Skip to content

AWS CodeCommit

This feature is flagged as experimental

Experimental features might be changed or even removed at any time. Subscribe to GitHub issue #2868 to be notified of any changes.


IAM Role

Machine pre-requisites

  1. aws-cli installed.
  2. Set up the environment with git-credentials-helper. EC2/linux: EC2 codecommit git integration.

windows: windows codecommit git integration.

  1. Set the environment variable AWS_REGION.

Codebuild Configuration

add git-credential-helper to your buildspec.yml.

env: git-credential-helper:yes

IAM User

First, you must get an AWS IAM Access Key id and a Secret access key id

Let Renovate use AWS CodeCommit authentication keys by doing one of the following:

  • Set a Renovate configuration file - config.js:
username: AWS IAM access key id
password: AWS Secret access key
endpoint: the URL endpoint e.g
token: AWS session token, if you have one
  • Set up the environment with all required AWS environment variables:
AWS_ACCESS_KEY_ID: AWS IAM access key id
AWS_SECRET_ACCESS_KEY: AWS Secret access key
AWS_REGION: the AWS region e.g us-east-1
AWS_SESSION_TOKEN: AWS session token, if you have one
  • Set up AWS credentials using CLI parameters:
--username: AWS IAM access key id
--password: AWS Secret access key
--endpoint: the URL endpoint for example
--token: AWS session token, if you have one


Create a new AWS policy for renovate with these permissions, then attach it to the user/role.

Change the Resource value to the resources you want to use.

The policy json.

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "RenovatePolicy",
      "Effect": "Allow",
      "Action": [
      "Resource": "*"

Running Renovate

Set up a global configuration file (config.js), or use CLI parameters or environment variables, to run Renovate on CodeCommit:

Run Renovate and it will process your repositories.

Unsupported platform features/concepts

These features are not supported:

  • Adding assignees to PRs
  • Auto-merge
  • rebaseLabel (request a rebase for Renovate)


  • We recommend that you limit the number of open Renovate PRs by setting a prConcurrentLimit
  • Due to current platform limitations, if you close a PR but don’t want for Renovate to recreate the PR, use package rules with the "enabled": false key

Example configuration

Here's an example config.js:

module.exports = {
  endpoint: '',
  platform: 'codecommit',
  repositories: ['abc/def', 'abc/ghi'],
  username: 'ACCESS_KEY_ID_GOES_HERE',
  gitAuthor: 'your_email@domain',
  prConcurrentLimit: 10,
  packageRules: [
      matchPackageNames: ['package_name', 'package_name2'],
      enabled: false,