Automate Notification Assignment To AWS CodeCommit Repositories

Solution diagram

Solution diagram

In this post, I will show you to comply with the auditing requirement by configuring a notification rule to the AWS CodeCommit repository as they’re created.

Attach a notification rule to the AWS CodeCommit repository as they’re created.

If you’ve ever worked with git repositories with your fellow developers for the company or projects you’re working with, then you must have toppled many requirements to keep your projects in shape (branching strategies, change approvals, auditing, etc).

Auditing is the one I consider the most important because it keeps track of each specified action executed in your git repository (pull requests, approval rules override, commits, etc.).

Our tradition as developers is to mostly focus on our development instead of compliance issues. We might hate it, but sadly we must follow orders as the good soldiers they expect us to be.

Now besides the poem, I’ve just recited, in this post, I will show you to comply with the auditing requirement by configuring a notification rule to the AWS CodeCommit repository as they’re created.


Prerequisites

  1. IAM User used for this post must have permissions to AWS Lambda, AWS EventBridge, AWS CodeCommit, and Amazon SNS.
    2. Create Amazon SNS Topic and Subscription. https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html
    3. Create AWS Lambda function (Python 3.9).
    https://docs.aws.amazon.com/lambda/latest/dg/getting-started.html


AWS Lambda

We will be setting up the AWS Lambda function which assign the Amazon SNS Topic to every AWS CodeCommit repository when they’re created.

Go to AWS Lambda service:

AWS Lambda β€” Search result

AWS Lambda β€” Search result

Access the AWS Lambda function instance you will be using for this demo.

The following will display the required β€œEnvironment variables” the AWS Lambda function requires.

In this case, the Environment variable will be the Amazon SNS Topic ARN you will be using for AWS CodeCommit repository notifications.

AWS Lambda β€” Environment variables

AWS Lambda β€” Environment variables

Now you must access the Execution Role.

In the β€œConfiguration” tab, click on β€œPermissions” and click the β€œRole Name”:

AWS Lambda β€” Permissions

AWS Lambda β€” Permissions

Once inside your Execution role.

On the β€œPermissions” tab click β€œAdd permissions > Create inline policy”:

Execution Role β€” Policy menu

Execution Role β€” Policy menu

Click the β€œJSON” tab, copy-paste the following, then click β€œReview policy” (Remember to replace the placeholders):

                {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codestar-notifications:CreateNotificationRule",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::<AWS Account Number>:role/*",
            "Effect": "Allow"
        }
    ]
}
            

Fill in the required fields and then click β€œCreate policy”:

Execution Role β€” Create policy

Execution Role β€” Create policy

Now head back to the AWS Lambda function.

You will upload the following code:

https://github.com/jeanvelez2/assign_notification_to_codecommit_repository


AWS EventBridge

Now we will be creating the Amazon EventBridge Rule which invokes the AWS Lambda function from the previous only when an AWS CodeCommit repository is created.

Go to AWS EventBridge service:

Amazon EventBridge β€” Search result

Amazon EventBridge β€” Search result

On the left-hand menu you access β€œRules”:

Amazon EventBridge β€” Left-hand side menu

Amazon EventBridge β€” Left-hand side menu

Then click the β€œCreate rule” button:

Amazon EventBridge β€” Create rule button

Amazon EventBridge β€” Create rule button

Fill in the required fields, then click Next:

Amazon EventBridge β€” Rule detail

Amazon EventBridge β€” Rule detail

Select β€œAWS events or EventBridge partner events” as Event source:

Amazon EventBridge β€” Event Source

Amazon EventBridge β€” Event Source

Enter the following for the β€œEvent pattern”, then click Next:

Amazon EventBridge β€” Event Patterns

Amazon EventBridge β€” Event Patterns

Now select the AWS Lambda function as target, the click Next:

Amazon EventBridge β€” AWS Lambda target

Amazon EventBridge β€” AWS Lambda target

Continue clicking Next until you arrive at the review page. If everything is in order, then click β€œCreate rule” button:

Amazon EventBridge β€” Create rule button

Amazon EventBridge β€” Create rule button


AWS CodeCommit Repository

Everything is set up!

Now we must test it out (Fingers crossed).

Go to AWS CodeCommit service:

AWS CodeCommitβ€” Search result

AWS CodeCommitβ€” Search result

Click the β€œCreate repository” button:

AWS CodeCommit β€” Main page

AWS CodeCommit β€” Main page

Enter the required fields, the click Create:

AWS CodeCommit β€” Create repository

AWS CodeCommit β€” Create repository

Wait around 5 seconds for AWS Lambda function to execute.

Access your AWS CodeCommit repository, then on the left-hand menu, click Settings:

AWS CodeCommit β€” Left-hand menu

AWS CodeCommit β€” Left-hand menu

Click the β€œNotifications” tab, there you should see the notification configuration:

AWS CodeCommit β€” Notifications

AWS CodeCommit β€” Notifications

Start pushing and pulling code using the AWS CodeCommit repository and you should see the Amazon SNS topic receiving the events as you decided to assign them (Email, SNS, HTTP, etc.).


Conclusion

You will have one less responsibility in regard to Auditing your repositories in AWS CodeCommit. This project was helpful for my AWS Accounts because many times I would forget to assign a notification rule to the AWS CodeCommit repository.

I did as a developer should do when that task got annoying: Automate it!!!

It has been fun writing this post, as always.

Any questions or comments, please let me know.

Hope you have a nice day, Thank you and Gracias!!!


Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies and get more readers

Join other developers and claim your FAUN account now!

Avatar

Jean Velez Torres

Cloud Solutions Architect, Evertec, Inc.

@jeanvelez2
Hello Everyone! I'm Jean Velez, Cloud Solutions architect from Puerto Rico who wants to start out blogging. Always loved to teach others (not the best teacher, but still enjoy it). Works with AWS and Azure, and also a python enthusiast.
Stats
35

Influence

2k

Total Hits

8

Posts