CodeCommit to GitHub Migration Guide

A complete guide for migrating repositories from AWS CodeCommit to GitHub with all required configurations, security settings, and authentication.

Table of Contents

1. Prerequisites
2. Pre-Migration Checklist
3. GitHub Setup
4. Authentication & Security
5. Migration Process
6. Post-Migration Configuration
7. CI/CD Migration
8. Team Migration
9. Verification
10. Troubleshooting

---

Prerequisites

Required Tools

• Git (version 2.23 or higher)
• AWS CLI configured with appropriate credentials
• GitHub account (personal or organization)
• Terminal/Command line access

Required Access

• AWS IAM permissions for CodeCommit (read access minimum)
• GitHub repository creation permissions
• Admin access to configure repository settings

---

Pre-Migration Checklist

1. Inventory Your Repositories

# List all CodeCommit repositories
aws codecommit list-repositories --region us-east-1

2. Document Current Setup

• Repository names and descriptions
• Branch protection rules
• Approval rules and policies
• Triggers and notifications
• IAM users and their permissions
• CI/CD pipelines (CodePipeline, CodeBuild)
• Webhook configurations
• Repository tags and metadata

3. Backup Considerations

• Export repository metadata
• Document custom configurations
• Save approval templates
• Export issue tracking data (if applicable)

---

GitHub Setup

1. Create GitHub Account/Organization

For Organizations:

1. Go to https://github.com/organizations/plan
2. Choose appropriate plan (Free, Team, or Enterprise)
3. Complete organization setup
4. Configure organization settings

For Personal:

1. Sign up at https://github.com/signup
2. Verify email address
3. Complete profile setup

2. Create GitHub Repositories

Option A: Via Web Interface

1. Navigate to https://github.com/new
2. Enter repository name (match CodeCommit name or rename)
3. Choose visibility (Public/Private)
4. Do NOT initialize with README (we're importing)
5. Click "Create repository"

Option B: Via GitHub CLI

# Install GitHub CLI
# Windows: winget install GitHub.cli
# Mac: brew install gh
# Linux: See https://github.com/cli/cli#installation

# Authenticate
gh auth login

# Create repository
gh repo create my-repo --private --source=. --remote=github

Option C: Via API

# Using curl
curl -X POST -H "Authorization: token YOUR_GITHUB_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/user/repos \
  -d '{"name":"my-repo","private":true}'

---

Authentication & Security

1. GitHub Authentication Methods

A. Personal Access Token (PAT) - Recommended for HTTPS

Create PAT:

1. Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
2. Click "Generate new token (classic)"
3. Set expiration (90 days recommended, or custom)
4. Select scopes:
   • repo (full control of private repositories)
   • workflow (if using GitHub Actions)
   • admin:org (if managing organization)
   • delete_repo (if needed)
5. Generate and save token securely

Store PAT securely:

# Windows - Use Git Credential Manager
git config --global credential.helper manager-core

# Mac - Use Keychain
git config --global credential.helper osxkeychain

# Linux - Use credential store
git config --global credential.helper store

B. SSH Keys - Recommended for SSH

Generate SSH Key:

# Generate new SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"
# Or for legacy systems:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

# Start SSH agent
eval "$(ssh-agent -s)"

# Add key to agent
ssh-add ~/.ssh/id_ed25519

Add to GitHub:

1. Copy public key: cat ~/.ssh/id_ed25519.pub
2. Go to GitHub Settings → SSH and GPG keys
3. Click "New SSH key"
4. Paste key and save

Test connection:

ssh -T git@github.com

C. GitHub App (For Organizations)

1. Go to Organization Settings → Developer settings → GitHub Apps
2. Click "New GitHub App"
3. Configure permissions and webhooks
4. Install app to repositories

2. AWS CodeCommit Authentication Setup

Configure AWS Credentials

Option A: HTTPS with Git Credentials

# Configure AWS CLI
aws configure

# Install git-remote-codecommit (recommended)
pip install git-remote-codecommit

# Clone using codecommit://
git clone codecommit://my-repo

Option B: SSH Keys

# Upload SSH public key to IAM
aws iam upload-ssh-public-key --user-name your-iam-user \
  --ssh-public-key-body file://~/.ssh/codecommit_rsa.pub

# Configure SSH config
cat >> ~/.ssh/config << EOF
Host git-codecommit.*.amazonaws.com
  User YOUR_SSH_KEY_ID
  IdentityFile ~/.ssh/codecommit_rsa
EOF

---

Migration Process

Method 1: Automated Python Script (Recommended)

We provide a Python script that automates the entire migration process.

Setup

# Install dependencies
pip install -r requirements.txt

# Install git-remote-codecommit for AWS authentication
pip install git-remote-codecommit

# Set environment variables
export GITHUB_TOKEN="your_github_token"
export AWS_REGION="us-east-1"

Generate Configuration File

python migrate_to_github.py --generate-config

This creates migration_config.json. Edit it with your settings:

{
  "aws_region": "us-east-1",
  "github_org": "your-org-name",
  "create_private": true,
  "enable_branch_protection": true,
  "repositories": ["repo1", "repo2", "repo3"]
}

Run Migration

Single Repository:

# Migrate one repository
python migrate_to_github.py --repo my-repo --github-org my-org

# Dry run first (recommended)
python migrate_to_github.py --repo my-repo --github-org my-org --dry-run

Multiple Repositories:

# Using config file
python migrate_to_github.py --config migration_config.json

# Migrate all repositories
python migrate_to_github.py --migrate-all --github-org my-org

Verify Migration:

python migrate_to_github.py --verify my-repo --github-org my-org

Script Features

• ✓ Automatic repository creation on GitHub
• ✓ Mirror clone (preserves all branches, tags, history)
• ✓ Branch protection configuration
• ✓ Security features enablement
• ✓ Batch migration support
• ✓ Dry run mode
• ✓ Detailed logging
• ✓ Error handling and retry logic
• ✓ Migration verification

Command Line Options

Options:
  --config FILE          Path to configuration JSON file
  --repo NAME           Single repository to migrate
  --github-org ORG      GitHub organization name
  --github-user USER    GitHub username (alternative to org)
  --region REGION       AWS region (default: us-east-1)
  --dry-run            Test without actual migration
  --migrate-all        Migrate all CodeCommit repositories
  --generate-config    Create sample config file
  --verify REPO        Verify migration for repository

Logs and Output

The script generates:

• migration.log - Detailed migration logs
• Console output with progress and summary
• Migration summary report

Method 2: Mirror Clone (Manual)

This method preserves all branches, tags, and commit history.

# 1. Clone CodeCommit repository as mirror
git clone --mirror codecommit://my-repo my-repo-mirror
cd my-repo-mirror

# Or with HTTPS
git clone --mirror https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-repo my-repo-mirror
cd my-repo-mirror

# 2. Add GitHub as remote
git remote add github https://github.com/username/my-repo.git
# Or with SSH
git remote add github git@github.com:username/my-repo.git

# 3. Push everything to GitHub
git push --mirror github

# 4. Clean up
cd ..
rm -rf my-repo-mirror

Method 2: Standard Clone and Push

# 1. Clone from CodeCommit
git clone codecommit://my-repo
cd my-repo

# 2. Add GitHub remote
git remote add github https://github.com/username/my-repo.git

# 3. Push all branches
git push github --all

# 4. Push all tags
git push github --tags

Method 4: Bulk Migration Bash Script

Create a migration script for multiple repositories:

#!/bin/bash
# migrate-repos.sh

# Configuration
CODECOMMIT_REGION="us-east-1"
GITHUB_ORG="your-org"
REPOS=("repo1" "repo2" "repo3")

for repo in "${REPOS[@]}"; do
  echo "Migrating $repo..."
  
  # Clone from CodeCommit
  git clone --mirror "codecommit://$repo" "$repo-mirror"
  cd "$repo-mirror"
  
  # Create GitHub repo
  gh repo create "$GITHUB_ORG/$repo" --private
  
  # Push to GitHub
  git push --mirror "https://github.com/$GITHUB_ORG/$repo.git"
  
  cd ..
  rm -rf "$repo-mirror"
  
  echo "✓ $repo migrated successfully"
done

Method 5: Using GitHub Importer (Web UI)

1. Go to https://github.com/new/import
2. Enter CodeCommit repository URL
3. Provide AWS credentials when prompted
4. Configure repository settings
5. Begin import

---

Post-Migration Configuration

1. Branch Protection Rules

Configure via Web:

1. Go to Repository Settings → Branches
2. Add branch protection rule
3. Configure for main or master:
   • Require pull request reviews (1-2 reviewers)
   • Require status checks to pass
   • Require conversation resolution
   • Require signed commits
   • Include administrators
   • Restrict who can push

Configure via API:

curl -X PUT \
  -H "Authorization: token YOUR_TOKEN" \
  -H "Accept: application/vnd.github.v3+json" \
  https://api.github.com/repos/OWNER/REPO/branches/main/protection \
  -d '{
    "required_status_checks": {
      "strict": true,
      "contexts": ["ci/test"]
    },
    "enforce_admins": true,
    "required_pull_request_reviews": {
      "required_approving_review_count": 2
    },
    "restrictions": null
  }'

2. Repository Settings

General Settings:

• Set repository description
• Add topics/tags
• Configure default branch
• Enable/disable features (Issues, Wiki, Projects)
• Set visibility (public/private)

Security Settings:

• Enable Dependabot alerts
• Enable Dependabot security updates
• Enable secret scanning
• Enable code scanning (CodeQL)
• Configure security policy

Collaboration Settings:

• Set up CODEOWNERS file
• Configure merge strategies
• Enable auto-merge
• Configure branch deletion

3. Create CODEOWNERS File

# .github/CODEOWNERS
# Default owners for everything
* @org/team-name

# Specific paths
/docs/ @org/docs-team
*.js @org/frontend-team
/api/ @org/backend-team

4. Set Up Issue Templates

mkdir -p .github/ISSUE_TEMPLATE

Create .github/ISSUE_TEMPLATE/bug_report.md:

---
name: Bug Report
about: Create a report to help us improve
title: '[BUG] '
labels: bug
assignees: ''
---

**Describe the bug**
A clear description of the bug.

**To Reproduce**
Steps to reproduce the behavior.

**Expected behavior**
What you expected to happen.

5. Set Up Pull Request Template

Create .github/pull_request_template.md:

## Description
Brief description of changes

## Type of Change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update

## Testing
- [ ] Tests pass locally
- [ ] Added new tests

## Checklist
- [ ] Code follows style guidelines
- [ ] Self-review completed
- [ ] Documentation updated

---

CI/CD Migration

From CodePipeline/CodeBuild to GitHub Actions

1. Analyze Current Pipeline

Document your CodePipeline stages:

• Source stage (CodeCommit)
• Build stage (CodeBuild)
• Test stage
• Deploy stage

2. Create GitHub Actions Workflow

Create .github/workflows/ci.yml:

name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

env:
  NODE_VERSION: '18'

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
        node-version: ${{ env.NODE_VERSION }}
        cache: 'npm'
    
    - name: Install dependencies
      run: npm ci
    
    - name: Run linter
      run: npm run lint
    
    - name: Run tests
      run: npm test
    
    - name: Build
      run: npm run build
    
    - name: Upload artifacts
      uses: actions/upload-artifact@v3
      with:
        name: build-artifacts
        path: dist/

  deploy:
    needs: build
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    
    steps:
    - name: Download artifacts
      uses: actions/download-artifact@v3
      with:
        name: build-artifacts
    
    - name: Deploy to production
      run: |
        # Add your deployment commands
        echo "Deploying to production..."

3. Migrate Secrets

In CodeBuild:

• Secrets stored in Parameter Store or Secrets Manager

In GitHub:

1. Go to Repository Settings → Secrets and variables → Actions
2. Add repository secrets
3. Use in workflows: ${{ secrets.SECRET_NAME }}

- name: Deploy
  env:
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  run: |
    aws s3 sync ./dist s3://my-bucket

4. AWS Deployment from GitHub Actions

- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: us-east-1

- name: Deploy to AWS
  run: |
    aws deploy create-deployment \
      --application-name my-app \
      --deployment-group my-group \
      --github-location repository=${{ github.repository }},commitId=${{ github.sha }}

---

Team Migration

1. Map IAM Users to GitHub Users

Create a mapping document:

AWS IAM User	GitHub Username	Role
john.doe	@johndoe	Admin
jane.smith	@janesmith	Write

2. Invite Team Members

Via Web:

1. Go to Repository Settings → Collaborators
2. Add people or teams
3. Set permissions (Read, Write, Admin)

Via CLI:

# Add collaborator
gh api repos/OWNER/REPO/collaborators/USERNAME -X PUT \
  -f permission=push

3. Set Up Teams (Organizations)

1. Go to Organization Settings → Teams
2. Create teams (e.g., Frontend, Backend, DevOps)
3. Add members to teams
4. Grant team access to repositories

4. Configure Team Permissions

# Grant team access
gh api orgs/ORG/teams/TEAM/repos/OWNER/REPO -X PUT \
  -f permission=push

---

Verification

1. Verify Repository Contents

# Clone from GitHub
git clone https://github.com/username/my-repo.git verify-repo
cd verify-repo

# Check all branches
git branch -a

# Check all tags
git tag -l

# Verify commit history
git log --oneline --graph --all

# Compare with CodeCommit
git remote add codecommit codecommit://my-repo
git fetch codecommit
git diff codecommit/main origin/main

2. Verification Checklist

• All branches migrated
• All tags migrated
• Commit history intact
• File permissions preserved
• .gitignore working correctly
• LFS files migrated (if applicable)
• Branch protection rules configured
• Team access configured
• CI/CD pipeline working
• Secrets configured
• Documentation updated

3. Test CI/CD Pipeline

# Create test branch
git checkout -b test-pipeline

# Make small change
echo "# Test" >> README.md
git add README.md
git commit -m "Test CI/CD pipeline"

# Push and create PR
git push origin test-pipeline
gh pr create --title "Test Pipeline" --body "Testing CI/CD"

---

Troubleshooting

Common Issues

1. Authentication Failures

Problem: fatal: Authentication failed

Solutions:

# Clear credential cache
git credential-cache exit

# Re-authenticate with GitHub
gh auth login

# Verify SSH connection
ssh -T git@github.com

# Update remote URL
git remote set-url origin https://github.com/username/repo.git

2. Large File Issues

Problem: remote: error: File X is 100.00 MB; this exceeds GitHub's file size limit

Solutions:

# Use Git LFS
git lfs install
git lfs track "*.psd"
git lfs track "*.zip"
git add .gitattributes
git commit -m "Configure Git LFS"

# Or remove large files from history
git filter-branch --tree-filter 'rm -f path/to/large/file' HEAD

3. Push Rejected

Problem: ! [remote rejected] main -> main (protected branch hook declined)

Solution:

• Temporarily disable branch protection
• Push changes
• Re-enable branch protection

4. Missing Branches or Tags

Problem: Not all branches/tags migrated

Solution:

# Fetch all from CodeCommit
git fetch codecommit --all

# Push specific branch
git push github codecommit/branch-name:branch-name

# Push all tags
git push github --tags

5. Rate Limiting

Problem: API rate limit exceeded

Solution:

• Wait for rate limit reset
• Use authenticated requests (higher limits)
• Use GitHub App for even higher limits

Getting Help

• GitHub Support: https://support.github.com
• GitHub Community: https://github.community
• GitHub Status: https://www.githubstatus.com
• AWS CodeCommit Docs: https://docs.aws.amazon.com/codecommit

---

Additional Resources

Documentation

• GitHub Docs
• GitHub Actions
• AWS CodeCommit
• Git Documentation

Tools

• GitHub CLI
• git-remote-codecommit
• GitHub Desktop

Security Best Practices

• Use SSH keys or PATs, never passwords
• Enable 2FA on GitHub account
• Rotate access tokens regularly
• Use least privilege principle for permissions
• Enable security scanning features
• Review and audit access regularly

---

Post-Migration Cleanup

1. Update Documentation

• Update README with new repository URL
• Update CI/CD documentation
• Update team onboarding docs
• Update deployment procedures

2. Update External Services

• Update webhook URLs
• Update CI/CD integrations
• Update monitoring/alerting
• Update documentation sites
• Update package registries

3. Notify Team

Send migration announcement:

• New repository URL
• Authentication changes
• New CI/CD process
• Updated workflows
• Support contacts

4. Decommission CodeCommit (Optional)

After verification period (30-90 days):

# Archive repository (recommended)
aws codecommit update-repository-description \
  --repository-name my-repo \
  --repository-description "ARCHIVED - Migrated to GitHub"

# Or delete repository
aws codecommit delete-repository \
  --repository-name my-repo

---

Migration Timeline Template

Phase	Duration	Tasks
Planning	1-2 weeks	Inventory, documentation, team prep
Setup	1 week	GitHub setup, authentication config
Migration	1-3 days	Repository migration, verification
Configuration	1 week	Branch rules, CI/CD, team access
Testing	1 week	Pipeline testing, team validation
Cutover	1 day	Final sync, go-live
Monitoring	2 weeks	Support team, fix issues
Cleanup	1 week	Decommission old resources

---

Success Criteria

• ✓ All repositories migrated with complete history
• ✓ All team members have access
• ✓ CI/CD pipelines operational
• ✓ Branch protection rules enforced
• ✓ Security scanning enabled
• ✓ Documentation updated
• ✓ Team trained on new workflows
• ✓ Zero downtime during migration

---

Last Updated: November 2025