-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[aws-amplify] Can't connect to GitHub #9455
Comments
Possibly caused by the new accouunt used being restricted. Would be great to have a proper error message when PAT is not working. |
I had this problem, and the underlying problem was that the user that created the Personal Access Token must also (for some reason) be an Admin of the repository: aws-amplify/amplify-hosting#2160 |
It's probably because |
Not 100% sure that only admins can do that @skinny85. Being able to write webhooks is listed as an available scope within a Personal Access Token, as per this screenshot aws-amplify/amplify-hosting#2160 (comment) When I added the scope (permission) to create hooks to the Personal Access Token of the CI user, it still didn't work. I think it's a bug in Amplify, that instead of just using the OAuth scopes to do the task, it checks whether the user is an "admin" on the repo or not. I think Github uses that to show a tag on the users when they comment, rather than as a permission thing. Personally, I just gave up on trying to use Amplify SSR for my team's latest project, and gave the new App Runner service a shot. Up and running with CI/CD on the same day using Github Actions to run the CDK. I've used a Docker container, so I can easily switch to ECS/Fargate if I run into any problems with App Runner, plus it's really easy to test locally. The Github Action runs under a CI IAM user with a Permissions Boundary attached to reduce the potential of privilege escalation attacks from the CI pipeline. The IAM user is a static credential which is less than ideal, but I'll write a script to rotate that like this one I did for Circle CI a few years back: https://gist.github.com/a-h/b83249884e6e66ced90a5a777dac22a1 |
My issues was storing the GitHub PAT as a key/value pair in AWS Secrets manager, which then requires that you pass the json option to the This is what helped me: |
❓ General Issue
The Question
I'm trying to add an Amplify app via CDK but can't connect to GitHub with my Personal Access Token (repo scope).
I assume this is an access issue? However the access seems right to me. Am I using the plain text secret correctly? I also tried non-plain text but ran into different issues. For now, I'd just like to get it working as simple as possible.
Environment
Other information
The text was updated successfully, but these errors were encountered: