# Connecting to CI/CD pipelines
CI/CD pipeline integration enables AWS DevOps Agent to monitor deployments and correlate code changes with operational incidents during investigations. By connecting your CI/CD providers, the agent can track deployment events and associate them with AWS resources to help identify potential root causes during incident response.
AWS DevOps Agent supports integration with popular CI/CD platforms through a two-step process:
1. **Account-level registration** – Register your CI/CD provider once at the AWS account level
1. **Agent Space connection** – Connect specific projects or repositories to individual Agent Spaces based on your organizational needs
This approach allows you to share CI/CD provider registrations across multiple Agent Spaces while maintaining granular control over which projects are monitored by each space.
## Supported CI/CD providers
AWS DevOps Agent supports the following CI/CD platforms:
+ **GitHub** – Connect repositories from [GitHub.com](http://GitHub.com) using the AWS DevOps Agent GitHub app.
+ **GitLab** – Connect projects from [GitLab.com,](http://gitlab.com) managed GitLab instances, or publicly accessible self-hosted GitLab deployments.
**Topics**
+ [Connecting GitHub](connecting-to-cicd-pipelines-connecting-github.md)
+ [Connecting GitLab](connecting-to-cicd-pipelines-connecting-gitlab.md)
# Connecting GitHub
GitHub integration enables AWS DevOps Agent to access code repositories and receive deployment events during incident investigations. This integration follows a two-step process: account-level registration of GitHub, followed by connecting specific repositories to individual Agent Spaces.
AWS DevOps Agent supports both GitHub.com (SaaS) and GitHub Enterprise Server (self-hosted) instances.
## Prerequisites
Before connecting GitHub, ensure you have:
+ Access to the AWS DevOps Agent admin console
+ A GitHub user account or organization with admin permissions
+ Authorization to install GitHub apps in your account or organization
For GitHub Enterprise Server, you also need:
+ A GitHub Enterprise Server instance (version 3.x or later) accessible over HTTPS
+ The HTTPS URL of your GitHub Enterprise Server instance (for example, `https://github.example.com`)
+ (Optional) A private connection, if your GitHub Enterprise Server instance is not publicly accessible
## Registering GitHub (account-level)
GitHub is registered at the AWS account level and shared among all Agent Spaces in that account. You only need to register GitHub once per AWS account.
### Step 1: Navigate to pipeline providers
1. Sign in to the AWS Management Console
1. Navigate to the AWS DevOps Agent console
1. Go to the **Capabilities** tab
1. In the **Pipeline** section, click **Add**
1. Select **GitHub** from the list of available providers
If GitHub hasn't been registered yet, you'll be prompted to register it first.
### Step 2: Choose connection type
On the "Register GitHub Account / Organization" screen, select whether you're connecting as a user or organization:
+ **User** – Your personal GitHub account with a username and profile
+ **Organization** – A shared GitHub account where multiple people can collaborate across many projects at once
If you are connecting to a GitHub Enterprise Server instance, check the **Use GitHub Enterprise Server** checkbox and enter the HTTPS URL of your instance (for example, `https://github.example.com`).
If your GitHub Enterprise Server instance is not publicly accessible, you can optionally configure a private connection to allow AWS DevOps Agent to securely reach your instance. For more information, see [Connecting to privately hosted tools](configuring-capabilities-for-aws-devops-agent-connecting-to-privately-hosted-tools.md).
**Note**
** Do not include `/api/v3` or any trailing path in the URL — enter only the base URL.
### Step 3: Set up the GitHub App
Click **Submit** to begin the app setup process. The next steps differ depending on whether you are connecting to GitHub.com or GitHub Enterprise Server.
#### For GitHub.com
1. You'll be redirected to GitHub to install the AWS DevOps Agent GitHub app.
1. Select which account or organization to install the app in.
1. The app allows AWS DevOps Agent to receive events from connected repositories, including deployment events.
#### For GitHub Enterprise Server
GitHub Enterprise Server uses a GitHub App Manifest flow, which automatically sets up a new GitHub App on your instance. This involves two redirects to your GitHub Enterprise Server instance.
1. Your browser will be redirected to your GitHub Enterprise Server instance's "Create GitHub App" page.
1. You'll see the app name pre-filled. Feel free to change the name as needed. Click **Create GitHub App**.
1. You'll be redirected back to AWS DevOps Agent, which exchanges the manifest code for app credentials.
### Step 4: Select repositories and complete installation
1. You'll see the **Install & Authorize** page for the GitHub App.
1. Select which repositories to allow the app to access:
+ **All repositories** – Grant access to all current and future repositories
+ **Only select repositories** – Choose specific repositories from your account or organization
1. Click **Install & Authorize**.
1. You'll be redirected back to the AWS DevOps Agent console, where GitHub will appear as registered at the account level.
## Connecting repositories to an Agent Space
After registering GitHub at the account level, you can connect specific repositories to individual Agent Spaces:
1. In the AWS DevOps Agent console, select your Agent Space
1. Go to the **Capabilities** tab
1. In the **Pipeline** section, click **Add**
1. Select **GitHub** from the list of available providers
1. Select the subset of repositories relevant to this Agent Space
1. Click **Add** to complete the connection
You can connect different sets of repositories to different Agent Spaces based on your organizational needs.
## Understanding the GitHub app
The AWS DevOps Agent GitHub app:
+ Requests read-only access to your repositories
+ Receives deployment events and other repository events
+ Allows AWS DevOps Agent to correlate code changes with operational incidents
+ Can be uninstalled at any time through your GitHub settings
For GitHub Enterprise Server, the GitHub App is automatically created on your instance during registration. You can manage the app's repository access or uninstall it through **Settings > Applications > Installed GitHub Apps**. To delete the app definition entirely, go to **Settings > Developer settings > GitHub Apps**.
## Managing GitHub connections
+ **Updating repository access** – To change which repositories the GitHub app can access, go to your GitHub account or organization settings (or your GitHub Enterprise Server instance settings), navigate to installed GitHub apps, and modify the AWS DevOps Agent app configuration.
+ **Viewing connected repositories** – In the AWS DevOps Agent console, select your Agent Space and go to the Capabilities tab to view connected repositories in the Pipeline section.
+ **Removing GitHub connection** – To disconnect GitHub from an Agent Space, select the connection in the Pipeline section and click **Remove**. To uninstall the GitHub app completely, uninstall it from your GitHub account or organization settings. For GitHub Enterprise Server, because the GitHub App is created directly on your instance during registration, you can optionally clean up the app entirely by performing both of the following:
+ **Uninstall the app** – Go to **Settings > Applications > Installed GitHub Apps**, click **Configure** on the app, then uninstall it.
+ **Delete the app** – Go to **Settings > Developer settings > GitHub Apps**, select the app, go to the **Advanced** tab, and choose **Delete GitHub App**. **Warning:** Deleting the GitHub App is permanent and cannot be undone. If you delete it, you will need to re-register GitHub Enterprise Server from the beginning in the AWS DevOps Agent console to create a new app.
# Connecting GitLab
GitLab integration enables AWS DevOps Agent to monitor deployments from GitLab Pipelines to inform causal investigations during incident response. This integration follows a two-step process: account-level registration of GitLab, followed by connecting specific projects to individual Agent Spaces.
## Registering GitLab (account-level)
GitLab is registered at the AWS account level and shared among all Agent Spaces in that account. Individual Agent Spaces can then choose which specific projects apply to their Agent Space.
### Step 1: Navigate to pipeline providers
1. Sign in to the AWS Management Console
1. Navigate to the AWS DevOps Agent console
1. Go to the **Capability Providers** page (accessible from the side navigation)
1. Find **GitLab** in the **Available** providers section under **Pipeline** and click **Register**
### Step 2: Configure GitLab connection
On the GitLab registration page, configure the following:
**Connection type** – Select whether you're connecting as a person or a group:
+ **Personal** (default) – Your individual GitLab user account with a username and profile
+ **Group** – In GitLab, you use groups to manage one or more related projects at the same time
**GitLab instance type** – Choose which type of GitLab instance you're connecting to:
+ **GitLab.com** (default) – The public GitLab service
+ **Publicly accessible self-hosted GitLab** – Check the **Use GitLab self hosted endpoint** box and provide the URL to your GitLab instance
**Note**
** Currently, only publicly accessible GitLab instances are supported.
**Access token** – Provide a GitLab personal access token:
1. In a separate browser tab, log in to your GitLab account
1. Navigate to your user settings and select **Access Tokens**
1. Create a new personal access token with the following permissions:
+ `read_repository` – Required to access repository content
+ `read_virtual_registry` – Required to access virtual registry information
+ `read_registry` – Required to access registry information
+ `api` – Required for read and write API access
+ `self_rotate` - Required for rotating tokens. This feature is currently unsupported by AWS DevOps Agent but will be supported at a later date. Adding now prevents the need to create a new token in the future.
1. Set the token expiration to a maximum of 365 days from the current date
1. Copy the generated token
1. Return to the AWS DevOps Agent console
1. Paste the token into the "Access Token" field
### Step 3: Complete registration
**(Optional) Tags** – Add AWS tags to the GitLab registration for organizational purposes.
Click **Next** to review your configuration, then click **Submit** to complete the GitLab registration process. The system will validate your access token and establish the connection.
## Connecting projects to an Agent Space
After registering GitLab at the account level, you can connect specific projects to individual Agent Spaces:
1. In the AWS DevOps Agent console, select your Agent Space
1. Go to the **Capabilities** tab
1. In the **Pipeline** section, click **Add**
1. Select **GitLab** from the list of available providers
1. Select the GitLab projects relevant to your Agent Space
1. Click **Save**
AWS DevOps Agent will monitor these projects for deployments from GitLab Pipelines to inform causal investigations.
## Managing GitLab connections
+ **Updating access token** – If your access token expires or needs to be updated, you can update it in the AWS DevOps Agent console by modifying the GitLab registration at the account level.
+ **Viewing connected projects** – In the AWS DevOps Agent console, select your Agent Space and go to the Capabilities tab to view connected projects in the Pipeline section.
+ **Removing GitLab connection** – To disconnect GitLab projects from an Agent Space, select the connection in the Pipeline section and click **Remove**. To remove the GitLab registration completely, remove it from all Agent Spaces first, then delete the registration at the account level.