top of page

Again that mail about the need of rotating the Github Tokens of your pipelines?

“CodeStar Connect” will release you of that pain.

Everybody knows the inconvenience of working with secrets like Tokens or Webhooks: You need to create them, save them in the Parameter Store to avoid leakage, and rotate them every couple of months. But now, using CodeStar connections and the Github App on AWS you are completely free of them!

Creating this connection is as simple as you can see in this link; however, in Terraform you will find that it’s as easy as in the AWS Management Console!

You just need to create your codestar_connection:

resource "aws_codestarconnections_connection" "github" {
 name          = "pipeline-github-connection"
 provider_type = "GitHub"

After applying, the connection will be on Pending status:

You need to update the status by enabling the connection manually. You will be redirected to the connection settings, where you must allow GithubApp to connect the repo with AWS (if it’s the first time, only the organization or repo owner can set this connection). You can connect all your repos or just one:

Once the connection is established you just need to update the source stage on your CodePipeline:

stage {
 name = "Source"
 action {
   name             = "Source"
   category         = "Source"
   owner            = "AWS"