{"id":198,"date":"2026-04-13T04:19:09","date_gmt":"2026-04-13T04:19:09","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/aws-codecommit-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/"},"modified":"2026-04-13T04:19:09","modified_gmt":"2026-04-13T04:19:09","slug":"aws-codecommit-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/aws-codecommit-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/","title":{"rendered":"AWS CodeCommit Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Developer tools"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Developer tools<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>AWS CodeCommit is a fully managed source control service that hosts private Git repositories in AWS. It\u2019s designed for teams that want Git-based version control without running and patching their own Git servers.<\/p>\n\n\n\n<p>In simple terms: AWS CodeCommit gives you a secure, private place to store your code (and related files) using standard Git tooling (clone, commit, push, pull, branch, merge). You use your normal Git client, while AWS operates the repository infrastructure.<\/p>\n\n\n\n<p>Technically, AWS CodeCommit provides regional Git endpoints that integrate with AWS Identity and Access Management (IAM) for authentication and authorization, supports encryption at rest and in transit, and integrates with other AWS Developer tools such as AWS CodeBuild and AWS CodePipeline. You can automate actions on repository events using Amazon EventBridge, AWS Lambda, and Amazon Simple Notification Service (SNS).<\/p>\n\n\n\n<p><strong>What problem it solves:<\/strong> it removes the operational overhead of hosting Git repositories (availability, durability, scaling, backups, and access control), while keeping repositories inside your AWS security and governance boundary.<\/p>\n\n\n\n<blockquote>\n<p>Important service-status note: AWS has, at times, adjusted availability and onboarding for AWS CodeCommit (for example, restricting new customer access in some periods). <strong>Verify current availability and onboarding guidance in the official AWS CodeCommit documentation and product page<\/strong> before standardizing on it for a new organization.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is AWS CodeCommit?<\/h2>\n\n\n\n<p><strong>Official purpose:<\/strong> AWS CodeCommit is a managed Git repository service. Its goal is to provide private source control with AWS-native identity, auditing, and integrations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Host <strong>private Git repositories<\/strong>.<\/li>\n<li>Standard Git operations over <strong>HTTPS and SSH<\/strong>.<\/li>\n<li><strong>IAM-based access control<\/strong> (users, roles, policies) and optional repository-specific controls (where supported).<\/li>\n<li><strong>Pull requests<\/strong> for code review and collaboration.<\/li>\n<li>Repository browsing, diffs, history, and comments in the AWS console.<\/li>\n<li>Event-driven automation via <strong>Amazon EventBridge<\/strong> and\/or repository triggers (depending on current feature set\u2014verify in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Repository<\/strong>: the Git repository resource (created in a specific AWS Region).<\/li>\n<li><strong>Branches \/ commits \/ tags<\/strong>: standard Git concepts.<\/li>\n<li><strong>Pull requests<\/strong>: review workflow inside the console.<\/li>\n<li><strong>Approval rules \/ templates<\/strong>: policy-driven review gates (verify current options in docs).<\/li>\n<li><strong>Authentication methods<\/strong>:<\/li>\n<li>HTTPS using IAM credentials (often via the AWS CLI Git credential helper).<\/li>\n<li>SSH using IAM-managed SSH public keys (where supported).<\/li>\n<li><strong>Integrations<\/strong>: AWS CodePipeline, AWS CodeBuild, AWS Lambda, Amazon EventBridge, AWS CloudTrail, Amazon CloudWatch.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Managed <strong>Developer tools<\/strong> service (source control hosting).<\/li>\n<li>Control-plane actions are performed through AWS APIs\/console\/CLI.<\/li>\n<li>Data-plane is Git traffic to repository endpoints.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope and regionality<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CodeCommit repositories are <strong>regional resources<\/strong>. You create the repository in a chosen AWS Region, and Git operations target that region\u2019s endpoint.<\/li>\n<li>Repositories live in an <strong>AWS account<\/strong>, and can be accessed cross-account via IAM roles and resource policies (where supported\u2014verify in official docs for the latest patterns).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the AWS ecosystem<\/h3>\n\n\n\n<p>AWS CodeCommit commonly serves as the \u201csource\u201d stage in an AWS-native CI\/CD toolchain:\n&#8211; <strong>Source<\/strong>: AWS CodeCommit\n&#8211; <strong>Build\/Test<\/strong>: AWS CodeBuild\n&#8211; <strong>Deploy<\/strong>: AWS CodeDeploy, Amazon ECS, Amazon EKS, AWS CloudFormation, AWS Elastic Beanstalk (service availability varies)\n&#8211; <strong>Orchestration<\/strong>: AWS CodePipeline\n&#8211; <strong>Events\/Automation<\/strong>: Amazon EventBridge + AWS Lambda\n&#8211; <strong>Auditing<\/strong>: AWS CloudTrail\n&#8211; <strong>Secrets<\/strong>: AWS Secrets Manager \/ AWS Systems Manager Parameter Store<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use AWS CodeCommit?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reduce time and cost of running Git infrastructure (no servers, patching, scaling).<\/li>\n<li>Keep code repositories within AWS to align with procurement, governance, and existing cloud strategy.<\/li>\n<li>Centralize access control under IAM and existing AWS security processes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uses <strong>standard Git<\/strong>, so developers keep their existing workflows and tools.<\/li>\n<li>Private repositories with AWS-managed durability and availability (verify specific SLAs in official docs).<\/li>\n<li>Tight integration with AWS CI\/CD services (CodePipeline\/CodeBuild).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No Git server maintenance, backups, or OS-level hardening.<\/li>\n<li>IAM policies can standardize permissions across many repositories.<\/li>\n<li>CloudTrail captures API activity for audit and incident response.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security and compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IAM-based least privilege (fine-grained control via policies).<\/li>\n<li>Encryption in transit (TLS) and at rest (AWS-managed, and in some cases customer-managed KMS keys\u2014verify current capability).<\/li>\n<li>Native audit trails (CloudTrail) and event-driven security automation (EventBridge).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS runs the underlying repository infrastructure; you avoid capacity planning for Git servers.<\/li>\n<li>Scales for team collaboration patterns without building HA architectures yourself (verify quotas\/limits).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose AWS CodeCommit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You want Git hosting <strong>inside AWS<\/strong> with IAM-centric access control.<\/li>\n<li>You already use AWS CodePipeline\/CodeBuild and want a cohesive toolchain.<\/li>\n<li>You prefer a managed service over self-hosting GitLab\/Gitea on EC2\/EKS.<\/li>\n<li>You need to minimize external SaaS dependencies for compliance or network boundary reasons.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose AWS CodeCommit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You require advanced developer platform features such as:<\/li>\n<li>Deep PR analytics, advanced code owners workflows, rich marketplace apps, built-in issue tracking, wikis, or broad third-party integrations typical of GitHub\/GitLab.<\/li>\n<li>Your org standardizes on GitHub Enterprise \/ GitLab Ultimate and wants one tool everywhere.<\/li>\n<li>Your developers need the strongest ecosystem for open-source collaboration and external contributions.<\/li>\n<li>You need a single global repository endpoint with built-in multi-region replication (generally not the model for regional AWS services; verify options).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is AWS CodeCommit used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services and insurance (regulated environments with strong audit requirements)<\/li>\n<li>Healthcare and life sciences (privacy, compliance)<\/li>\n<li>Government and public sector (policy-driven access controls)<\/li>\n<li>Media, gaming, SaaS, e-commerce (CI\/CD-centric engineering orgs)<\/li>\n<li>Manufacturing and IoT (firmware and edge workloads, though large binaries require care)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building AWS-native pipelines<\/li>\n<li>DevOps\/SRE teams standardizing CI\/CD in AWS<\/li>\n<li>Security teams requiring strong IAM governance and audit<\/li>\n<li>Application developers who need private Git hosting without managing infrastructure<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads and architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microservices on ECS\/EKS, serverless on AWS Lambda, and traditional apps on EC2<\/li>\n<li>Infrastructure as Code (CloudFormation, CDK, Terraform) stored in repos<\/li>\n<li>Multi-account AWS organizations using roles and guardrails<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Centralized \u201cshared services\u201d AWS account hosting repositories, with cross-account access from workload accounts<\/li>\n<li>Separate repositories per team\/product, standardized IAM groups and permission boundaries<\/li>\n<li>Automated compliance checks via EventBridge and Lambda on repository events<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production<\/strong>: commonly used as the authoritative source repository feeding CI\/CD to production environments.<\/li>\n<li><strong>Dev\/test<\/strong>: also used for sandboxes, training, and internal tooling; cost and governance still matter because repos can proliferate quickly.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic ways teams use AWS CodeCommit in AWS Developer tools workflows.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Private Git hosting for regulated workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Code must stay within strict cloud account controls and auditable boundaries.<\/li>\n<li><strong>Why AWS CodeCommit fits:<\/strong> IAM access control + CloudTrail auditing + encryption.<\/li>\n<li><strong>Scenario:<\/strong> A bank stores application and IaC repositories in AWS CodeCommit and restricts access via IAM roles with MFA.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Source stage for AWS CodePipeline<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need a simple, AWS-native CI\/CD pipeline with minimal external dependencies.<\/li>\n<li><strong>Why it fits:<\/strong> AWS CodeCommit integrates as a source provider for AWS CodePipeline.<\/li>\n<li><strong>Scenario:<\/strong> A team pushes to <code>main<\/code>, triggering CodePipeline \u2192 CodeBuild tests \u2192 ECS deployment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Centralized source control for a multi-account AWS Organization<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Multiple workload accounts need controlled access to shared libraries and templates.<\/li>\n<li><strong>Why it fits:<\/strong> Cross-account IAM role access patterns can be used (verify current best practice in docs).<\/li>\n<li><strong>Scenario:<\/strong> Platform team hosts \u201cgolden\u201d CloudFormation templates in a shared-services account.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Infrastructure-as-Code repository with automated policy checks<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to enforce security guardrails before infrastructure changes are merged.<\/li>\n<li><strong>Why it fits:<\/strong> PR workflow + event automation (EventBridge\/Lambda) can run checks.<\/li>\n<li><strong>Scenario:<\/strong> On PR creation, a Lambda triggers static analysis and posts results back (implementation varies; verify available APIs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Internal libraries and SDKs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Maintain internal packages and shared code with controlled access.<\/li>\n<li><strong>Why it fits:<\/strong> Private repos + IAM groups per team.<\/li>\n<li><strong>Scenario:<\/strong> Internal Python library versioned in CodeCommit; build pipeline publishes to AWS CodeArtifact.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Secure on-premises-to-AWS developer workflow (hybrid)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Developers on-prem need a managed Git remote without exposing internal Git servers.<\/li>\n<li><strong>Why it fits:<\/strong> HTTPS\/SSH access with IAM and corporate network controls.<\/li>\n<li><strong>Scenario:<\/strong> Developers connect via VPN\/Direct Connect to AWS endpoints and push to CodeCommit.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Automated change notifications to ops\/security<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Ops\/security needs real-time awareness of repository changes to sensitive code.<\/li>\n<li><strong>Why it fits:<\/strong> Event-driven notifications via EventBridge \u2192 SNS\/ChatOps.<\/li>\n<li><strong>Scenario:<\/strong> Any push to <code>main<\/code> triggers an SNS notification to a security distribution list.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Bootstrapping new teams with standardized repository templates<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> New projects need a consistent structure and governance.<\/li>\n<li><strong>Why it fits:<\/strong> Repo templates + approval rules (where supported) and standardized IAM.<\/li>\n<li><strong>Scenario:<\/strong> Platform team provisions new repos with baseline <code>CODEOWNERS<\/code>, pipeline files, and policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Incident-response friendly auditability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to trace who changed what, when, and from where.<\/li>\n<li><strong>Why it fits:<\/strong> Git history + CloudTrail API logs + IAM identity context.<\/li>\n<li><strong>Scenario:<\/strong> During an incident, investigators correlate commits with CloudTrail events and IAM sessions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Migration landing zone from self-managed Git<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Want to retire self-managed Git servers.<\/li>\n<li><strong>Why it fits:<\/strong> Git remote migration is straightforward; CodeCommit hosts private repos.<\/li>\n<li><strong>Scenario:<\/strong> Export bare repos from on-prem Git and push mirrors to AWS CodeCommit.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Code storage for serverless applications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need a clean workflow to manage Lambda code and infrastructure changes.<\/li>\n<li><strong>Why it fits:<\/strong> Repos integrate with CodeBuild and deployment tools.<\/li>\n<li><strong>Scenario:<\/strong> Push triggers pipeline that packages and deploys Lambda + API Gateway.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Disaster recovery simplification for source control<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Self-hosted Git requires HA, backups, and DR testing.<\/li>\n<li><strong>Why it fits:<\/strong> Managed service reduces server-level DR planning; you focus on governance and access.<\/li>\n<li><strong>Scenario:<\/strong> A small team removes a fragile Git VM and uses CodeCommit + backups strategy for critical repos (verify backup options).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>The exact feature set can evolve. The items below reflect common, documented capabilities of AWS CodeCommit; <strong>verify the current documentation for the latest details and any region-specific differences<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Managed private Git repositories<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Hosts Git repositories as a managed AWS service.<\/li>\n<li><strong>Why it matters:<\/strong> Eliminates server maintenance and scaling concerns.<\/li>\n<li><strong>Practical benefit:<\/strong> Teams use standard Git clients without operating Git servers.<\/li>\n<li><strong>Caveats:<\/strong> You still manage repo structure, branching strategy, and user access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">HTTPS and SSH Git access<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Supports Git operations over HTTPS (common in enterprise networks) and SSH (developer preference).<\/li>\n<li><strong>Why it matters:<\/strong> Fits diverse environments and corporate network rules.<\/li>\n<li><strong>Practical benefit:<\/strong> Use existing Git tooling and automation.<\/li>\n<li><strong>Caveats:<\/strong> Authentication differs by method; HTTPS often uses AWS credential helper; SSH requires key management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM-based authentication and authorization<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Uses IAM users\/roles\/policies to control repository access.<\/li>\n<li><strong>Why it matters:<\/strong> Centralized identity governance, MFA, and conditional access.<\/li>\n<li><strong>Practical benefit:<\/strong> Implement least privilege with policy conditions (e.g., source IP, VPC endpoints where applicable).<\/li>\n<li><strong>Caveats:<\/strong> IAM policy design can be complex at scale; test policies carefully.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pull requests (PRs) for code review<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides PRs to review changes before merging.<\/li>\n<li><strong>Why it matters:<\/strong> Enables peer review and change control.<\/li>\n<li><strong>Practical benefit:<\/strong> Reduce defects and enforce standards.<\/li>\n<li><strong>Caveats:<\/strong> Feature depth may be simpler than specialized Git platforms; verify review features you need.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Approval rules (and templates)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allows defining review requirements (for example, number of approvals).<\/li>\n<li><strong>Why it matters:<\/strong> Enforces governance on merges.<\/li>\n<li><strong>Practical benefit:<\/strong> Prevents unreviewed changes to protected branches (implementation specifics vary).<\/li>\n<li><strong>Caveats:<\/strong> Confirm current enforcement behavior and integration points in official docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Console-based repository browsing and diffs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> View files, commits, branches, and diffs in AWS Console.<\/li>\n<li><strong>Why it matters:<\/strong> Quick inspection and review without cloning locally.<\/li>\n<li><strong>Practical benefit:<\/strong> Useful for audits, incident review, and lightweight changes.<\/li>\n<li><strong>Caveats:<\/strong> Not a full IDE; for larger workflows developers still use local tools.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption at rest and in transit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> TLS for data in transit; encryption at rest using AWS-managed mechanisms (and possibly KMS CMKs depending on configuration).<\/li>\n<li><strong>Why it matters:<\/strong> Meets baseline security expectations.<\/li>\n<li><strong>Practical benefit:<\/strong> Reduces compliance friction.<\/li>\n<li><strong>Caveats:<\/strong> If you need customer-managed keys, confirm current setup steps and limitations in docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Event-driven automation (EventBridge \/ triggers)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Emits events on repository activity to drive automation (notifications, compliance checks, pipeline triggers).<\/li>\n<li><strong>Why it matters:<\/strong> Connect source control events to operational workflows.<\/li>\n<li><strong>Practical benefit:<\/strong> Build push\/PR-driven automations without polling.<\/li>\n<li><strong>Caveats:<\/strong> Event schemas and supported events can change; confirm current event patterns.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integration with AWS CI\/CD and developer tooling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Works with AWS CodePipeline, AWS CodeBuild, and other AWS services.<\/li>\n<li><strong>Why it matters:<\/strong> Enables end-to-end AWS-native delivery.<\/li>\n<li><strong>Practical benefit:<\/strong> Consistent IAM security model and audit.<\/li>\n<li><strong>Caveats:<\/strong> If you rely on third-party CI platforms, compare integrations first.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Auditing via AWS CloudTrail<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Records API activity for CodeCommit actions.<\/li>\n<li><strong>Why it matters:<\/strong> Security investigations and compliance.<\/li>\n<li><strong>Practical benefit:<\/strong> Trace identity, time, and source of actions.<\/li>\n<li><strong>Caveats:<\/strong> Git data-plane operations and API logging differ; understand what is recorded and retain logs appropriately.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>AWS CodeCommit provides Git repository endpoints in a region. Developers and automation systems interact using Git clients over HTTPS\/SSH. Authentication is handled via IAM, and authorization is evaluated by IAM policies and (where applicable) resource policies. Repository activity can emit events that integrate with other AWS services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (typical)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A developer\u2019s Git client performs <code>git clone<\/code>\/<code>push<\/code>\/<code>pull<\/code> to a CodeCommit HTTPS or SSH URL.<\/li>\n<li>The request is authenticated (IAM-based).<\/li>\n<li>Authorization policies determine allowed Git operations (e.g., pull, push).<\/li>\n<li>CodeCommit stores repository data in AWS-managed storage.<\/li>\n<li>Optional: repository activity produces events (EventBridge) or triggers, which can start pipelines, run checks, or send notifications.<\/li>\n<li>CloudTrail logs management API calls for auditing.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Common integrations (AWS ecosystem)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS CodePipeline<\/strong>: uses CodeCommit as a source stage for CI\/CD.<\/li>\n<li><strong>AWS CodeBuild<\/strong>: builds and tests code checked out from CodeCommit.<\/li>\n<li><strong>AWS Lambda<\/strong>: reacts to repo events (policy checks, metadata sync).<\/li>\n<li><strong>Amazon EventBridge<\/strong>: routes CodeCommit events to automation targets.<\/li>\n<li><strong>Amazon SNS<\/strong>: notifications to email\/SMS\/HTTP endpoints.<\/li>\n<li><strong>AWS CloudTrail<\/strong>: audit log of API actions.<\/li>\n<li><strong>Amazon CloudWatch Logs\/Metrics<\/strong>: operational monitoring for automated workflows (pipelines\/builds\/lambdas).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IAM<\/strong>: identity, permissions.<\/li>\n<li><strong>KMS<\/strong>: encryption key management (service-managed or customer-managed depending on configuration).<\/li>\n<li><strong>CloudTrail<\/strong>: audit logging.<\/li>\n<li><strong>EventBridge\/SNS\/Lambda<\/strong>: optional automation around repository events.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Primary model:<\/strong> IAM identities (users\/roles\/federated identities).<\/li>\n<li><strong>HTTPS authentication:<\/strong> commonly via AWS CLI credential helper using IAM credentials (best for ephemeral credentials and SSO-based workflows).<\/li>\n<li><strong>SSH authentication:<\/strong> requires associating an SSH public key with an IAM user (verify current support and limitations).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CodeCommit endpoints are AWS service endpoints in the public AWS network space. Access is typically over the internet with TLS.<\/li>\n<li>Some AWS services support <strong>VPC endpoints (AWS PrivateLink)<\/strong>; whether CodeCommit supports specific endpoint types and the latest recommended private connectivity patterns should be <strong>verified in official docs<\/strong>.<\/li>\n<li>Enterprises often rely on:<\/li>\n<li>outbound proxies<\/li>\n<li>VPN\/Direct Connect + egress controls<\/li>\n<li>IAM condition keys (e.g., source IP) for access restrictions<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>CloudTrail<\/strong> organization-wide where possible; centralize logs to a dedicated account.<\/li>\n<li>Use <strong>EventBridge<\/strong> for automation and notifications rather than ad-hoc scripts.<\/li>\n<li>Track repository sprawl via tagging, naming conventions, and periodic reviews.<\/li>\n<li>Establish a standard branching and PR policy for consistency.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  Dev[Developer Git client] --&gt;|HTTPS\/SSH Git| CC[AWS CodeCommit Repo]\n  CC --&gt;|Source| CP[AWS CodePipeline]\n  CP --&gt; CB[AWS CodeBuild]\n  CB --&gt; Deploy[Deploy target: ECS\/EKS\/Lambda\/EC2]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Identity[Identity &amp; Access]\n    SSO[AWS IAM Identity Center \/ Federation] --&gt; IAM[IAM Roles &amp; Policies]\n  end\n\n  subgraph Repo[Source Control (Regional)]\n    CC[AWS CodeCommit Repository]\n  end\n\n  subgraph Events[Events &amp; Automation]\n    EB[Amazon EventBridge]\n    SNS[Amazon SNS Notifications]\n    L[Lambda Policy\/Compliance Checks]\n  end\n\n  subgraph CICD[CI\/CD]\n    CP[AWS CodePipeline]\n    CB[AWS CodeBuild]\n  end\n\n  subgraph Audit[Audit &amp; Governance]\n    CT[AWS CloudTrail]\n    Logs[Central Log Archive (S3\/CloudWatch Logs)]\n    KMS[AWS KMS Keys]\n  end\n\n  Dev[Developers\/Automation] --&gt;|Git over HTTPS\/SSH| CC\n  IAM --&gt; CC\n\n  CC --&gt; EB\n  EB --&gt; SNS\n  EB --&gt; L\n\n  CC --&gt; CP\n  CP --&gt; CB\n  CB --&gt; DeployTargets[Deploy: ECS\/EKS\/Lambda\/CloudFormation]\n\n  CC --&gt;|Encrypt at rest| KMS\n  CC --&gt; CT --&gt; Logs\n  CP --&gt; CT\n  CB --&gt; CT\n  L --&gt; Logs\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Before starting the hands-on lab, ensure the following.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">AWS account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An AWS account with access to <strong>AWS CodeCommit<\/strong> in at least one region.<\/li>\n<li>If your organization uses AWS Organizations and SCPs, ensure policies allow required actions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM<\/h3>\n\n\n\n<p>Minimum permissions vary by what you do:\n&#8211; For basic repository operations:\n  &#8211; Create repository (optional for the lab if repo already exists)\n  &#8211; Git pull\/push permissions for that repo\n&#8211; For the full lab (repo + EventBridge + SNS):\n  &#8211; <code>codecommit:*<\/code> (or a least-privilege subset)\n  &#8211; <code>events:*<\/code> for rule creation\n  &#8211; <code>sns:*<\/code> for topic\/subscription creation\n  &#8211; <code>iam:PassRole<\/code> only if creating roles for automation (we avoid this where possible)<\/p>\n\n\n\n<p>Best practice: use a dedicated role for administration and separate roles for developer access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CodeCommit and related services are billed usage-based (see pricing section).<\/li>\n<li>The lab is designed to be low cost, but <strong>SNS emails, EventBridge rules, and storage can still incur small charges<\/strong> depending on your account and region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools needed<\/h3>\n\n\n\n<p>Choose one path:<\/p>\n\n\n\n<p><strong>Option A (recommended for simplest auth): AWS CloudShell<\/strong>\n&#8211; CloudShell has AWS CLI preconfigured with your console credentials.\n&#8211; It is a convenient way to configure Git + AWS credential helper without creating long-lived IAM users.<\/p>\n\n\n\n<p><strong>Option B: Local machine<\/strong>\n&#8211; Git installed\n&#8211; AWS CLI installed and configured (<code>aws configure<\/code> or SSO-based config)\n&#8211; Network access to CodeCommit endpoints<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CodeCommit is regional. Pick a single region for the lab (example: <code>us-east-1<\/code>).<\/li>\n<li>Verify service availability in your target region in the AWS Regional Services List:<\/li>\n<li>https:\/\/aws.amazon.com\/about-aws\/global-infrastructure\/regional-product-services\/<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas \/ limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CodeCommit enforces quotas (e.g., number of repositories, repository size, request rates).<\/li>\n<li><strong>Check current quotas in AWS Service Quotas and CodeCommit documentation<\/strong>:<\/li>\n<li>https:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/limits.html (verify current URL\/content)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (optional)<\/h3>\n\n\n\n<p>For event notifications in the lab:\n&#8211; Amazon EventBridge\n&#8211; Amazon SNS<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>AWS CodeCommit pricing can vary over time and by region. Do not rely on blog posts for exact numbers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing sources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CodeCommit pricing page: https:\/\/aws.amazon.com\/codecommit\/pricing\/<\/li>\n<li>AWS Pricing Calculator: https:\/\/calculator.aws\/#\/<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical model\u2014verify current details)<\/h3>\n\n\n\n<p>AWS CodeCommit has historically been priced using some combination of:\n&#8211; <strong>Active users per month<\/strong> (user-based billing)\n&#8211; <strong>Storage<\/strong> for repositories\n&#8211; <strong>Requests<\/strong> (Git\/API activity), depending on the model in effect<\/p>\n\n\n\n<p>Because pricing models can change, <strong>confirm the current dimensions and rates on the official pricing page<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<p>AWS services sometimes provide a free tier (for example, limited users\/storage per month). <strong>Verify the current AWS CodeCommit free tier on the pricing page<\/strong>:\n&#8211; https:\/\/aws.amazon.com\/codecommit\/pricing\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Number of active users (especially in large orgs)<\/li>\n<li>Total repository storage (large histories and binary files can grow quickly)<\/li>\n<li>Automation volume (pipelines\/builds triggered by pushes)<\/li>\n<li>Data transfer (especially if developers or runners are outside the AWS region)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<p>Even if CodeCommit itself is inexpensive, surrounding ecosystem costs can dominate:\n&#8211; <strong>CI builds<\/strong> (AWS CodeBuild minutes)\n&#8211; <strong>Pipeline executions<\/strong> (AWS CodePipeline)\n&#8211; <strong>Artifact storage<\/strong> (Amazon S3, AWS CodeArtifact)\n&#8211; <strong>Notifications<\/strong> (SNS deliveries)\n&#8211; <strong>Logging and audit retention<\/strong> (CloudTrail + S3\/CloudWatch)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Git operations transfer data between developer environments and AWS endpoints.<\/li>\n<li>If developers are remote and frequently clone large repos, network egress and performance can be a consideration.<\/li>\n<li>If build runners are outside AWS (e.g., self-hosted), repeated checkouts can increase transfer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer fewer, well-structured repos over uncontrolled sprawl.<\/li>\n<li>Keep large binaries out of Git where possible; store in S3 and reference via build scripts.<\/li>\n<li>Use shallow clones in CI where appropriate (if your build tooling supports it).<\/li>\n<li>Control pipeline triggers (don\u2019t run expensive pipelines on every branch push unless needed).<\/li>\n<li>Archive or delete obsolete repositories (after validating retention requirements).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (conceptual)<\/h3>\n\n\n\n<p>A small team with:\n&#8211; a handful of active users\n&#8211; small repositories (source code + IaC)\n&#8211; modest CI usage\noften incurs low monthly costs for CodeCommit itself, with most spend coming from builds and deployments.<\/p>\n\n\n\n<p>Because exact pricing is variable, build your estimate in the AWS Pricing Calculator and validate assumptions:\n&#8211; number of active users\n&#8211; expected repository growth (GB\/month)\n&#8211; expected pipeline runs\/day and build minutes\/run<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For an enterprise:\n&#8211; hundreds\/thousands of developers (active-user costs can become significant)\n&#8211; many repos with long history (storage growth)\n&#8211; CI\/CD at scale (build minutes and pipeline runs dominate)<\/p>\n\n\n\n<p>In large-scale environments, evaluate:\n&#8211; consolidation strategies (monorepo vs multirepo tradeoffs)\n&#8211; caching and artifact reuse to reduce build costs\n&#8211; retention policies and repository lifecycle management\n&#8211; whether an enterprise Git platform (GitHub Enterprise \/ GitLab) yields better overall developer productivity per dollar<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Create an AWS CodeCommit repository, clone it using Git from AWS CloudShell with IAM-based authentication, push code, create a feature branch, open a pull request, and configure an EventBridge \u2192 SNS notification for repository changes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Choose a region and create a CodeCommit repository.\n2. Configure Git to authenticate to CodeCommit using the AWS CLI credential helper.\n3. Clone the repository, commit code, and push to <code>main<\/code>.\n4. Create a branch, push changes, and open\/merge a pull request.\n5. Create an SNS topic and an EventBridge rule to notify on repository events.\n6. Validate behavior and clean up resources.<\/p>\n\n\n\n<p><strong>Estimated time:<\/strong> 45\u201375 minutes<br\/>\n<strong>Cost:<\/strong> Low, but depends on account pricing model, storage, SNS deliveries, and any additional services you enable.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Choose a region and open AWS CloudShell<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to the AWS Management Console.<\/li>\n<li>Select a region (example: <strong>us-east-1<\/strong>).<\/li>\n<li>Open <strong>AWS CloudShell<\/strong> (top navigation bar).<\/li>\n<\/ol>\n\n\n\n<p>In CloudShell, set environment variables:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export AWS_REGION=\"us-east-1\"\naws configure get region || true\n<\/code><\/pre>\n\n\n\n<p>If the CLI region is not set, you can set it for this session:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export AWS_DEFAULT_REGION=\"$AWS_REGION\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have a shell with AWS CLI credentials associated with your console identity.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create an AWS CodeCommit repository<\/h3>\n\n\n\n<p>Pick a repository name (must be unique within the account+region). Example:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export REPO_NAME=\"cc-lab-repo\"\n<\/code><\/pre>\n\n\n\n<p>Create the repository:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws codecommit create-repository \\\n  --repository-name \"$REPO_NAME\" \\\n  --repository-description \"AWS CodeCommit hands-on lab repository\"\n<\/code><\/pre>\n\n\n\n<p>Get the clone URLs:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws codecommit get-repository --repository-name \"$REPO_NAME\" \\\n  --query 'repositoryMetadata.cloneUrlHttp' --output text\n\naws codecommit get-repository --repository-name \"$REPO_NAME\" \\\n  --query 'repositoryMetadata.cloneUrlSsh' --output text\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> A new CodeCommit repository exists, and you can see HTTPS and SSH clone URLs.<\/p>\n\n\n\n<p><strong>Verification (Console):<\/strong>\n&#8211; Go to <strong>CodeCommit<\/strong> \u2192 <strong>Repositories<\/strong> \u2192 select <code>cc-lab-repo<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Configure Git to authenticate to CodeCommit (HTTPS + credential helper)<\/h3>\n\n\n\n<p>This approach avoids creating long-lived IAM users and \u201cGit credentials.\u201d Git will call AWS CLI to sign requests using your current AWS credentials.<\/p>\n\n\n\n<p>Run:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git --version\naws --version\n<\/code><\/pre>\n\n\n\n<p>Configure Git globally for CodeCommit credential helper:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git config --global credential.helper '!aws codecommit credential-helper $@'\ngit config --global credential.UseHttpPath true\n<\/code><\/pre>\n\n\n\n<p>Now clone using the HTTPS URL.<\/p>\n\n\n\n<p>Fetch HTTPS clone URL (again) and clone:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export CLONE_URL_HTTP=\"$(aws codecommit get-repository \\\n  --repository-name \"$REPO_NAME\" \\\n  --query 'repositoryMetadata.cloneUrlHttp' --output text)\"\n\ngit clone \"$CLONE_URL_HTTP\"\ncd \"$REPO_NAME\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The repository clones successfully (it will be empty initially).<\/p>\n\n\n\n<p><strong>If it fails:<\/strong> See Troubleshooting section for IAM permissions and region mismatches.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Add code, commit, and push to the default branch<\/h3>\n\n\n\n<p>Create a simple project structure:<\/p>\n\n\n\n<pre><code class=\"language-bash\">cat &gt; README.md &lt;&lt;'EOF'\n# AWS CodeCommit Lab\n\nThis repository demonstrates basic Git operations with AWS CodeCommit:\n- clone\n- commit\n- push\n- branches\n- pull requests\n- notifications (EventBridge + SNS)\nEOF\n\nmkdir -p app\ncat &gt; app\/hello.sh &lt;&lt;'EOF'\n#!\/usr\/bin\/env bash\necho \"Hello from AWS CodeCommit\"\nEOF\n\nchmod +x app\/hello.sh\n<\/code><\/pre>\n\n\n\n<p>Commit and push:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git status\ngit add .\ngit commit -m \"Initial commit: add README and hello script\"\ngit push\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The push succeeds and the <code>main<\/code> (or default) branch now contains your commit.<\/p>\n\n\n\n<p><strong>Verification (Console):<\/strong>\n&#8211; Open the repository \u2192 browse files \u2192 confirm <code>README.md<\/code> and <code>app\/hello.sh<\/code> exist.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create a feature branch and push changes<\/h3>\n\n\n\n<p>Create a branch:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git checkout -b feature\/add-usage\n<\/code><\/pre>\n\n\n\n<p>Update README:<\/p>\n\n\n\n<pre><code class=\"language-bash\">cat &gt;&gt; README.md &lt;&lt;'EOF'\n\n## Usage\n\nRun:\n\n```bash\n.\/app\/hello.sh\n<\/code><\/pre>\n\n\n\n<p>EOF<\/p>\n\n\n\n<pre><code>\nCommit and push the branch:\n\n```bash\ngit add README.md\ngit commit -m \"Docs: add usage section\"\ngit push -u origin feature\/add-usage\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The new branch appears in CodeCommit.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Create and merge a pull request in AWS CodeCommit<\/h3>\n\n\n\n<p>In the AWS Console:\n1. Go to <strong>CodeCommit<\/strong> \u2192 your repository.\n2. Go to <strong>Pull requests<\/strong> \u2192 <strong>Create pull request<\/strong>.\n3. Source: <code>feature\/add-usage<\/code>\n4. Destination: <code>main<\/code> (or your default branch)\n5. Create the pull request, review the diff, then <strong>Merge<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> The changes are merged into <code>main<\/code>.<\/p>\n\n\n\n<p><strong>Verification (CloudShell):<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">git checkout main\ngit pull\ncat README.md | sed -n '1,120p'\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Create an SNS topic for notifications<\/h3>\n\n\n\n<p>Create a topic:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export TOPIC_NAME=\"cc-lab-topic\"\nexport TOPIC_ARN=\"$(aws sns create-topic --name \"$TOPIC_NAME\" --query TopicArn --output text)\"\necho \"$TOPIC_ARN\"\n<\/code><\/pre>\n\n\n\n<p>(Optional) Subscribe your email (requires confirmation in your inbox):<\/p>\n\n\n\n<pre><code class=\"language-bash\">export NOTIFY_EMAIL=\"you@example.com\"\naws sns subscribe \\\n  --topic-arn \"$TOPIC_ARN\" \\\n  --protocol email \\\n  --notification-endpoint \"$NOTIFY_EMAIL\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> SNS topic exists. If you subscribed email, you must confirm the subscription from your inbox for delivery to work.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Create an EventBridge rule for CodeCommit repository events<\/h3>\n\n\n\n<p>CodeCommit can emit events to EventBridge. Event patterns can vary; use AWS documentation for the latest event schema. The following is a commonly used pattern for repository state changes, but you should <strong>verify<\/strong> the exact fields for your region\/account using EventBridge \u201cTest pattern\u201d and CloudTrail\/EventBridge samples.<\/p>\n\n\n\n<p>Create a rule:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export RULE_NAME=\"cc-lab-codecommit-events\"\n\naws events put-rule \\\n  --name \"$RULE_NAME\" \\\n  --event-pattern \"{\n    \\\"source\\\": [\\\"aws.codecommit\\\"],\n    \\\"detail-type\\\": [\\\"CodeCommit Repository State Change\\\"],\n    \\\"resources\\\": [\\\"arn:aws:codecommit:$AWS_REGION:$(aws sts get-caller-identity --query Account --output text):$REPO_NAME\\\"]\n  }\"\n<\/code><\/pre>\n\n\n\n<p>Add SNS as a target:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws events put-targets \\\n  --rule \"$RULE_NAME\" \\\n  --targets \"[\n    {\n      \\\"Id\\\": \\\"SendToSNS\\\",\n      \\\"Arn\\\": \\\"$TOPIC_ARN\\\"\n    }\n  ]\"\n<\/code><\/pre>\n\n\n\n<p>Allow EventBridge to publish to SNS by adding an SNS topic policy. This is required for many EventBridge\u2192SNS setups.<\/p>\n\n\n\n<p>Create a minimal topic policy:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export ACCOUNT_ID=\"$(aws sts get-caller-identity --query Account --output text)\"\nexport RULE_ARN=\"arn:aws:events:$AWS_REGION:$ACCOUNT_ID:rule\/$RULE_NAME\"\n\ncat &gt; sns-topic-policy.json &lt;&lt;EOF\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"AllowEventBridgePublish\",\n      \"Effect\": \"Allow\",\n      \"Principal\": { \"Service\": \"events.amazonaws.com\" },\n      \"Action\": \"sns:Publish\",\n      \"Resource\": \"$TOPIC_ARN\",\n      \"Condition\": {\n        \"ArnEquals\": { \"aws:SourceArn\": \"$RULE_ARN\" }\n      }\n    }\n  ]\n}\nEOF\n\naws sns set-topic-attributes \\\n  --topic-arn \"$TOPIC_ARN\" \\\n  --attribute-name Policy \\\n  --attribute-value file:\/\/sns-topic-policy.json\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> EventBridge rule targets SNS, and SNS policy allows EventBridge to publish.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9: Trigger an event and confirm notification<\/h3>\n\n\n\n<p>Make a change and push to <code>main<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-bash\">echo \"$(date -u) change\" &gt;&gt; change-log.txt\ngit add change-log.txt\ngit commit -m \"Chore: update change log\"\ngit push\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> EventBridge captures a repository state change event and publishes to SNS. If your email subscription is confirmed, you should receive a message.<\/p>\n\n\n\n<p><strong>Validation (Console):<\/strong>\n&#8211; EventBridge \u2192 Rules \u2192 <code>cc-lab-codecommit-events<\/code> \u2192 check \u201cMatched events\u201d metrics (if available).\n&#8211; SNS \u2192 Topic \u2192 monitor deliveries (where available).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:\n&#8211; [ ] Repository exists and contains commits on <code>main<\/code>\n&#8211; [ ] Feature branch exists and PR was merged\n&#8211; [ ] CloudShell Git operations succeed without prompting for passwords\n&#8211; [ ] EventBridge rule exists and points to SNS topic\n&#8211; [ ] Pushing a new commit results in an SNS notification (if subscription confirmed)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common issues and fixes:<\/p>\n\n\n\n<p><strong>1) <code>fatal: unable to access ... The requested URL returned error: 403<\/code><\/strong>\n&#8211; Cause: your IAM identity lacks CodeCommit permissions.\n&#8211; Fix: attach least-privilege permissions (example actions to verify in docs):\n  &#8211; <code>codecommit:GitPull<\/code>\n  &#8211; <code>codecommit:GitPush<\/code>\n  &#8211; <code>codecommit:GetRepository<\/code>\n&#8211; Also ensure you\u2019re in the correct region for the repository.<\/p>\n\n\n\n<p><strong>2) <code>Repository does not exist<\/code> during clone<\/strong>\n&#8211; Cause: wrong region endpoint or wrong repo name.\n&#8211; Fix: confirm <code>AWS_REGION<\/code> and re-fetch the clone URL using <code>get-repository<\/code>.<\/p>\n\n\n\n<p><strong>3) EventBridge rule matches zero events<\/strong>\n&#8211; Cause: event pattern mismatch (detail-type\/name varies).\n&#8211; Fix:\n  &#8211; In EventBridge console, use \u201cTest event pattern\u201d.\n  &#8211; Review AWS documentation for CodeCommit events.\n  &#8211; Temporarily remove <code>resources<\/code> filter to confirm events are flowing, then tighten.<\/p>\n\n\n\n<p><strong>4) SNS email not arriving<\/strong>\n&#8211; Cause: subscription not confirmed.\n&#8211; Fix: confirm subscription link in email. Check spam filters.\n&#8211; Cause: SNS policy missing.\n&#8211; Fix: ensure topic policy allows <code>events.amazonaws.com<\/code> to <code>sns:Publish<\/code> with correct SourceArn.<\/p>\n\n\n\n<p><strong>5) Git credential helper not used<\/strong>\n&#8211; Cause: missing Git config.\n&#8211; Fix:\n  <code>bash\n  git config --global --get credential.helper\n  git config --global --get credential.UseHttpPath<\/code>\n  Reapply configs from Step 3.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>Delete resources to avoid ongoing costs and reduce clutter.<\/p>\n\n\n\n<p>1) Remove EventBridge targets and rule:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws events remove-targets --rule \"$RULE_NAME\" --ids \"SendToSNS\" || true\naws events delete-rule --name \"$RULE_NAME\" || true\n<\/code><\/pre>\n\n\n\n<p>2) Delete SNS topic (this also deletes subscriptions):<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws sns delete-topic --topic-arn \"$TOPIC_ARN\" || true\n<\/code><\/pre>\n\n\n\n<p>3) Delete the CodeCommit repository:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws codecommit delete-repository --repository-name \"$REPO_NAME\" || true\n<\/code><\/pre>\n\n\n\n<p>4) Remove local clone (CloudShell storage):<\/p>\n\n\n\n<pre><code class=\"language-bash\">cd ..\nrm -rf \"$REPO_NAME\" || true\nrm -f sns-topic-policy.json || true\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep a clear separation between:<\/li>\n<li>source control (CodeCommit)<\/li>\n<li>build\/test (CodeBuild)<\/li>\n<li>deployment (CodeDeploy\/ECS\/EKS\/CloudFormation)<\/li>\n<li>Design for least privilege and separation of duties:<\/li>\n<li>developers push code<\/li>\n<li>CI roles build\/test<\/li>\n<li>deploy roles promote to production<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>federated identities<\/strong> (IAM Identity Center \/ SSO) + short-lived role sessions over long-lived IAM users.<\/li>\n<li>Use least-privilege policies:<\/li>\n<li>separate read-only (GitPull) from write (GitPush)<\/li>\n<li>scope access to specific repositories where possible<\/li>\n<li>Use IAM policy conditions where appropriate (verify which condition keys apply):<\/li>\n<li>require MFA for sensitive actions (management APIs)<\/li>\n<li>restrict source IP ranges for Git access (if feasible)<\/li>\n<li>Use separate roles for automation (CI) with narrowly scoped permissions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid storing large generated artifacts in Git; use S3\/CodeArtifact.<\/li>\n<li>Control CI triggers to prevent excessive builds.<\/li>\n<li>Periodically review dormant repositories and prune\/archival per policy.<\/li>\n<li>Use repository naming conventions to reduce duplication and confusion.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep repositories reasonably sized; aggressively manage large binaries.<\/li>\n<li>In CI, use efficient checkout strategies and caching (build system dependent).<\/li>\n<li>Use regional proximity:<\/li>\n<li>host repos in the same region as CI runners to reduce latency and transfer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat repositories as critical assets:<\/li>\n<li>establish backup\/retention practices (verify best approach in official guidance; Git mirroring to another repo is a common approach)<\/li>\n<li>Implement PR + review gates to reduce risk of breaking changes.<\/li>\n<li>Avoid direct pushes to protected branches (enforce via process and approval rules where supported).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Centralize audit logs (CloudTrail) with retention and alerting.<\/li>\n<li>Use EventBridge for operational automation and notifications.<\/li>\n<li>Create runbooks for:<\/li>\n<li>access requests<\/li>\n<li>key rotation (if using SSH keys)<\/li>\n<li>incident response (identify who pushed what and when)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use consistent repository naming:<\/li>\n<li><code>&lt;org&gt;-&lt;team&gt;-&lt;app&gt;<\/code> or <code>&lt;product&gt;-&lt;service&gt;<\/code><\/li>\n<li>Tag repositories (where supported) for:<\/li>\n<li>cost center<\/li>\n<li>owner<\/li>\n<li>data classification<\/li>\n<li>environment (prod\/non-prod)<\/li>\n<li>Maintain an internal catalog of repositories and owners.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CodeCommit relies primarily on IAM.<\/li>\n<li>Recommended approach:<\/li>\n<li>Federate workforce users and assume roles<\/li>\n<li>Avoid long-lived IAM user credentials when possible<\/li>\n<li>Ensure roles used for CI\/CD have only the minimum required repo permissions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In transit:<\/strong> TLS for HTTPS Git operations and AWS API calls.<\/li>\n<li><strong>At rest:<\/strong> AWS-managed encryption; in some configurations\/services you can select customer-managed KMS keys\u2014<strong>verify current CodeCommit support and setup<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Git access is typically over the public AWS service endpoints.<\/li>\n<li>Apply layered controls:<\/li>\n<li>corporate egress filtering\/proxy<\/li>\n<li>IAM conditions (source IP, session tags) where applicable<\/li>\n<li>strict identity governance with MFA and short-lived sessions<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never store secrets in repositories.<\/li>\n<li>Use:<\/li>\n<li>AWS Secrets Manager<\/li>\n<li>SSM Parameter Store<\/li>\n<li>CI\/CD secret injection<\/li>\n<li>Add pre-commit hooks and secret scanning (external tooling) to reduce accidental commits.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable CloudTrail across accounts; ship to a central log archive.<\/li>\n<li>Alert on sensitive actions:<\/li>\n<li>repository policy changes<\/li>\n<li>permission changes<\/li>\n<li>unusual push patterns (after-hours pushes to protected branches)<\/li>\n<li>Use EventBridge to route important events to a SIEM or security automation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Maintain evidence:<\/li>\n<li>PR approvals (where applicable)<\/li>\n<li>logs of access and changes (CloudTrail)<\/li>\n<li>repository retention policy<\/li>\n<li>For regulated environments, document:<\/li>\n<li>identity lifecycle<\/li>\n<li>joiner\/mover\/leaver processes<\/li>\n<li>code review requirements<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using shared IAM users for Git operations.<\/li>\n<li>Broad permissions like <code>codecommit:*<\/code> for all developers across all repos.<\/li>\n<li>Allowing direct pushes to <code>main<\/code> without review.<\/li>\n<li>Storing secrets or production credentials in Git.<\/li>\n<li>Not retaining CloudTrail logs long enough for investigations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement least-privilege repo access and separate admin from developer roles.<\/li>\n<li>Prefer PR-based changes with approval rules.<\/li>\n<li>Use automated checks on PRs (linting, tests, policy scanning).<\/li>\n<li>Centralize audit and alerting.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>The following are common constraints and \u201csurprises\u201d teams encounter. <strong>Confirm current limits in official docs<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations \/ quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Repository size and request-rate limits exist.<\/li>\n<li>Limits on number of repositories and approval rule templates may exist.<\/li>\n<li>Some features vary by region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Repositories are regional; latency matters for global teams.<\/li>\n<li>Cross-region replication is not a default Git hosting feature; if you need multi-region strategy, plan accordingly (e.g., mirroring workflows).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User-based billing (if in effect) can grow quickly with many occasional contributors.<\/li>\n<li>CI\/CD costs can dwarf repo hosting costs.<\/li>\n<li>Large repos increase storage costs and slow cloning in CI.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some Git workflows require additional configuration:<\/li>\n<li>credential helpers<\/li>\n<li>proxies\/SSL inspection in corporate environments<\/li>\n<li>Tooling ecosystems (apps, bots) are generally richer in GitHub\/GitLab; you may need to build custom integrations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Misconfigured IAM can cause confusing 403 errors during Git operations.<\/li>\n<li>EventBridge patterns must match exact event schemas; small typos lead to silent failures.<\/li>\n<li>Email-based SNS requires subscription confirmation and may be blocked by filters.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Migrating Git data is straightforward, but migrating:<\/li>\n<li>PR history<\/li>\n<li>comments<\/li>\n<li>review metadata\nmay not be. Plan for what you must preserve and consider exporting data if needed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication is IAM-centric; this is a strength in AWS-centric orgs but can be friction for external collaborators.<\/li>\n<li>Service onboarding\/availability may change; verify current service posture for new projects.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>AWS CodeCommit is one option among many for Git hosting.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>AWS CodeCommit<\/strong><\/td>\n<td>AWS-centric teams wanting managed private Git<\/td>\n<td>IAM integration, CloudTrail audit, AWS-native CI\/CD integration, managed ops<\/td>\n<td>Smaller ecosystem than GitHub\/GitLab; regional model; service availability\/onboarding may vary<\/td>\n<td>You want Git repos inside AWS accounts with centralized IAM governance<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS CodeCatalyst (source repos)<\/strong><\/td>\n<td>Teams adopting AWS\u2019s newer integrated DevOps experience<\/td>\n<td>Integrated project experience (repos, issues, pipelines conceptually), modern UX<\/td>\n<td>Different model than CodeCommit; may not fit strict account boundary needs for all orgs; verify enterprise controls<\/td>\n<td>New greenfield teams wanting an integrated DevOps toolchain in AWS (verify fit)<\/td>\n<\/tr>\n<tr>\n<td><strong>GitHub (Enterprise\/Cloud)<\/strong><\/td>\n<td>Broad developer ecosystem and integrations<\/td>\n<td>Best-in-class collaboration ecosystem, Actions, apps, code scanning options<\/td>\n<td>External SaaS (unless GHES); different identity\/governance model; cost<\/td>\n<td>You need marketplace integrations, OSS collaboration, advanced PR workflows<\/td>\n<\/tr>\n<tr>\n<td><strong>GitLab (SaaS\/self-managed)<\/strong><\/td>\n<td>End-to-end DevSecOps platform<\/td>\n<td>Strong CI\/CD, built-in registry and security scanning (tier dependent)<\/td>\n<td>Operating self-managed is heavy; SaaS is external; licensing cost<\/td>\n<td>You want a single platform for source + CI\/CD + security<\/td>\n<\/tr>\n<tr>\n<td><strong>Bitbucket (Cloud\/Data Center)<\/strong><\/td>\n<td>Teams invested in Atlassian ecosystem<\/td>\n<td>Jira\/Confluence integration<\/td>\n<td>CI\/CD ecosystem differs; Data Center ops overhead<\/td>\n<td>You\u2019re standardized on Atlassian tooling<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Repos<\/strong><\/td>\n<td>Microsoft\/Azure-centric orgs<\/td>\n<td>Great integration with Azure DevOps pipelines<\/td>\n<td>Best when you\u2019re all-in on Azure DevOps<\/td>\n<td>You run most workloads and dev tooling in Azure<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed Git (Gitea\/GitLab on EC2\/EKS)<\/strong><\/td>\n<td>Maximum control, custom needs<\/td>\n<td>Full control over networking, plugins, data residency<\/td>\n<td>You manage scaling, patching, backups, HA\/DR<\/td>\n<td>You require deep customization or strict isolation not served by managed\/SaaS options<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated financial services CI\/CD in AWS<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A regulated enterprise must keep code private, enforce least privilege, and provide strong audit trails. They also need CI\/CD pipelines tightly integrated with AWS runtime environments.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>AWS CodeCommit repositories in a shared-services AWS account (regional).<\/li>\n<li>IAM Identity Center federation for workforce access; developers assume roles.<\/li>\n<li>EventBridge rules send key repository events to SNS and a SIEM ingestion Lambda.<\/li>\n<li>CodePipeline pulls from CodeCommit, triggers CodeBuild, and deploys to ECS\/EKS via IaC.<\/li>\n<li>CloudTrail logs centralized to a security log archive account.<\/li>\n<li><strong>Why AWS CodeCommit was chosen:<\/strong><\/li>\n<li>IAM-native access control and centralized auditing with CloudTrail.<\/li>\n<li>Reduced operational burden compared to self-hosted Git.<\/li>\n<li>Alignment with AWS Developer tools stack and security governance.<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Faster onboarding for new teams (standard repo + pipeline patterns).<\/li>\n<li>Improved compliance evidence (who changed what, when).<\/li>\n<li>Fewer operational incidents related to Git hosting.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: minimal-ops private repos + simple pipeline<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small team wants private Git hosting without maintaining servers, and a simple path to CI\/CD.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>AWS CodeCommit for a few repositories.<\/li>\n<li>CodeBuild runs tests on pushes to <code>main<\/code>.<\/li>\n<li>SNS notifications for pushes\/PR merges.<\/li>\n<li><strong>Why AWS CodeCommit was chosen:<\/strong><\/li>\n<li>Low operational overhead and quick setup.<\/li>\n<li>Keeps everything in AWS where the app already runs.<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Simple, predictable workflow: push \u2192 build\/test \u2192 deploy.<\/li>\n<li>No separate SaaS procurement needed early on.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is AWS CodeCommit a Git service or something proprietary?<\/strong><br\/>\nIt hosts standard <strong>Git repositories<\/strong>. You use regular Git commands and clients.<\/p>\n\n\n\n<p>2) <strong>Is AWS CodeCommit regional or global?<\/strong><br\/>\nRepositories are <strong>regional<\/strong> resources. You choose a region when creating a repo.<\/p>\n\n\n\n<p>3) <strong>Can I use SSH to connect to AWS CodeCommit?<\/strong><br\/>\nOften yes, using IAM-associated SSH keys, but implementation details can change. <strong>Verify current SSH setup in official docs<\/strong>.<\/p>\n\n\n\n<p>4) <strong>What\u2019s the easiest way to authenticate without creating IAM users?<\/strong><br\/>\nUse the <strong>AWS CLI Git credential helper<\/strong> with HTTPS, especially from AWS CloudShell or federated role sessions.<\/p>\n\n\n\n<p>5) <strong>Does AWS CodeCommit support pull requests and reviews?<\/strong><br\/>\nYes, AWS CodeCommit supports pull requests. Feature depth may be simpler than GitHub\/GitLab, so validate against your needs.<\/p>\n\n\n\n<p>6) <strong>Can I enforce approvals before merging?<\/strong><br\/>\nApproval rules\/templates are commonly available. Confirm the current enforcement model and configuration in the CodeCommit user guide.<\/p>\n\n\n\n<p>7) <strong>Does AWS CodeCommit include an issue tracker or wiki?<\/strong><br\/>\nAWS CodeCommit focuses on source control and PRs. For issues\/wikis, teams typically use other tools (Jira, GitHub Issues, etc.).<\/p>\n\n\n\n<p>8) <strong>How do I trigger CI\/CD when code changes?<\/strong><br\/>\nCommonly via AWS CodePipeline (source stage) or EventBridge rules that react to CodeCommit events.<\/p>\n\n\n\n<p>9) <strong>How do I get audit logs for repository access and changes?<\/strong><br\/>\nUse <strong>AWS CloudTrail<\/strong> for API activity and Git history for code changes. Understand which actions are logged and keep logs long enough.<\/p>\n\n\n\n<p>10) <strong>Can external contractors access my CodeCommit repositories?<\/strong><br\/>\nYes, but it\u2019s IAM-driven. You typically onboard them via federation\/roles and apply least privilege. For broad external collaboration, SaaS Git platforms may be easier.<\/p>\n\n\n\n<p>11) <strong>Can I mirror a repository from GitHub\/GitLab to CodeCommit?<\/strong><br\/>\nYes, Git supports mirroring via push\/pull. Migrating PR metadata is more complex and may not transfer.<\/p>\n\n\n\n<p>12) <strong>What are common causes of 403 errors when pushing?<\/strong><br\/>\nMissing IAM permissions, wrong region endpoint, or incorrect credential helper configuration are the most common.<\/p>\n\n\n\n<p>13) <strong>How should I store large build artifacts?<\/strong><br\/>\nUse artifact repositories (S3, CodeArtifact, container registries). Avoid committing generated binaries into Git.<\/p>\n\n\n\n<p>14) <strong>Can I use AWS CodeCommit with Terraform\/CDK\/CloudFormation repos?<\/strong><br\/>\nYes. IaC in CodeCommit is common, often with PR checks and pipelines.<\/p>\n\n\n\n<p>15) <strong>Is AWS CodeCommit suitable for open-source projects?<\/strong><br\/>\nIt is designed for private repos and AWS-centric workflows. For open-source community collaboration, GitHub is usually preferred.<\/p>\n\n\n\n<p>16) <strong>What should I consider if AWS CodeCommit onboarding\/availability changes?<\/strong><br\/>\nHave a contingency plan: use Git remote portability, and evaluate GitHub\/GitLab\/AWS CodeCatalyst. Always confirm current AWS service posture in official announcements.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn AWS CodeCommit<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>AWS CodeCommit User Guide: https:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/welcome.html<\/td>\n<td>Authoritative feature descriptions, setup steps, limits<\/td>\n<\/tr>\n<tr>\n<td>Official getting started<\/td>\n<td>Getting Started with AWS CodeCommit: https:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/getting-started.html<\/td>\n<td>Step-by-step onboarding and common workflows<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>AWS CodeCommit Pricing: https:\/\/aws.amazon.com\/codecommit\/pricing\/<\/td>\n<td>Current pricing model and billing dimensions<\/td>\n<\/tr>\n<tr>\n<td>Pricing calculator<\/td>\n<td>AWS Pricing Calculator: https:\/\/calculator.aws\/#\/<\/td>\n<td>Build estimates for users\/storage\/related services<\/td>\n<\/tr>\n<tr>\n<td>CLI documentation<\/td>\n<td>AWS CLI Command Reference (CodeCommit): https:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/codecommit\/<\/td>\n<td>Exact CLI commands for automation and scripting<\/td>\n<\/tr>\n<tr>\n<td>Git credential helper<\/td>\n<td>CodeCommit credential helper (docs entry point): https:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/setting-up-https-unixes.html (verify)<\/td>\n<td>Recommended way to use HTTPS with short-lived credentials<\/td>\n<\/tr>\n<tr>\n<td>Events<\/td>\n<td>Amazon EventBridge documentation: https:\/\/docs.aws.amazon.com\/eventbridge\/latest\/userguide\/what-is-amazon-eventbridge.html<\/td>\n<td>Build event-driven automations from repository activity<\/td>\n<\/tr>\n<tr>\n<td>Audit logging<\/td>\n<td>AWS CloudTrail documentation: https:\/\/docs.aws.amazon.com\/awscloudtrail\/latest\/userguide\/cloudtrail-user-guide.html<\/td>\n<td>How to capture and retain audit logs<\/td>\n<\/tr>\n<tr>\n<td>CI\/CD integration<\/td>\n<td>AWS CodePipeline documentation: https:\/\/docs.aws.amazon.com\/codepipeline\/latest\/userguide\/welcome.html<\/td>\n<td>Connect CodeCommit to deployment pipelines<\/td>\n<\/tr>\n<tr>\n<td>Build integration<\/td>\n<td>AWS CodeBuild documentation: https:\/\/docs.aws.amazon.com\/codebuild\/latest\/userguide\/welcome.html<\/td>\n<td>Build\/test automation for CodeCommit repos<\/td>\n<\/tr>\n<tr>\n<td>Video learning<\/td>\n<td>AWS Developer Tools videos (AWS YouTube): https:\/\/www.youtube.com\/@amazonwebservices<\/td>\n<td>Practical demos and service updates (search for CodeCommit\/CodePipeline)<\/td>\n<\/tr>\n<tr>\n<td>Community (reputable)<\/td>\n<td>AWS re:Post: https:\/\/repost.aws\/<\/td>\n<td>Troubleshooting and patterns from AWS community with moderation<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>Beginners to DevOps engineers<\/td>\n<td>AWS DevOps tooling, CI\/CD, Git workflows, automation<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Developers, build\/release engineers<\/td>\n<td>Source control and SCM practices, Git workflows<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud ops, SRE, platform teams<\/td>\n<td>Cloud operations and DevOps practices in AWS<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, operations engineers<\/td>\n<td>Reliability, incident response, automation fundamentals<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams exploring AIOps<\/td>\n<td>Automation, monitoring, AIOps fundamentals<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/Cloud training content (verify offerings)<\/td>\n<td>Students, engineers looking for guided learning<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and coaching (verify offerings)<\/td>\n<td>Beginners to working professionals<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>DevOps consulting\/training resources (verify offerings)<\/td>\n<td>Teams needing practical implementation help<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources (verify offerings)<\/td>\n<td>Ops\/DevOps teams<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify exact practice)<\/td>\n<td>Architecture, CI\/CD implementation, operational readiness<\/td>\n<td>CodeCommit + CodePipeline rollout; IAM governance; migration planning<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and enablement (verify exact practice)<\/td>\n<td>Training + implementation support<\/td>\n<td>Standing up AWS Developer tools CI\/CD; best-practice workshops<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify exact practice)<\/td>\n<td>DevOps process and tooling adoption<\/td>\n<td>Git workflow standardization; CI\/CD design; security reviews<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before AWS CodeCommit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Git fundamentals:<\/li>\n<li>commits, branches, merges, rebases<\/li>\n<li>pull requests and code review patterns<\/li>\n<li>AWS fundamentals:<\/li>\n<li>IAM users\/roles\/policies<\/li>\n<li>regions and service endpoints<\/li>\n<li>CloudTrail basics<\/li>\n<li>CLI basics:<\/li>\n<li>AWS CLI configuration, profiles, role assumption, SSO flows<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after AWS CodeCommit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD on AWS:<\/li>\n<li>AWS CodePipeline (pipelines, stages, artifacts)<\/li>\n<li>AWS CodeBuild (buildspec, caching, reports)<\/li>\n<li>Deployment strategies:<\/li>\n<li>blue\/green and canary patterns<\/li>\n<li>IaC (CloudFormation\/CDK\/Terraform)<\/li>\n<li>Security and governance:<\/li>\n<li>least privilege policy design<\/li>\n<li>centralized logging (CloudTrail Lake, S3 log archives)<\/li>\n<li>secrets management (Secrets Manager)<\/li>\n<li>Observability:<\/li>\n<li>CloudWatch metrics\/logs<\/li>\n<li>EventBridge-driven incident automation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DevOps Engineer<\/li>\n<li>Platform Engineer<\/li>\n<li>Site Reliability Engineer (SRE)<\/li>\n<li>Cloud Engineer<\/li>\n<li>Solutions Architect (implementation-focused)<\/li>\n<li>Security Engineer (DevSecOps and audit)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (AWS)<\/h3>\n\n\n\n<p>AWS certifications don\u2019t typically certify a single service; they validate broader capability:\n&#8211; AWS Certified Developer \u2013 Associate (developer tooling familiarity)\n&#8211; AWS Certified SysOps Administrator \u2013 Associate (operations)\n&#8211; AWS Certified DevOps Engineer \u2013 Professional (CI\/CD, governance)\n&#8211; AWS Certified Solutions Architect (Associate\/Professional)<\/p>\n\n\n\n<p>Always check current AWS certification outlines:\n&#8211; https:\/\/aws.amazon.com\/certification\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a complete pipeline:<\/li>\n<li>CodeCommit \u2192 CodeBuild tests \u2192 deploy to Lambda (SAM\/CDK) or ECS<\/li>\n<li>Implement branch protections using approval rules and CI checks.<\/li>\n<li>Create an EventBridge rule to:<\/li>\n<li>notify on merges to <code>main<\/code><\/li>\n<li>open an Ops ticket (via webhook) on certain changes<\/li>\n<li>Write a \u201crepo factory\u201d script:<\/li>\n<li>creates a repo<\/li>\n<li>applies tags<\/li>\n<li>creates baseline branches and files<\/li>\n<li>sets up notifications and pipeline templates<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS CodeCommit<\/strong>: AWS managed service for hosting private Git repositories.<\/li>\n<li><strong>Git<\/strong>: Distributed version control system used to track code changes.<\/li>\n<li><strong>Repository (repo)<\/strong>: A Git storage location containing commits, branches, and tags.<\/li>\n<li><strong>Commit<\/strong>: A snapshot of changes recorded in Git history.<\/li>\n<li><strong>Branch<\/strong>: A line of development in Git.<\/li>\n<li><strong>Merge<\/strong>: Combining changes from one branch into another.<\/li>\n<li><strong>Pull Request (PR)<\/strong>: A request to merge code changes, typically including review and discussion.<\/li>\n<li><strong>IAM (Identity and Access Management)<\/strong>: AWS service for identities (users\/roles) and permissions (policies).<\/li>\n<li><strong>Least privilege<\/strong>: Security principle of granting only the permissions needed.<\/li>\n<li><strong>AWS CloudTrail<\/strong>: Service that records AWS API calls for audit and security analysis.<\/li>\n<li><strong>Amazon EventBridge<\/strong>: Event bus service for routing events to targets (Lambda, SNS, etc.).<\/li>\n<li><strong>Amazon SNS<\/strong>: Pub\/sub messaging service often used for notifications.<\/li>\n<li><strong>AWS CodePipeline<\/strong>: CI\/CD orchestration service.<\/li>\n<li><strong>AWS CodeBuild<\/strong>: Managed build and test service.<\/li>\n<li><strong>KMS (Key Management Service)<\/strong>: Service for managing cryptographic keys used for encryption.<\/li>\n<li><strong>Federation<\/strong>: Connecting external identity providers to AWS for single sign-on and role-based access.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>AWS CodeCommit is AWS\u2019s managed <strong>private Git repository<\/strong> service in the <strong>Developer tools<\/strong> category. It helps teams store and manage source code with standard Git workflows while using <strong>IAM<\/strong> for access control and <strong>CloudTrail<\/strong> for auditing.<\/p>\n\n\n\n<p>It fits best when you want source control inside AWS, tight integration with AWS CI\/CD (CodePipeline\/CodeBuild), and governance aligned with AWS security practices. Cost is typically driven by the pricing model in effect (often user and storage related\u2014<strong>verify current pricing<\/strong>) plus indirect CI\/CD and logging costs. Security success depends on least-privilege IAM, PR-based workflows, and strong audit\/log retention.<\/p>\n\n\n\n<p>If you\u2019re starting a new platform decision, confirm AWS CodeCommit\u2019s current onboarding\/availability posture and compare it with AWS CodeCatalyst, GitHub, or GitLab based on collaboration needs and ecosystem expectations.<\/p>\n\n\n\n<p><strong>Next learning step:<\/strong> connect AWS CodeCommit to an AWS CodePipeline + CodeBuild workflow and implement PR checks and notifications using EventBridge.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Developer tools<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,18],"tags":[],"class_list":["post-198","post","type-post","status-publish","format-standard","hentry","category-aws","category-developer-tools"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=198"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/198\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}