Having built out many code pipelines with various tooling in the past I wanted to try this with only using ONLY AWS services as an experiment. The challenge is to not use any 3rd party applications like github/gitlab for source control or circleci/travisci/github actions for ci/cd.
Is it possible to use only AWS for the entire workflow?
Getting src-control setup
Step 1 is using CodeCommit. This is an AWS git service that ties a user's local ssh keys to an AWS IAM role. This is extremely useful when running an organization dealing with rights and access management for code repositories. In previous companies, we have always had devs use GitHub (or alike) for rights and access management on the repository management. This has always just been “the way you do it”, but it comes with overhead you never think about until there is a better way!!
As I said CodeCommit keeps all access and rights management within the IAM ecosystem and you no longer need to manage repository access with a 3rd party provider. Everything can be managed in 1 place!!!!
Getting started from the DevOps persona…
The first thing is to create a repo in CodeCommit https://us-west-2.console.aws.amazon.com/codesuite/codecommit/repository/create?region=us-west-2
or feel free to do it from the cli
aws codecommit create-repository --repository-name MyDemoRepo --repository-description "My demonstration repository" --tags Team=SaanviNow let's create a user and master IAM for the developer team. Make sure you are logged into the AWS console as an admin role and create a user.
https://console.aws.amazon.com/iam/home#/users$new?step=details
Make sure you have Access key — Programmatic access, Password — AWS Management Console access, Autogenerated password & User must create a new password at next sign-in selected.
Now we can create and assign a role to the developer. Make sure you select “PowerUserAccess and AWSCodeCommitPowerUser” for the correct role types or you can make custom roles for your use case and access needs.
Review the dev user and the role that has been attached…
or just do it all via the cli
aws iam create-user --user-name Bob
aws iam create-role --role-name Test-Role --assume-role-policy-document file://Test-Role-Trust-Policy.json**(I’ll just use the AWS GUI for the rest of this post, just note this can all be done programmatically as well.)
Success!! Now depending on if you are onboarding a new dev feel free to send out the onboarding email option “Email login instructions” to the new user.
Getting started from the Developers persona…
Now that the developer received the email with the AWS login they will want to add an ssh key to AWS. Much like GitHub and other tools, AWS has a section for the developer-user to add their ssh public key. This can be found in the IAM section of AWS. Note: the developer user has minimal access to IAM as the role dictates but they will have a section for “Adding SSH keys for AWS CodeCommit” https://console.aws.amazon.com/iam/home#/users/{{USERNAME}}?section=security_credentials
If your developer team doesn't know how to generate a pub/private key you have much bigger problems and I am not sure if this post will help you. But for the sake of this post ssh-keygen -t rsa && pbcopy < ~/.ssh/id_rsa.pub and then upload the public key.
Next, we will want to add/create a config file in the ~/.ssh dir
cd ~/.ssh && touch configThen we will want to add the AWS related info to the config
Host git-codecommit.*.amazonaws.comUser AWS-SSH-key-IDIdentityFile Your-Path-to-rsa-(~/.ssh/id_rsa)
Now as a developer you can see all repositories you have access to. https://us-west-2.console.aws.amazon.com/codesuite/codecommit/repositories?region=us-west-2 and your standard git-flow work the same as you are accustomed to in other tools for src control.
Now that we have source control setup for our code repo we can start to setup the infrastructure as code part of the pipline. We will do this in a followup post as part 2.
