Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
AWS Automation Cookbook
AWS Automation Cookbook

AWS Automation Cookbook: Continuous Integration and Continuous Deployment using AWS services

eBook
€17.99 €26.99
Paperback
€32.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

AWS Automation Cookbook

Using AWS CodeCommit

The following recipes will be covered in this chapter:

  • Introducing VCS and Git
  • Introducing AWS CodeCommit - Amazon managed SAAS Git
  • Getting started with CodeCommit for HTTP users
  • Setting up CodeCommit for SSH users using AWS CLI
  • Applying security and restrictions
  • Migrating a Git repository to AWS CodeCommit

Introduction

In this chapter, we will be working with Git and will mostly play around with AWS CodeCommit. We will set up a repository in AWS CodeCommit using the console, as well as CLI, and enforce a security policy on top of it. We will also migrate the basic Git-based repository to AWS CodeCommit, and will cover some best practices and troubleshooting while dealing with issues on AWS CodeCommit.

Introducing VCS and Git

VCS comes under the category of software development, which helps a software team manage changes to source code over time. A VCS keeps track of each and every modification to the code in a database. If a mistake is made, the developer can compare earlier versions of the code and fix the mistake while minimizing disturbance to the rest of the team members.

The most widely used VCS in the world is Git. It's a mature and actively maintained open source project developed by Linus Torvalds in 2005.

What is VCS?

A version control system (VCS) is the system where the changes to a file (or a set of files) usually get recorded so that we can recall it whenever we want. In this book, we mostly play around with the source code of software or applications, but that does not mean that we can track the version changes to only the source code. If you are a graphic designer or infrastructure automation worker and want to keep every version of image layout or configuration file change, then VCS is the best thing to use.

Why VCS ?

There are lots of benefits to using VCS for a project. A few of them are mentioned here:

  • Collaboration: Anyone or everyone in the team can work on any file of the project at any time. There would be no question where the latest version of a file or the whole project is. It's in a common, central place, your version control system.
  • Storing versions properly: Saving a version of a file or an entire project after making changes is an essential habit, but without using a VCS, it will become very tough, tedious, and error-prone. With a VCS, we can save the entire project and mention the name of the versions as well. We can also mention the details of the projects, and what all changes have been done in the current version as compared to the previous version in a README file.
  • Restoring previous versions: If you mess up with your present code, you can simply undo the changes in a few minutes.

There are many more features of using VCS while implementing or developing a project.

Types of VCS

The types of VCS are mentioned as follows:

  • Local version control system: In a local VCS, all the changes to a file are kept in the local machine, which has a database that has all the changes to a file under revision control, for example, Revision control system (RCS).
  • Centralized version control system: In a centralized VCS, we can collaborate with other developers on different machines. So in these VCS, we need a single server that contains all the versioned files and the number of clients can check out files from that single server, for example, Subversion (SVN).
  • Distributed version control system: In a distributed VCS, the client not only checks out the latest version of the file but also mirrors the whole repository. Thus if any server dies, and these systems were collaborating via it, any of the client repositories can be copied back to the server to restore it. An example of this is Git.

What is Git?

Git is a distributed VCS, and it came into the picture when there was some maintenance needed in the Linux Kernel. The Linux Kernel development community was using a proprietary Distributed version control system (DVCS) called BitKeeper. But after some time, the relationship between the Linux community developers and the proprietary software BitKeeper broke down, which led to Linux community developers (in particular Linux creator Linus Torvalds) developing their own DVCS tool called Git. They took a radical approach that makes it different from other VCSs such as CVS and SVN.

Why Git over other VCSs?

It wouldn't be appropriate to say Git is better than SVN or any other VCS. It depends on the scenario and the requirements of the project. But nowadays, most enterprises have chosen Git as their VCS for the following reasons:

  • Distributed nature: Git has been designed as a distributed VCS, which means every user can have a complete copy of the repository data stored locally, so they can access the file history extremely fast. It also allows full functionality when the user is not connected to the network, whereas in a centralized VCS, such as SVN, only the central repository has the complete history. This means the user needs to connect with the network to access the history from the central repository.
  • Branch handling: This is one of the major differences. Git has built-in support for branches and strongly encourages developers to use them, whereas SVN can also have branches, but its practice and workflow does not have the inside command. In Git, we can have multiple branches of a repository, and in each repository, you can carry out development, test it, and then merge, and it's in a tree fashion. In SVN, everything is linear; whenever you add, delete, or modify any file, the revision will just increment by one. Even if you roll back some changes in SVN, it will be considered a new revision:
  • Smaller space requirements: Git repositories and working directory sizes are very small in comparison with SVN.

Features of Git

The following are some of the features of Git:

  • Captures snapshots, not entire files: Git and other VCSs had this major difference; VCS keeps the record of revisions in the form of a file. This means it keeps a set of files for every revision. Git, however, has another way of accounting for changes. Every time you commit or save the state of your project in Git, it basically takes a snapshot of what your files look like at that very moment and stores a reference to that snapshot. If files have not been changed, Git does not store the file again; it stores a link to the previous identical file it has already stored.
  • Data integrity: Before storing any data in a Git repository, it is first checksummed, and is then referred to by that checksum. That means, if you carry out any other modification in the file, then Git will have every record of every modification. The mechanism used by Git for checksumming is known as SHA-1 hash.

    SHA-1 hash looks something like this:

    b52af1db10a8c915cfbb9c1a6c9679dc47052e34
  • States and areas: Git has three main states and views all files in three different states:

    • Modified: This is the modification that has been done in the file, but not yet written or committed in the database.
    • Committed: This ensures that the source code and related data are safely stored in your local database or machine
    • Staged: This ensures that the modified file is added in its current version and is ready for the next commitment.

How to do it...

Here are the steps and commands that will guide you through installing and setting up Git and creating a repository in a very famous self-hosted Git, GitHub.

Installation of Git and its implementation using GitHub

  1. If you want to use Git, we have to install the Git package on our system:
    • For Fedora distributions (RHEL/CentOS):
# yum install git
  • For Debian distributions (Debian/Ubuntu):
# apt-get install git
  1. Configure your identity with Git because every Git commit uses this information, for example, the following commit has been done by User awsstar and email is [email protected]:
# git config --global user.name “awsstar”
# git config --global user.email “[email protected]
  1. Check your settings. You will find the above username and email-id:
# git config --list
  1. Now, let's try to create a repository on GitHub:
    • Hit www.github.com in your web browser and log in with your credentials
    • Click on create New Repository

Then, we will get something like the following screenshot. We have to mention the Repository name and a Description of the repository. After that, we need to select Public or Private based on our requirements. When we opt for Public, then anyone can see your repository, but you pick who can commit; when you opt for Private, then you pick who can see and who can commit, meaning by default it won't be visible to anyone. After that, we have to initialize the README, where we can give a detailed description of the project and click on Create Repository:

  1. Once we have a repository, HelloWorld, then let's try to clone it to our local machine and some program files. Cloning a repository means creating a local copy of the repository and it can be done as follows:
    • Now, clone the URL:
    root@awsstar:~# git clone https://github.com/awsstar/HelloWorld.git
Cloning into 'HelloWorld'...
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (4/4), done.
Checking connectivity... done.
root@abae81a80866:~# ls
HelloWorld
root@awsstar:~# cd HelloWorld
root@awsstar:~/HelloWorld# ls
LICENSE README.md
root@awsstar:~/HelloWorld#
  1. We have the HelloWorld repository on our local machine. So, let's add index.html and push it back to the repository. Create a file, index.html, and write HelloWorld inside it:
    root@awsstar:~/HelloWorld# echo '<h1> HelloWorld </h1>' > index.html
  1. The git status command checks the current status and reports whether there is anything left to commit or not:
    root@awsstar:~/HelloWorld# git status
On branch masterYour branch is up-to-date with 'origin/master'.Untracked files: (use "git add <file>..." to include in what will be committed)
index.html
nothing added to commit but untracked files present (use "git add" to track)
  1. Now to add the changes to the repository, we have to enter this command:
    root@awsstar:~/HelloWorld# git add .
  1. To store the current contents of the index in a new commit, along with a log message from the user describing the changes, we need to enter this command:
    root@awsstar:~/HelloWorld# git commit -m "index.html added"
[master 7be5f57] index.html added 1 file changed, 1 insertion(+)
create mode 100644 index.html
  1. Push your local changes to the remote repository:
    root@awsstar:~/HelloWorld# git push origin master
Username for 'https://github.com': awsstar
Password for 'https://[email protected]':
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 327 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://github.com/awsstar/HelloWorld.git
a0a82b2..7be5f57 master -> master

Here, we can see that index.html is now in our GitHub repository:

You can set up Git on your own server. Refer to this for more info: https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server

Introducing AWS CodeCommit - Amazon managed SaaS Git

AWS CodeCommit is a version control system, which is managed by Amazon Web Services, where we can privately store and manage assets in the Cloud and integrate with AWS. It is a highly scalable and secure VCS that hosts private Git repositories and supports the standard functionality of Git, so it works very well with your existing Git-based tools.

The following are the benefits of CodeCommit:

  • Managed service: CodeCommit is fully managed, distributed, fault tolerant, and carries no administrative overhead. It is elastic (able to adapt to a high workload) and, as mentioned, integrated with other AWS services.
  • No limit to storage and file type: We can store as many files as we want, because CodeCommit does not have space limitations. We can store not only source code but also documents and binary files.
  • Data and access security: CodeCommit repositories are encrypted while they are in AWS CodeCommit or when getting cloned somewhere. It is also integrated with IAM for user-level or specific API-level security.
  • HA (high availability): Whatever data we push into the repository, it will replicate across AZs (Availability Zones).
  • Easy migration of Git-based repository: We can easily migrate a remote Git-based repository to AWS CodeCommit.

These are some limitations or drawbacks of self-hosted VCS (BitBucket/GitHub/GitLab), which you won't find in AWS CodeCommit:

  • We may have to pay a license fee on a per-developer basis
  • We may end up with high hardware maintenance costs and high support staffing costs
  • Limitation on the amount and types of files that can be stored and managed
  • Limitation on the number of branches, the amount of version history, and other related metadata that can be stored

How to do it...

AWS CodeCommit is configured just like other Git-based repositories, such as GitHub. The following diagram shows how we use a development machine, AWS CLI/AWS Console, and CodeCommit to create and manage a repository:

(Reference: AWS CodeCommit Docs)

The basic workflow is described as follows:

  1. Using AWS CLI or CodeCommit Console, we can create a CodeCommit repository.
  2. Post that, use git clone in the CodeCommit repository URL on your local development machine.
  3. Once the repository gets cloned into the development machine, make the changes in the repository by adding to or editing the files. After that, enter the git add command and put it into the staging area, commit by giving a change message, and then push it back to the repository.
  4. After that, we can carry out git pull to synchronize the code in the AWS CodeCommit repository with our local repository. At this point in time, you will be working with the latest changes and the versions of the files.

Getting started with CodeCommit for HTTP users

AWS provides both Console and CLI access to create a repository in AWS CodeCommit. Let's get started and create a repository, then clone it in development using HTTPS credentials.

How to do it...

  1. Open the AWS CodeCommit console at https://console.aws.amazon.com/codecommit.

  1. On the welcome page, choose Get Started Now (if a dashboard page appears instead of the welcome page, choose Create repository):
  1. Then, we will get a box, Connect to your Repository, which will provide further instructions on ways of connecting to CodeCommit via HTTPS or SSH. We can close that and move further, but it's advisable to read every message or information prompt from AWS.

  1. Now, we will clone the repository, but before that, we need HTTPS Git credentials. We will get the HTTPS Git credentials of an IAM user, which is attached with the policy of CodeCommit access through IAM console. So let's try to create a user first, assign the CodeCommit policy, and get the HTTPS Git credentials for that user.
  2. Open the AWS IAM console by hitting https://console.aws.amazon.com/iam in a new tab.
  3. Click on Add User.
  4. Give IAM user a username as awsccuser and check both the Access type boxes (Programmatic access /AWS Management Console access), set a Custom password, and click on Next:Permission:
  1. We then get the set permission on the username page. On this page, first click on Attach existing Policies directly after which we search CodeCommit in the search box of Policy type:
  1. Click on the AWSCodeCommitPowerUser policy and click on Next.
  2. Post review, click on Create User.
  3. Download credentials provided by the AWS IAM user; these credentials are basically secret and access key.
  4. After that, we need to click on the User section. Then, click on Security credentials.

  1. Scroll down and we will see a section called HTTPS Git credentials for AWS CodeCommit; after that, click on Generate:
  2. Once we click on Generate, we will get a username and password; then, click on Download credentials.
  3. Again, let's go to the CodeCommit console and click on Clone URL and then HTTPS.
  4. Copy the link and enter the following command on the development machine:
    # git clone https://git-codecommit.us-east-    1.amazonaws.com/v1/repos/HelloWorld
    root@awsstar:~# git clone https://git-codecommit.us-east-    1.amazonaws.com/v1/repos/HelloWorld
Cloning into 'HelloWorld'...
Username for 'https://git-codecommit.us-east-1.amazonaws.com': awsccuser-at-160384169139
Password for 'https://awsccuser-at-160384169139@git- codecommit.us- east-1.amazonaws.com':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.
root@awsstar:~# ls
HelloWorld
root@awsstar:~#
  1. We just cloned an empty repository; now, it's time to put a sample index.html file in the CodeCommit HelloWorld repository. We will now create a file named index.html and put some content in it. Add content and commit it, before pushing it to the repository:
     root@awsstar:~# cd HelloWorld/
root@awsstar:~/HelloWorld# echo '<h1> Hello World </h1>' > index.html
root@awsstar:~/HelloWorld# git add .
root@awsstar:~/HelloWorld# git commit -m " index.html push "
[master (root-commit) bc76f76] index.html push
1 file changed, 1 insertion(+)
create mode 100644 index.html
root@awsstar:~/HelloWorld# git push origin master
Username for 'https://git-codecommit.us-east-1.amazonaws.com': awsccuser-at-160384169139
Password for 'https://awsccuser-at-160384169139@git- codecommit.us- east-1.amazonaws.com':
Counting objects: 3, done.
Writing objects: 100% (3/3), 233 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To https://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld
* [new branch] master -> master
  1. Now, we pushed a file to our newly created repository in AWS CodeCommit. To verify this, let's see the AWS CodeCommit console, and see whether the checked-in file is there or not (refresh the CodeCommit console, if you were there from the start):

  1. To see more details, click on Commits, and see which user has committed and which files have changed:
  1. This shows information such as when index.html got pushed, on what date, and by whom.

  1. Now, to wrap up or to delete the repository, click on the Settings section and on the Delete Repository; then a prompt box will pop up, where we put the repository name and click on Delete:
  1. After clicking on Delete, your repository will get deleted:

Setting up CodeCommit for SSH users using AWS CLI

In the previous recipe, we saw how we can access the repository using the username and password. In this section, we will use SSH private and public keys to access the repository. We will be accessing the repository using SSH connections.

This topic assumes that you already have, or know how to create, a pair of public/private keys. You should be familiar with SSH and its configuration files.

Getting ready

Before setting up CodeCommit for SSH users, we need the AWS CLI installed and configured with the respective AWS account. To install the AWS CLI on our development machine, we need to perform these steps:

  1. We need to install python-pip and AWS CLI tools. Usually, in CentOS/RHEL, python-pip comes with EPEL (Extra Package for Enterprise Linux):
    # yum install epel-release python-pip
# pip install awscli
  1. Once we have the awscli command installed in our system, we have to configure it using the access and secret Key, as well as the region we will use the AWS account in. If you remember, we had created a user while generating the https git credentials, but at that moment, we also downloaded another type of credentials, the secret and access key. So, we need that over here.
  2. Now, let's configure AWS CLI:
    awsstar@awsstar:~$ aws configure
AWS Access Key ID [None]: AKIxxxxxxxxxxxxxDDA
AWS Secret Access Key [None]: b+GEuc2u3xxxxxxxxxxxxxx+av/5eK
Default region name [None]: us-east-1
Default output format [None]:
  1. Once the configuration is done, let's try to list the repository:
    awsstar@awsstar:~$ aws codecommit list-repositories
{
"repositories": [
{
"repositoryName": "NixSrj",
"repositoryId": "73caf1e3-65a9-44bf-8c6a-a3bd3e0260b0"
},
{
"repositoryName": "ECS-POC",
"repositoryId": "62063220-b0fc-4519-9d54-896be46a7521"
},
{
"repositoryName": "terraform-Openshift",
"repositoryId": "20f88492-81bb-4068-8867-5d17a1d3ec5b"
}
]
}
  1. So it's showing the repository, which means the credentials are working fine and we are good to go to create a repository now.

How to do it...

  1. Create a repository, HelloWorld:
    awsstar@awsstar:~$ aws codecommit create-repository --repository-    name HelloWorld --repository-description "This repository includes     static page of HelloWorld"
{
"repositoryMetadata": {
"repositoryName": "HelloWorld",
"cloneUrlSsh": "ssh://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld",
"lastModifiedDate": 1501778613.664,
"repositoryDescription": "This repository includes static page of HelloWorld",
"cloneUrlHttp": "https://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld",
"creationDate": 1501778613.664,
"repositoryId": "53866a81-8576-4e79-ab5a-36882c33b717",
"Arn": "arn:aws:codecommit:us-east-1:160384169139:HelloWorld",
"accountId": "160384169139"
}
}
  1. Now, check it using the following command:
    awsstar@awsstar:~$ aws codecommit list-repositories
{
"repositories": [
{
"repositoryName": "HelloWorld",
"repositoryId": "53866a81-8576-4e79-ab5a-36882c33b717"
}
]
}
  1. Let's try to clone the HelloWorld repository from CodeCommit to our development machine; but before that, we have to establish SSH authentication. To do that, we have to perform the following operations to generate the SSH keys:
    awsstar@awsstar:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/awsstar/.ssh/id_rsa):
Created directory '/home/awsstar/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/awsstar/.ssh/id_rsa.
Your public key has been saved in /home/awsstar/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NMUiRSDRD9SxrSIcYm9A4BYau2TOaeEfk5TgRmy3i4o root@aa21529d724f
The key's randomart image is:
+---[RSA 2048]----+
|+=. o+o=+o. |
|=*o...+ o+. |
|+O=oo ++.. |
|Oo+*.. ..o |
|.*.+* . S |
|...oo. . |
|o . |
|E |
| |
+----[SHA256]-----+
  1. The preceding command will create two keys; one is the public key (id_rsa.pub) and the other one is the private key (id_rsa).
  2. Now, we have to upload the public key to the user of AWS we created:
    awsstar@awsstar:~$ cd .ssh
awsstar@awsstar:~/.ssh$ aws iam upload-ssh-public-key --user-name awsccuser --ssh-public-key-body "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk437p8/JmhGOdM9oYNK/r1xpOnuA2cQNfYys7lnE9gXJdTEjniHNFcJZMkIVmtYQGAqEh37BWGfXl4s5iw/NSfkDuZf8zegAgyPryR0KTTUG2f/rrtyLtlAPlSXjtCmHakZzhwIoRJtzkDbSpKoUOD8fNnS3kKIwk7Dp3+gGLLgo9eoZdud9h/E5+NpORog7wg7xaTgg3mwa9StaPHKMxJNwNc71dIuUyAh2S6bDbHB3QWLNfrJABYqPq5HGFh3KLogH9GHBMajshLEOS4Ygk3uC8FzB+eP4oneuWd2n68N3qg5RmX0U5lAL8s3+ppuhmjlbSvDOdBUJdpgEL/AQZ awsstar@awsstar"
  1. We need to make a note of some details, such as the SSHPublicKeyId provided as output in thew JSON format, while uploading the SSH public key.
  2. We have to bring about some modification in the config file lying in $HOME/.ssh/config:
    awsstar@awsstar:~$ vi .ssh/config
Host git-codecommit.us-east-1.amazonaws.com
User APKAIGJDPRJL3INHSJ6Q
IdentityFile ~/.ssh/id_rsa
  1. Once we are done saving the config file, let's see the connectivity between the development machine and AWS CodeCommit:
    awsstar@awsstar:~$ ssh git-codecommit.us-east-1.amazonaws.com
The authenticity of host 'git-codecommit.us-east-1.amazonaws.com (54.239.20.155)' can't be established.
RSA key fingerprint is SHA256:eLMY1j0DKA4uvDZcl/KgtIayZANwX6t8+8isPtotBoY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'git-codecommit.us-east- 1.amazonaws.com,54.239.20.155' (RSA) to the list of known hosts.
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.com closed by remote host.
Connection to git-codecommit.us-east-1.amazonaws.com closed.
  1. We get the output that says Successfully authenticated over SSH, so now we are ready to clone the repository. We can clone the SSH URL of the repository, which we obtain from the JSON output while creating the repository:
    awsstar@awsstar:~$ git clone ssh://git-codecommit.us-east-    1.amazonaws.com/v1/repos/HelloWorld
Cloning into 'HelloWorld'...
warning: You appear to have cloned an empty repository.
checking connectivity... done
awsstar@awsstar:~$ ls
HelloWorld
awsstar@awsstar:~$
  1. So, we cloned an empty repository; now it's time to put a sample index.html file in the CodeCommit HelloWorld repository:
     awsstar@awsstar:~/HelloWorld$ echo '<h1> Hello World </h1>' >     index.html
awsstar@awsstar:~/HelloWorld$ git add .
awsstar@awsstar:~/HelloWorld$ git commit -m " index.html push "
[master (root-commit) bc76f76] index.html push
1 file changed, 1 insertion(+)
create mode 100644 index.html
root@awsstar:~/HelloWorld# git push origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 233 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld
* [new branch] master -> master
  1. In this stage, we successfully pushed our local file into the AWS CodeCommit HelloWorld repository.

Applying security and restrictions

In an enterprise where a product is being developed, we find lots of developers on different teams working with different repositories but in the same Git-based VCS.

Here in CodeCommit, if we give a user CodeCommitPowerUser access, then the user will have full control over all the repositories, except the deletion of repositories. So, a Power User will be able to see the source code of all other repositories, that is, there won't be any privacy. This is the kind of permission you should avoid giving another user.

In some companies, they have different use cases, for example, they only require a few of their developers to have access to all Git-based commands and on the specific repository. We dive into how to implement this type of scenario.

Getting ready

To implement this scenario, we use AWS IAM services, where we will create a user and attach it to a CodeCommit custom policy, and that policy will have access to only a specific repository with specific Git commands.

How to do it...

Let's get started with that, and perform the following operations:

  1. First of all, let's create a custom policy where we will give the restriction definition.
  2. Go to IAM Console and click on the Policies section. Then, click on Create Policy:
  3. Click on Create Your Own Policy:
  1. You will be redirected to another page where you have to fill in the Policy Name, a description of the policy, and a policy document. The policy document will be the definition, where we will mention the resources and actions:
  1. Insert the following policy definition (x60xxxxxxx39 will be basically your account ID):
    {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Resource": "arn:aws:codecommit:us-east-1:x60xxxxxxx39:HelloWorld"
}
]
}
  1. Click on Create Policy; then we will have our own custom policy:
  2. Now, let's remove the AWSCodeCommitPowerUser access from the IAM user that we created to clone the repository by clicking on x:
  1. Click on Add permissions, after that click on Attach Existing Policies Directly and search for Policy name in filter, check that, and save it:
  1. We will have a user with only our custom policy, which means the user will only have access to the HelloWorld repository and only two actions, git push and git clone:
    awsstar@awsstar:~$ aws codecommit list-repositories
An error occurred (AccessDeniedException) when calling the ListRepositories operation: User: arn:aws:iam::16xxxxxx139:user/awsccuser is not authorized to perform: codecommit:ListRepositories

The preceding command output shows AccessDeniedException, that is, awsccuser is not authorized to perform codecommit:ListRepositories. The reason for this is we have given access to only two operations or actions: git push and git clone.

Migrating a Git repository to AWS CodeCommit

As a developer, it's highly possible that we have our code in a GitHub account. So, we will see the migration of a GitHub repository to AWS CodeCommit. Customers often need to replicate commits from one repository to another to support disaster recovery or cross-region CI/CD pipelines. AWS CodeCommit has lots of flexibility when it comes to AWS developer services, such as CodeBuild, CodeDeploy, and CodeStar. Most companies nowadays will think to migrate from those repositories to AWS CodeCommit:

How to do it...

The following are the steps for migrating a project or repository hosted on another Git repository to AWS CodeCommit:

  1. Firstly, we have to create a CodeCommit repository named HelloWorld (refer to the previous CodeCommit repository either using HTTPS or SSH).

  1. After creating a CodeCommit repository, clone it to the local machine. Since we are cloning the repository using an HTTPS connection, then we need to give the HTTPS credentials of username and password (you can refer to the previous recipe):
    root@awsstar:~# git clone https://git-codecommit.us-east-    1.amazonaws.com/v1/repos/HelloWorld
Cloning into 'HelloWorld'...
Username for 'https://git-codecommit.us-east-1.amazonaws.com': awsccuser-at-1xxxxxxxx39
Password for 'https://[email protected] east-1.amazonaws.com':
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

3. Now, clone a GitHub repository using --mirror into another new folder. Here we have a GitHub repository whose name is Docker-Compose-CI-CD, which will be cloned into a pre-existing empty folder precommit:

>
     root@awsstar:~# mkdir precommit
root@awsstar:~# git clone --mirror https://github.com/awsstar/Docker-Compose-CI-CD.git precommit
Cloning into bare repository 'precommit'...
remote: Counting objects: 36, done.
remote: Total 36 (delta 0), reused 0 (delta 0), pack-reused 36
Unpacking objects: 100% (36/36), done.
Checking connectivity... done.
  1. Go to the directory where you made the clone:
    root@awsstar:~# cd precommit/
  1. Run the git push command, specifying the URL and name of the destination AWS CodeCommit repository and the --all option:
    root@awsstar:~/precommit# git push https://git-codecommit.us-east-    1.amazonaws.com/v1/repos/HelloWorld --all
Username for 'https://git-codecommit.us-east-1.amazonaws.com': awsccuser-at-160384169139
Password for 'https://awsccuser-at-160384169139@git- codecommit.us- east-1.amazonaws.com':
Counting objects: 36, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (33/33), done.
Writing objects: 100% (36/36), 3.73 KiB | 0 bytes/s, done.
Total 36 (delta 17), reused 0 (delta 0)
To https://git-codecommit.us-east- 1.amazonaws.com/v1/repos/HelloWorld
* [new branch] master -> master
  1. Now, let's view the migrated files in AWS CodeCommit:

Here, we can see how easily we have migrated the project from GitHub to AWS CodeCommit.

Left arrow icon Right arrow icon

Key benefits

  • • Accelerate your infrastructure's productivity by implementing a continuous delivery pipeline within your environment
  • • Leverage AWS services and Jenkins 2.0 to perform complete application deployments on Linux servers
  • • This recipe-based guide that will help you minimize application deployment downtime

Description

AWS CodeDeploy, AWS CodeBuild, and CodePipeline are scalable services offered by AWS that automate an application's build and deployment pipeline. In order to deliver tremendous speed and agility, every organization is moving toward automating their entire application pipeline. This book will cover all the AWS services required to automate your deployment to your instances. You'll begin by setting up and using one of the AWS services for automation –CodeCommit. Next, you'll learn how to build a sample Maven and NodeJS application using CodeBuild. After you've built the application, you'll see how to use CodeDeploy to deploy the application in EC2/Auto Scaling. You'll also build a highly scalable and fault tolerant Continuous Integration (CI)/Continuous Deployment (CD) pipeline using some easy-to-follow recipes. Following this, you'll achieve CI/CD for a microservice application and reduce the risk within your software development life cycle globally. You'll also learn to set up an infrastructure using CloudFormation templates and Ansible, and see how to automate AWS resources using AWS Lambda. Finally, you'll learn to automate instances in AWS and automate the deployment lifecycle of applications. By the end of this book, you'll be able to minimize application downtime and implement CI/CD, gaining total control over your software development lifecycle.

Who is this book for?

This book is for developers and system administrators who are responsible for hosting their application and managing instances in AWS. It’s also ideal for DevOps engineers looking to provide continuous integration, deployment, and delivery. A basic understanding of AWS, Jenkins, and some scripting knowledge is needed.

What you will learn

  • • Build a sample Maven and NodeJS Application using CodeBuild
  • • Deploy the application in EC2/Auto Scaling and see how CodePipeline helps you integrate AWS services
  • • Build a highly scalable and fault tolerant CI/CD pipeline
  • • Achieve the CI/CD of a microservice architecture application in AWS ECS
  • using CodePipeline, CodeBuild, ECR, and CloudFormation
  • • Automate the provisioning of your infrastructure using CloudFormation and Ansible
  • • Automate daily tasks and audit compliance using AWS Lambda
  • • Deploy microservice applications on Kubernetes using Jenkins Pipeline 2.0

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 24, 2017
Length: 388 pages
Edition : 1st
Language : English
ISBN-13 : 9781788392112
Vendor :
Amazon
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Nov 24, 2017
Length: 388 pages
Edition : 1st
Language : English
ISBN-13 : 9781788392112
Vendor :
Amazon
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 102.97
Mastering AWS Security
€32.99
AWS Automation Cookbook
€32.99
AWS Networking Cookbook
€36.99
Total 102.97 Stars icon
Banner background image

Table of Contents

10 Chapters
Using AWS CodeCommit Chevron down icon Chevron up icon
Building an Application using CodeBuild Chevron down icon Chevron up icon
Deploying Application using CodeDeploy & CodePipeline Chevron down icon Chevron up icon
Building Scalable and Fault-Tolerant CI/CD Pipeline Chevron down icon Chevron up icon
Understanding Microservices and ECS Chevron down icon Chevron up icon
Continuous Deployment to ECS Using Developer Tools and CloudFormation Chevron down icon Chevron up icon
IaC Using CloudFormation and Ansible Chevron down icon Chevron up icon
Automating AWS Resource Control Using AWS Lambda Chevron down icon Chevron up icon
Microservice Applications in Kubernetes Using Jenkins Pipeline 2.0 Chevron down icon Chevron up icon
Best Practices and Troubleshooting Tips Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.2
(6 Ratings)
5 star 33.3%
4 star 16.7%
3 star 16.7%
2 star 0%
1 star 33.3%
Filter icon Filter
Top Reviews

Filter reviews by




urelle fogel Oct 06, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I drank with him in Singapore! He is a very smart man and knows his way around the kitchen.
Amazon Verified review Amazon
Tom Cheung May 27, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A very practical book for modern CI/CD, especially with Jenkins and ECS
Amazon Verified review Amazon
Placeholder Oct 26, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Pros:Packing is good.Delivery in time.Quality of book is good.Content in book is really good with beautiful examples.New bees and system admin with out AWS back ground it is a cake walk.Guys like me who do not like coding really loves this book.Cons :I was expecting real time scenarios in every topic. Though it covers several scenarios like a cake walk and explained with screenshots book did not cover what actually happens in real world.
Amazon Verified review Amazon
Amazon Customer Nov 19, 2018
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
Good Book for someone who wants to know CD/CI in AWS but can be better.Docker and other concepts could have been explained giving more examples. Good read for someone having basic knowledge on AWS
Amazon Verified review Amazon
Hosea Nguh Akam Aug 03, 2021
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
This was written in 2017 and is outdated. Regret buying this book, wanted to return the book but it was late
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.