AWS CodePipeline not able to access Organization's repositories

31
votes

I am trying to setup Continuous deployments pipelines in AWS Codepipeline.

While creating a pipeline I provide "Source provider" as GitHub and then connect to GitHub. I am able to see my public repositories in "Repository" drop-down in create Pipeline page. But I am not able to see my Organization's private repositories in this drop-down. I have write access in Organization.

How can I make AWS Codepipeline have access to my organizations repositories.

4
amazon-web-servicesgithubcontinuous-deploymentaws-codepipeline

4 Answers

28
votes

AWS CodePipeline requires two GitHub scopes for its operation, as outlined in section GitHub within Product and Service Integrations with AWS CodePipeline: Source Action Integrations:

[...] You can connect to the GitHub repository by either creating a new pipeline or editing an existing one. The first time you add a GitHub repository to a pipeline, you will be asked to authorize AWS CodePipeline access to your repositories. To integrate with GitHub, AWS CodePipeline uses OAuth tokens and requires two GitHub scopes: admin:repo_hook, which is used to detect when you have committed and pushed changes to the repository, and repo, which is used to read and pull artifacts from public and private repositories into a pipeline. For more information about GitHub scopes, see the GitHub Developer API Reference.
Access for AWS CodePipeline is configured for all repositories to which that GitHub account has access; it cannot currently be configured for individual repositories.
[emphasis mine]

Now, while you have probably done that, it is possible that your organization is set up so that it does not grant access by default (while this is visible and adjustable when authorizing a new app/service, it is easily overlooked) - here's the resp. GitHub tooltip:

Until access is granted by an owner, the application cannot access the organization's private data or modify its public data.

Provided you are an owner of the organization, you can explicitly grant access by doing the inverse instructions outlined in the referenced CodePipeline GitHub documentation:

You can revoke this access from GitHub by choosing Settings, choosing Applications, and then, under Authorized applications, finding AWS CodePipeline in the list of authorized applications and choosing Revoke. [...]

That is, go to your GitHub profile => Settings => Applications => AWS CodePipeline, and click the Grant access button for each applicable organization.

22
votes

The following step may be needed for your organization (depends on configuration though).

On Github,

  1. Click your profile Avatar.
  2. Go to "Settings".
  3. Go to "Application" from the menu.
  4. Go to "Authorized OAuth Apps" tab.
  5. Select CodePipeline
  6. Grant Organization Access for it.
6
votes

You need to have Admin / Owner level in order to grant AWS Codepipeline access to your Organization repositories.

I took some screenshots for clarification.

Steps:
1. Go to https://github.com/settings/applications. It is the same as pressing Profile Avatar, pressing 'Settings' on the drop down menu and then 'Applications' on the left menu.
2. Press 'Authorized OAuth Apps' on the top menu.
3. Click on AWS CodePipeline item.
4. There will be a page that shows permissions and also organization access.
5. Press on Grant button and there will be a check mark appearing next to your organization name.

enter image description here Grant AWS CodePipeline access to Organization

1
votes

We have ran into the same problem. The Repo Admin level permission is required for this to work. So you will have to request from your organization Admin level access to the repo. We ended up creating a service user with admin repo right in private org repo and then we could access the CI tooling.