AWS CodeCommit

A fully managed Git repository service offered by AWS with IAM-based authentication and automatic encryption at rest, discontinued for new customers in July 2024

About 4 min read

Overview

AWS CodeCommit was a fully managed source code management service providing Git repositories. It featured access control through IAM users and roles, automatic encryption of stored data via AWS KMS, and tight integration with CodePipeline, enabling CI/CD pipelines that operated entirely within the AWS ecosystem. On July 25, 2024, new customer onboarding was discontinued, and existing users are now recommended to migrate to other services.

IAM-Integrated Authentication and AWS-Native Source Code Management

CodeCommit's primary differentiator was the ability to centrally manage Git repository authentication and authorization through IAM. While GitHub and GitLab require managing SSH keys or personal access tokens per user, CodeCommit allowed declarative definition of access control at the repository and branch level using IAM policies. For example, controls like "only the release manager role can push to the main branch" could be implemented using Condition clauses in IAM policies. Both HTTPS (via the Git credential helper) and SSH authentication methods were supported, and using the AWS CLI credential helper enabled transparent Git operations with IAM temporary credentials. Stored data was automatically encrypted with AWS KMS customer-managed keys or AWS-managed keys, and communication was protected by TLS. For organizations with strict requirements about where source code is stored, such as financial institutions and government agencies, having repositories confined within an AWS Region was a significant advantage.

CodePipeline Integration and CI/CD Pipeline Patterns

CodeCommit was natively integrated as a source stage in CodePipeline, enabling CI/CD pipelines that automatically triggered builds and tests in CodeBuild and deployments via CodeDeploy upon pushes to the repository. Push events were detected through EventBridge rules, eliminating polling delays and enabling real-time pipeline triggering. Pull request functionality was also available, with approval rule templates that could enforce merge conditions such as "minimum 2 reviewer approvals required." However, compared to GitHub and GitLab, the pull request UI and features were limited, leaving the code review workflow somewhat lacking. Azure DevOps' Azure Repos also provides a cloud-native Git repository, but Azure Repos remains available for new users as of 2026 and continues its integration with Azure Pipelines. For building a solid foundation applicable to any hosting service, books on Git (Amazon) are a great resource.

Service Discontinuation and Migration - Actions Existing Users Should Take

On July 25, 2024, AWS discontinued CodeCommit for new accounts. Existing users can continue using the service, but no new features will be added and a gradual wind-down is expected. AWS itself recommends migrating to third-party Git hosting services such as GitHub, GitLab, and Bitbucket in its official blog. When migrating, you first need to redesign IAM-based access controls to the target platform's authentication model (GitHub Organization permissions, GitLab group permissions, etc.). Since CodePipeline supports GitHub and Bitbucket as source providers, rebuilding pipelines is relatively straightforward. However, if you were using EventBridge rules for CodeCommit triggers, you will need to replace them with GitHub Webhooks or GitLab Webhooks. The simplest migration procedure is to obtain a complete copy of the repository with git clone --mirror and push it to the target with git push --mirror. Branch protection rules and approval templates must be reconfigured manually, so it is important to inventory your current settings before migration.

共有するXB!

Related Terms

AWS CodeBuildAWS CodePipelineAWS CDKAWS CloudFormation

Related Services

AWS CodePipelineAWS CodeBuildAWS CodeDeployAmazon EventBridge

Related Articles

Building CI/CD Pipelines with AWS CodePipeline - Automating from Source to DeploymentAutomate everything from source change detection to build, test, and deployment. Learn about V2 trigger filters, manual approval actions, and cross-account deployment design.Automated Deployment Strategies - Continuous Delivery with AWS CodeDeploy and CodePipelineLearn how to build automated deployments using AWS CodeDeploy and CodePipeline. This guide covers diverse deployment strategies for EC2, Lambda, and ECS, along with practical continuous delivery techniques using pipelines.CI/CD Pipeline Automation - Continuous Delivery with AWS CodePipelineLearn about CI/CD pipeline automation using AWS CodePipeline and CodeBuild.AWS CodeDeploy EC2/On-Premises Deployment - Designing AppSpec and Lifecycle HooksDeclaratively define deployment target paths and lifecycle hooks using AppSpec files. Learn about fleet management with tag-based deployment groups and Auto Scaling integration.Automating Framework Migration - Bulk Language and Runtime Upgrades with AWS Transform CustomLearn how to automate framework and runtime migrations with AWS Transform Custom. Covers Java version upgrades, Python 2 to 3 migration, and enterprise-specific transformation patterns.

Similar Terms and Articles

AWS CodeCommitA secure, private Git repository hosting service provided by AWSAWS CodePipelineA service for building and automating CI/CD pipelines from source to deploymentAWS AmplifyA service that provides full-stack web and mobile application development and hostingCI/CD Pipeline Automation - Continuous Delivery with AWS CodePipelineLearn about CI/CD pipeline automation using AWS CodePipeline and CodeBuild.