Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS CodePipeline not able to access Organization's repositories

I am trying to setup Continuous deployments pipelines in AWS Codepipeline.

While creating a pipeline I provide "Source provider" as GitHub and then connect to GitHub. I am able to see my public repositories in "Repository" drop-down in create Pipeline page. But I am not able to see my Organization's private repositories in this drop-down. I have write access in Organization.

How can I make AWS Codepipeline have access to my organizations repositories.

like image 223
anshul410 Avatar asked Sep 04 '15 11:09

anshul410


People also ask

Does AWS CodePipeline support cross account deployment?

However, keeping a centralized account to orchestrate continuous delivery and deployment using AWS CodePipeline and AWS CodeBuild eliminates the need to duplicate the delivery pipeline. You can secure the pipeline through the use of cross account IAM roles and the encryption of artifacts using AWS KMS.

Is CodePipeline Regional?

Set up artifact stores for AWS CodePipeline. AWS CodePipeline uses Amazon S3 buckets as an artifact store. These S3 buckets are regional and versioned. All of the artifacts are copied to the same region in which the pipeline action is configured to execute.

Is not authorized to perform CodePipeline?

I am not authorized to perform an action in CodePipeline If the AWS Management Console tells you that you're not authorized to perform an action, you must contact your administrator for assistance. Your administrator is the person who provided you with your user name and password.


1 Answers

AWS CodePipeline requires two GitHub scopes for its operation, as outlined in section GitHub within Product and Service Integrations with AWS CodePipeline: Source Action Integrations:

[...] You can connect to the GitHub repository by either creating a new pipeline or editing an existing one. The first time you add a GitHub repository to a pipeline, you will be asked to authorize AWS CodePipeline access to your repositories. To integrate with GitHub, AWS CodePipeline uses OAuth tokens and requires two GitHub scopes: admin:repo_hook, which is used to detect when you have committed and pushed changes to the repository, and repo, which is used to read and pull artifacts from public and private repositories into a pipeline. For more information about GitHub scopes, see the GitHub Developer API Reference.
Access for AWS CodePipeline is configured for all repositories to which that GitHub account has access; it cannot currently be configured for individual repositories.
[emphasis mine]

Now, while you have probably done that, it is possible that your organization is set up so that it does not grant access by default (while this is visible and adjustable when authorizing a new app/service, it is easily overlooked) - here's the resp. GitHub tooltip:

Until access is granted by an owner, the application cannot access the organization's private data or modify its public data.

Provided you are an owner of the organization, you can explicitly grant access by doing the inverse instructions outlined in the referenced CodePipeline GitHub documentation:

You can revoke this access from GitHub by choosing Settings, choosing Applications, and then, under Authorized applications, finding AWS CodePipeline in the list of authorized applications and choosing Revoke. [...]

That is, go to your GitHub profile => Settings => Applications => AWS CodePipeline, and click the Grant access button for each applicable organization.

like image 61
Steffen Opel Avatar answered Oct 21 '22 07:10

Steffen Opel