GIT command you are familiar with. (git status,git add,git commit,git push)


Alternatively, you can also use AWS CLI for the operations.

AWS Console

You can also manage repositories using the AWS Console. You can create, commit, delete files from the console itself. Make sure to keep your local repository in sync if you use this method.
To conclude, AWS CodeCommit is a managed source control service. It helps in version control and other benefits mentioned in the WHY Section.