Chris Franklin
Chris Franklin


  • aws

For those that don’t know, I am a huge supporter of all things AWS. I spent 3 years working at Amazon building amazing things on top of AWS and have spent the years since doing the same at Genesys. My career didn’t really begin to blossom until I started to fully embrace the power of Amazon’s IaaS services. They have released a lot of best-in-class tools to allow developers to really build some amazing things. That is why it always saddens me when I come across a tool that doesn’t live up to my expectations. And it is with a heavy heart that I pronounce CodeCommit as a giant pile of shit.

CodeCommit is Amazon’s answer to git hosting services such as GitHub and Bitbucket. The idea is very simple, they host the master branch of my git repository just like those other services do. The pricing is actually fantastic (as most AWS prices are) at 5 user with 50GB/month storage for free and unlimited repositories. On top of that, it is tightly integrated with a lot of other AWS services like CodePipeline and CodeBuild.

On paper this seems like the answer to all my prayers! I have always wanted a fully integrated Continuous Integration suite that handled everything from repository to deployment, and this definitely accomplishes that goal. On top of that, it would allow me to develop and deploy AWS Lambda functions without any additional framework (i.e. serverless). So, why am I walking away and washing my hands of this experience?

I am what may be referred to as a Git and AWS Power User. I actively use 6 different AWS accounts and 3 Git credential sets. The number of accounts I deal with has zero impact on anything else I do, so it was a bit of a shock when I discovered that it severely impacted my ability to use CodeCommit. CodeCommit uses two forms of authentication (well, 3, but 2 are interchangeable) and that is where its downfall lies. You need to add CodeCommit permissions to your normal IAM user so that you can talk to the API endpoints. And then you need to either set up a special SSH key or Git Credentials. Oh, and the Git Credentials are completely randomized so you can’t set your own username and password.

I spent close to 3 hours trying to make the CodeCommit credential system work properly with my other AWS accounts. I could get the system to pull down the repo and I could make commits to it, but when I had that working my other AWS accounts ceased to function. It also played havoc with my other Git accounts. This is because you have to override the git credential helper to use CodeCommit. Something along the lines of git config --global credential.helper '!aws codecommit credential-helper $@'. I am sure I could get this to work properly if I spent a few more days on it, but…

Long story short, I switched back to GitHub and everything just worked. I don’t need to use CodeCommit. There are plenty of other options available that don’t cost me anything. If I want to set up private repos, I can easily afford the $7/month that GitHub charges. Or I can just use Bitbucket for free. To Amazon, if you want people to use your systems, put some effort into ease of use. Especially when there are so many options available for that tool that are easy to use.