Hello everyone,

Today we going to learn about how we can sync the data from the bitbucket to the AWS CodeCommit .There can be cases we will be using Bitbucket from long time and now we have to shift ourself to the CodeCommit .So we will need to replicate our commits done till date in the bitbucket and will also need to do the sync on timely basis.To achieve our goal bitbucket pipeline will help us with it .Lets see how we can do it .

Short Description on steps we will be following

  • Creating a new and empty CodeCommit Repository where we are going to sync the data of the bitbucket repository

  • Creation of IAM Group which will have the access permissions which will allow us to commit the changes in the Codecommit repository

  • Creation of IAM  User through which we will commit the changes from the bitbucket to the CodeCommit

  • Creation of SSH Keys and adding in the Security Credentials of the user

  • Configure Bitbucket Pipelines which will help us to create the replication from the bitbucket repository to the CodeCommit and which will be helpful to maintain the sync on timely basis.

Procedure

  • Creation of CodeCommit Repository

    First we will create an empty repository by selecting the region where we want the CodeCommit repository to be .Following will be the steps to create a new repository

    • We will create an empty repository to commit the changes from Bitbucket
    • Open up AWS CodeCommit and select your region
    • Once you’ve created a repository, select the repository, click the “Connect” button, and choose the SSH option which we’ll be using later on, this is where you’ll find your connection information, and some instructions that you can refer back to later.
  • Creation of IAM Group

    Here we will need to have the Permission to the user for the CodeCommit to commit the changes

    • Create a new IAM CodeCommit-Contributor
    • Assign the AWSCodeCommitPowerUser policy to this group
  • Creation of IAM  User

    We will create a new user which will be helpful for us to get the data from the bitbucket to the CodeCommit

    • Create a new IAM user with a login of Bitbucket-User
    • assign the CodeCommit-Contributor group to it.
    • After creation we will add the SSH public key to the user which we will do below
  • Creation of SSH Keys and adding in the Security Credentials of the user

    Access to CodeCommit repositories is provided by associating credentials or keys. In this case, we’re going to use SSH and generate public and private keys for use with the IAM user and Bitbucket Pipeline service.

    To generate a new private and public key (Windows users, YMMV), we’ll open terminal and execute the following. We’re not going to provide a password here, just hit return when it asks.

    • To generate a new private and public key (Windows users, YMMV), we’ll open terminal and execute the following. We’re not going to provide a password here, just hit return when it asks.

      ssh-keygen -f ~/.ssh/codecommit_rsa

    • This will generate 2 files, ~/.ssh/codecommit_rsa, which is the private key and ~/.ssh/codecommit_rsa.pub, which is the public key. Copy your public key to your clipboard:
      pbcopy < ~/.ssh/codecommit_rsa.pub
      or we can do is
      sudo cat ~/.ssh/codecommit_rsa.pub and copy the contents in the clipboard
    • Open your IAM Bitbucket-User, and under “Security credentials”, click Upload SSH Key under “SSH keys for AWS CodeCommit”, and paste in your public key.
    • Once your public key is created, there will be an SSH key ID associated with it.
    • This will be used as your CodeCommit username when accessing repositories.
  • Set up Git and validate your connection

    Let’s test the connection at this point to confirm that you’ve correctly associated your new key with the user, as well as validated that the user has the correct privileges in the CodeCommit profile assigned to the group. We’re going to use this same configuration later on with Bitbucket Pipelines, so keep it handy.

    • Create your ~/.ssh/config, and associate your IAM user’s SSH key ID and new private key with the CodeCommit hosts.Write the below details in the config file which we will create

      Host git-codecommit.*.amazonaws.com
        User Your-IAM-SSH-Key-ID-Here [which is created in Security credentials when we uploaded the SSH key in iam user]
        IdentityFile ~/.ssh/codecommit_rsa
    • Now we will initialize the connection as below
      ssh git-codecommit.us-east-1.amazonaws.com
      The authenticity of host ‘git-codecommit.us-east-1.amazonaws.com (72.21.203.185)’ can’t be established.
      RSA key fingerprint is SHA256:XXX/XXXXXX.
      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added ‘git-codecommit.us-east-1.amazonaws.com,72.21.203.185’ (RSA) to the list of known hosts.
    • We should get the below response :
      • You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-1.amazonaws.comclosed by remote host.
  • Configure Bitbucket Pipelines

    • In order to use Bitbucket Pipelines, it needs to be enabled for the repository first. Under your repository settings, choose Pipelines and enable pipelines in bitbucket.
    • Now Pipelines is enabled, and before configuring that bitbucket-pipelines.yml file, lets initialize some Pipelines environment variables.
    • Under your repository settings, choose Repository Variables under Pipelines. We’re going to create 5 environment variables as below.
      • Following are the variables we will assign
        • CodeCommitConfig: The base64 encoded version of the SSH config we added to our ~/.ssh/config earlier that specifies the Host, User and IdentityFile.
          • We can create the base64 encoding below

            cat ~/.ssh/config | base64 -w 0
        • CodeCommitHost: The host and region of your CodeCommit instance
        • CodeCommitKey: The base64 encoded version of your SSH private key that we generated (node that it’s hidden and encrypted in the above screenshot because Secured was selected, make sure you do this as well).We can create base4 encoding like

          cat ~/.ssh/codecommit_rsa | base64 -w 0
        • CodeCommitRepo: The host, region and repository path of your repository.
        • CodeCommitUser: The SSH key ID associated with the public key on your AWS IAM user.[This is the SSH keyID which we will get in the Security Credentials in the IAM]
      • Lets create that bitbucket-pipelines.yml file, either add it using your favourite editor, or click “Configure bitbucket-pipelines.yml” and edit it directly on bitbucket.org.

        pipelines:
          default:
            – step:
                script:
                  – echo $CodeCommitKey > ~/.ssh/codecommit_rsa.tmp
                  – base64 -d ~/.ssh/codecommit_rsa.tmp > ~/.ssh/codecommit_rsa
                  – chmod 400 ~/.ssh/codecommit_rsa
                  – echo $CodeCommitConfig > ~/.ssh/config.tmp
                  – base64 -d  ~/.ssh/config.tmp > ~/.ssh/config
                  – set +e
                  – ssh -o StrictHostKeyChecking=no $CodeCommitHost
                  – set -e
                  – git remote add codecommit ssh://$CodeCommitRepo
                  – git push codecommit $BITBUCKET_BRANCH
      • Below is the details of the pipeline script which we have created
        • Creates temporary files for $CodeCommitKey and $CodeCommitConfig then decodes them into place.
        • Adjusts the permissions on your primary key (some SSH clients require more secure privileges on this file)
        • Initializes the SSH connection to the CodeCommit host. It’s worth noting here that this command will “appear to fail”, so we need to disable error checking (set +e) on this script and let it fail silently and then re-enable error checking (set -e). -o StrictHostKeyChecking=no will prevent the service from needing to manually accept the remote host.
        • Add the CodeCommit repository as a remote and push the current ($BITBUCKET_BRANCH) branch

Notes

  • We will also require CodeCommit Repository as empty everytime

Leave a Reply

Your email address will not be published. Required fields are marked *