Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.1.1.1. Code, Image, and Artifact Repositories (CodeCommit, ECR, S3)

2.1.1.1. Code, Image, and Artifact Repositories (CodeCommit, ECR, S3)

Every CI/CD pipeline starts with a source of truth. If your team can't answer "what exact version of code is running in production right now?" ā€” your repository strategy has failed. AWS provides three purpose-built repository types:

AWS CodeCommit hosts private Git repositories with IAM-based access control (no SSH key management), encryption at rest via KMS, and native integration with CodePipeline triggers. It supports standard Git operations including branching, pull requests, and approval rules.

āš ļø CodeCommit Deprecation Notice: As of July 2024, AWS CodeCommit is no longer accepting new customers. Existing repositories continue to function, but AWS recommends migrating to third-party Git providers (GitHub, GitLab, Bitbucket) integrated with CodePipeline. The exam may still test CodeCommit concepts, but expect increasing emphasis on third-party source provider integration.

Amazon ECR stores Docker container images with built-in vulnerability scanning (scanOnPush), lifecycle policies for automatic cleanup of untagged images, and cross-region/cross-account replication. ECR integrates natively with ECS, EKS, and Lambda for container deployments.

Amazon S3 serves as general-purpose artifact storage for deployment packages, static assets, and pipeline outputs. Use versioning to preserve every artifact version and lifecycle policies to archive or delete old artifacts.

Exam Trap: CodePipeline's Source stage accepts CodeCommit, ECR, S3, and third-party providers (GitHub, Bitbucket) ā€” but each has different trigger mechanisms. CodeCommit uses CloudWatch Events (EventBridge) for change detection, while S3 uses CloudTrail event logging on PutObject. If CloudTrail isn't enabled for the S3 bucket, the pipeline won't trigger.

# CodePipeline source action for S3 (requires CloudTrail)
- Name: SourceAction
  ActionTypeId:
    Category: Source
    Provider: S3
  Configuration:
    S3Bucket: my-artifact-bucket
    S3ObjectKey: app/source.zip
    PollForSourceChanges: false  # Use CloudTrail events instead

šŸ’” Tip: Use ECR lifecycle policies aggressively ā€” untagged images accumulate fast and drive up storage costs. A common policy keeps only the last 10 tagged images per repository.

Alvin Varughese
Written byAlvin Varugheseā€¢Founderā€¢15 professional certifications