# Add third-party source providers to pipelines using CodeConnections
<a name="pipelines-connections"></a>

You can use the AWS CodePipeline console or the AWS CLI to connect your pipeline to third-party repositories.

**Note**  
When you use the console to create or edit a pipeline, the change detection resources are created for you. If you use the AWS CLI to create the pipeline, you must create the additional resources yourself. For more information, see [CodeCommit source actions and EventBridge](triggering.md).

**Topics**
+ [Azure DevOps connections](connections-azure.md)
+ [Bitbucket Cloud connections](connections-bitbucket.md)
+ [GitHub connections](connections-github.md)
+ [GitHub Enterprise Server connections](connections-ghes.md)
+ [GitLab.com connections](connections-gitlab.md)
+ [Connections for GitLab self-managed](connections-gitlab-managed.md)
+ [Use a connection shared with another account](connections-shared.md)

# Azure DevOps connections
<a name="connections-azure"></a>

Connections allow you to authorize and establish configurations that associate your third-party provider with your AWS resources. To associate your third-party repository as a source for your pipeline, you use a connection. 

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add an Azure DevOps source action in CodePipeline, you can choose either to: 
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **Azure DevOps** provider option. See [Create a connection to Bitbucket Cloud (console)](connections-bitbucket.md#connections-bitbucket-console) to add the action. The console helps you create a connections resource.
+ Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `Azure DevOps` provider as follows:
  + To create your connections resources, see [Create a connection to Azure DevOps (CLI)](#connections-azure-cli) to create a connections resource with the CLI.
  + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

Before you begin:
+ You must have created an account with the provider of the third-party repository, such as Azure DevOps
+ You must have already created a third-party code repository, such as an Azure DevOps repository.

**Note**  
Azure DevOps connections only provide access to repositories owned by the Azure DevOps account that was used to create the connection.  
To install the connection, you must have **Administer** permissions for the Azure account.

**Topics**
+ [Create a connection to Azure DevOps (console)](#connections-azure-console)
+ [Create a connection to Azure DevOps (CLI)](#connections-azure-cli)

## Create a connection to Azure DevOps (console)
<a name="connections-azure-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your Azure DevOps repository.

### Step 1: Create or edit your pipeline
<a name="connections-azure-console-action"></a>

**To create or edit your pipeline**

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source Provider**, choose **Azure DevOps**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **Azure DevOps**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to Azure DevOps**. Proceed to Step 2: Create a Connection to Azure DevOps.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection. Proceed to Step 3: Save the Source Action for Your Connection.

### Step 2: Create a connection to Azure DevOps
<a name="connections-azure-console-create"></a>

**To create a connection to Azure DevOps**

1. To create a connection to an Azure DevOps repository, under **Select a provider**, choose **Azure DevOps**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to Azure DevOps**, and proceed to Step 2.  
![\[Console screenshot showing connection option selected for Azure DevOps.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/create-connection-azure.png)

1. On the **Connect to Azure DevOps** settings page, your connection name displays.

   Under **Azure DevOps apps**, choose an app installation or choose **Install a new app** to create one.
**Note**  
You only install the app once for each Azure DevOps account. If you have already installed the connector app, choose it and move to the last step in this section.

1. If the login page for Microsoft displays, log in with your credentials and then choose to continue.

1. On the app installation page, a message shows that the connector app is trying to connect to your Azure DevOps account. 

   Choose **Grant access**.

1. On the connection page, the connection ID for your new installation is displayed. Choose **Connect**. The created connection displays in the connections list.

### Step 3: Save your Azure DevOps source action
<a name="connections-azure-console-save"></a>

Use these steps on the wizard or **Edit action** page to save your source action with your connection information.

**To complete and save your source action with your connection**

1. In **Repository name**, choose the name of your third-party repository.

1. Under **Pipeline triggers** you can add triggers if your action is anCodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the Azure DevOps action using the default method, choose **CodePipeline default**. The action accesses the files from the repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

     If you choose this option, you will need to update the permissions for your CodeBuild project service role as shown in [Add CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.com](troubleshooting.md#codebuild-role-connections).

1. Choose **Next** on the wizard or **Save** on the **Edit action** page.

## Create a connection to Azure DevOps (CLI)
<a name="connections-azure-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

**To create a connection**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `AzureDevOps` and the specified connection name is `MyConnection`.

   ```
   aws codeconnections create-connection --provider-type AzureDevOps --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
   }
   ```

1. Use the console to complete the connection. For more information, see [Update a pending connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-update.html).

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds Git tags to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# Bitbucket Cloud connections
<a name="connections-bitbucket"></a>

Connections allow you to authorize and establish configurations that associate your third-party provider with your AWS resources. To associate your third-party repository as a source for your pipeline, you use a connection. 

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add a Bitbucket Cloud source action in CodePipeline, you can choose either to: 
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **Bitbucket** provider option. See [Create a connection to Bitbucket Cloud (console)](#connections-bitbucket-console) to add the action. The console helps you create a connections resource.
**Note**  
You can create connections to a Bitbucket Cloud repository. Installed Bitbucket provider types, such as Bitbucket Server, are not supported. 
+ Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `Bitbucket` provider as follows:
  + To create your connections resources, see [Create a connection to Bitbucket Cloud (CLI)](#connections-bitbucket-cli) to create a connections resource with the CLI.
  + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

Before you begin:
+ You must have created an account with the provider of the third-party repository, such as Bitbucket Cloud.
+ You must have already created a third-party code repository, such as a Bitbucket Cloud repository.

**Note**  
Bitbucket Cloud connections only provide access to repositories owned by the Bitbucket Cloud account that was used to create the connection.  
If the application is being installed in a Bitbucket Cloud workspace, you need **Administer workspace** permissions. Otherwise, the option to install the app will not display.

**Topics**
+ [Create a connection to Bitbucket Cloud (console)](#connections-bitbucket-console)
+ [Create a connection to Bitbucket Cloud (CLI)](#connections-bitbucket-cli)

## Create a connection to Bitbucket Cloud (console)
<a name="connections-bitbucket-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your Bitbucket repository.

**Note**  
You can create connections to a Bitbucket Cloud repository. Installed Bitbucket provider types, such as Bitbucket Server, are not supported. 

### Step 1: Create or edit your pipeline
<a name="connections-bitbucket-console-action"></a>

**To create or edit your pipeline**

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source Provider**, choose **Bitbucket**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **Bitbucket**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to Bitbucket**. Proceed to Step 2: Create a Connection to Bitbucket.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection. Proceed to Step 3: Save the Source Action for Your Connection.

### Step 2: Create a connection to Bitbucket Cloud
<a name="connections-bitbucket-console-create"></a>

**To create a connection to Bitbucket Cloud**

1. On the **Connect to Bitbucket** settings page, enter your connection name and choose **Connect to Bitbucket**.  
![\[Console screenshot showing the Connect to Bitbucket button.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/create-connection-bitbucket.png)

   The **Bitbucket apps** field appears.

1. Under **Bitbucket apps**, choose an app installation or choose **Install a new app** to create one.
**Note**  
You only install the app once for each Bitbucket Cloud workspace or account. If you have already installed the Bitbucket app, choose it and move to step 4.  
![\[Console screenshot showing the Connect to Bitbucket Cloud dialog box, with the install new app button.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/newreview-source-wizard-bitbucket.png)

1. If the login page for Bitbucket Cloud displays, log in with your credentials and then choose to continue.

1. On the app installation page, a message shows that the AWS CodeStar app is trying to connect to your Bitbucket account. 

   If you are using a Bitbucket workspace, change the **Authorize for** option to the workspace. Only workspaces where you have administrator access will display.

   Choose **Grant access**.

1. In **Bitbucket apps**, the connection ID for your new installation is displayed. Choose **Connect**. The created connection displays in the connections list.  
![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/create-connection-bitbucket-app-ID.png)

### Step 3: Save your Bitbucket Cloud source action
<a name="connections-bitbucket-console-save"></a>

Use these steps on the wizard or **Edit action** page to save your source action with your connection information.

**To complete and save your source action with your connection**

1. In **Repository name**, choose the name of your third-party repository.

1. Under **Pipeline triggers** you can add triggers if your action is an CodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the Bitbucket Cloud action using the default method, choose **CodePipeline default**. The action accesses the files from the Bitbucket Cloud repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

     If you choose this option, you will need to update the permissions for your CodeBuild project service role as shown in [Add CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.com](troubleshooting.md#codebuild-role-connections).

1. Choose **Next** on the wizard or **Save** on the **Edit action** page.

## Create a connection to Bitbucket Cloud (CLI)
<a name="connections-bitbucket-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

**Note**  
You can create connections to a Bitbucket Cloud repository. Installed Bitbucket provider types, such as Bitbucket Server, are not supported. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

**To create a connection**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `Bitbucket` and the specified connection name is `MyConnection`.

   ```
   aws codestar-connections create-connection --provider-type Bitbucket --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
   }
   ```

1. Use the console to complete the connection. For more information, see [Update a pending connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-update.html).

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds Git tags to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# GitHub connections
<a name="connections-github"></a>

You use connections to authorize and establish configurations that associate your third-party provider with your AWS resources.

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add a source action for your GitHub or GitHub Enterprise Cloud repository in CodePipeline, you can choose either to:
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **GitHub (via GitHub App)** provider option. See [Create a connection to GitHub Enterprise Server (console)](connections-ghes.md#connections-ghes-console) to add the action. The console helps you create a connections resource.
**Note**  
For a tutorial that walks you through how to add a GitHub connection and use the **Full clone** option in your pipeline to clone metadata, see [Tutorial: Use full clone with a GitHub pipeline source](tutorials-github-gitclone.md).
+ Use the CLI to add the action configuration for the `CodeStarSourceConnection` action with the `GitHub` provider with the CLI steps shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

Before you begin:
+ You must have created an account with GitHub.
+ You must have already created a GitHub code repository.
+ If your CodePipeline service role was created before December 18, 2019, you might need to update its permissions to use `codestar-connections:UseConnection` for AWS CodeStar connections. For instructions, see [Add permissions to the CodePipeline service role](how-to-custom-role.md#how-to-update-role-new-services).

**Note**  
To create the connection, you must be the GitHub organization owner. For repositories that are not under an organization, you must be the repository owner.

**Topics**
+ [Create a connection to GitHub (console)](#connections-github-console)
+ [Create a connection to GitHub (CLI)](#connections-github-cli)

## Create a connection to GitHub (console)
<a name="connections-github-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your GitHub or GitHub Enterprise Cloud repository.

**Note**  
In these steps, you can select specific repositories under **Repository Access**. Any repositories that are not selected will not be accessible or visible by CodePipeline.

### Step 1: Create or edit your pipeline
<a name="connections-github-console-action"></a>

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source Provider**, choose **GitHub (via GitHub App)**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **GitHub (via GitHub App)**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to GitHub**. Proceed to Step 2: Create a Connection to GitHub.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection. Proceed to Step 3: Save the source action for your connection.

### Step 2: Create a connection to GitHub
<a name="connections-github-console-create"></a>

After you choose to create the connection, the **Connect to GitHub** page appears.

![\[Console screenshot showing the initial GitHub connection page.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/github-conn.png)


**To create a connection to GitHub**

1. Under **GitHub connection settings**, your connection name appears in **Connection name**. Choose **Connect to GitHub**. The access request page appears.

1. Choose **Authorize AWS Connector for GitHub**. The connection page displays and shows the **GitHub Apps** field.  
![\[Console screenshot showing the initial GitHub connection page with the GitHub Apps field.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/github-conn-access-app.png)

1. Under **GitHub Apps**, choose an app installation or choose **Install a new app** to create one.

   You install one app for all of your connections to a particular provider. If you have already installed the AWS Connector for GitHub app, choose it and skip this step.
**Note**  
If you want to create a [ user access token](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app), make sure that you've already installed the AWS Connector for GitHub app and then leave the App installation field empty. CodeConnections will use the user access token for the connection.

1. On the **Install AWS Connector for GitHub** page, choose the account where you want to install the app.
**Note**  
You only install the app once for each GitHub account. If you previously installed the app, you can choose **Configure** to proceed to a modification page for your app installation, or you can use the back button to return to the console.

1. On the **Install AWS Connector for GitHub** page, leave the defaults, and choose **Install**.

1. On the **Connect to GitHub** page, the connection ID for your new installation appears in **GitHub Apps**. Choose **Connect**.

### Step 3: Save your GitHub source action
<a name="connections-github-console-save"></a>

Use these steps on the **Edit action** page to save your source action with your connection information.

**To save your GitHub source action**

1. In **Repository name**, choose the name of your third-party repository. 

1. Under **Pipeline triggers** you can add triggers if your action is an CodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the GitHub action using the default method, choose **CodePipeline default**. The action accesses the files from the GitHub repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

     If you choose this option, you will need to update the permissions for your CodeBuild project service role as shown in [Add CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.com](troubleshooting.md#codebuild-role-connections). For a tutorial that shows you how to use the **Full clone** option, see [Tutorial: Use full clone with a GitHub pipeline source](tutorials-github-gitclone.md).

1. Choose **Next** on the wizard or **Save** on the **Edit action** page.

## Create a connection to GitHub (CLI)
<a name="connections-github-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

**To create a connection**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `GitHub` and the specified connection name is `MyConnection`.

   ```
   aws codestar-connections create-connection --provider-type GitHub --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
   }
   ```

1. Use the console to complete the connection. For more information, see [Update a pending connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-update.html). 

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# GitHub Enterprise Server connections
<a name="connections-ghes"></a>

Connections allow you to authorize and establish configurations that associate your third-party provider with your AWS resources. To associate your third-party repository as a source for your pipeline, you use a connection. 

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add a GitHub Enterprise Server source action in CodePipeline, you can choose either to: 
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **GitHub Enterprise Server** provider option. See [Create a connection to GitHub Enterprise Server (console)](#connections-ghes-console) to add the action. The console helps you create a host resource and a connections resource.
+ Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `GitHubEnterpriseServer` provider and create your resources:
  + To create your connections resources, see [Create a host and connection to GitHub Enterprise Server (CLI)](#connections-ghes-cli) to create a host resource and a connections resource with the CLI.
  + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

Before you begin:
+ You must have created an account with GitHub Enterprise Server and installed the GitHub Enterprise Server instance on your infrastructure.
**Note**  
Each VPC can only be associated with one host (GitHub Enterprise Server instance) at a time.
+ You must have already created a code repository with GitHub Enterprise Server.

**Topics**
+ [Create a connection to GitHub Enterprise Server (console)](#connections-ghes-console)
+ [Create a host and connection to GitHub Enterprise Server (CLI)](#connections-ghes-cli)

## Create a connection to GitHub Enterprise Server (console)
<a name="connections-ghes-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your GitHub Enterprise Server repository.

**Note**  
GitHub Enterprise Server connections only provide access to repositories owned by the GitHub Enterprise Server account that was used to create the connection.

**Before you begin:**

For a host connection to GitHub Enterprise Server, you must have completed the steps to create a host resource for your connection. See [Manage hosts for connections](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-hosts.html).

### Step 1: Create or edit your pipeline
<a name="connections-ghes-console-action"></a>

**To create or edit your pipeline**

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source provider**, choose **GitHub Enterprise Server**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **GitHub Enterprise Server**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to GitHub Enterprise Server**. Proceed to Step 2: Create a Connection to GitHub Enterprise Server.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection. Proceed to Step 3: Save the Source Action for Your Connection.

### Create a connection to GitHub Enterprise Server
<a name="connections-ghes-console-create"></a>

After you choose to create the connection, the **Connect to GitHub Enterprise Server** page is shown.

**Important**  
AWS CodeConnections does not support GitHub Enterprise Server version 2.22.0 due to a known issue in the release. To connect, upgrade to version 2.22.1 or the latest available version.

**To connect to GitHub Enterprise Server**

1. In **Connection name**, enter the name for your connection.

1. In **URL**, enter the endpoint for your server.
**Note**  
If the provided URL has already been used to set up a GitHub Enterprise Server for a connection, you will be prompted to choose the host resource ARN that was created previously for that endpoint.

1. If you have launched your server into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the following.

   1. In **VPC ID**, choose your VPC ID. Make sure to choose the VPC for the infrastructure where your GitHub Enterprise Server instance is installed or a VPC with access to your GitHub Enterprise Server instance through VPN or Direct Connect.

   1. Under **Subnet ID**, choose **Add**. In the field, choose the subnet ID you want to use for your host. You can choose up to 10 subnets.

      Make sure to choose the subnet for the infrastructure where your GitHub Enterprise Server instance is installed or a subnet with access to your installed GitHub Enterprise Server instance through VPN or Direct Connect.

   1. Under **Security group IDs**, choose **Add**. In the field, choose the security group you want to use for your host. You can choose up to 10 security groups.

      Make sure to choose the security group for the infrastructure where your GitHub Enterprise Server instance is installed or a security group with access to your installed GitHub Enterprise Server instance through VPN or Direct Connect.

   1. If you have a private VPC configured, and you have configured your GitHub Enterprise Server instance to perform TLS validation using a non-public certificate authority, in **TLS certificate**, enter your certificate ID. The TLS Certificate value should be the public key of the certificate.  
![\[Console screenshot showing create GitHub Enterprise Server connection page for VPC options.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/connections-create-ghes-screen-vpc.png)

1. Choose **Connect to GitHub Enterprise Server**. The created connection is shown with a **Pending** status. A host resource is created for the connection with the server information you provided. For the host name, the URL is used.

1. Choose **Update pending connection.**

1. If prompted, on the GitHub Enterprise login page, sign in with your GitHub Enterprise credentials.

1. On the **Create GitHub App** page, choose a name for your app.

1. On the GitHub authorization page, choose **Authorize <app-name>**.

1. On the app installation page, a message shows that the connector app is ready to be installed. If you have multiple organizations, you might be prompted to choose the organization where you want to install the app. 

   Choose the repository settings where you want to install the app. Choose **Install**.

1. The connection page shows the created connection in an **Available** status.

### Step 3: Save your GitHub Enterprise Server source action
<a name="connections-ghes-console-save"></a>

Use these steps on the wizard or **Edit action** page to save your source action with your connection information.

**To complete and save your source action with your connection**

1. In **Repository name**, choose the name of your third-party repository.

1. Under **Pipeline triggers** you can add triggers if your action is an CodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the GitHub Enterprise Server action using the default method, choose **CodePipeline default**. The action accesses the files from the GitHub Enterprise Server repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

1. Choose **Next** on the wizard or **Save** on the **Edit action** page.

## Create a host and connection to GitHub Enterprise Server (CLI)
<a name="connections-ghes-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

You can use the AWS Command Line Interface (AWS CLI) to create a host for installed connections. 

**Note**  
You only create a host once per GitHub Enterprise Server account. All of your connections to a specific GitHub Enterprise Server account will use the same host.

You use a host to represent the endpoint for the infrastructure where your third-party provider is installed. After you complete the host creation with the CLI, the host is in **Pending** status. You then set up, or register, the host to move it to an **Available** status. After the host is available, you complete the steps to create a connection.

To do this, use the **create-host** command. 

**Important**  
A host created through the AWS CLI is in `Pending` status by default. After you create a host with the CLI, use the console or the CLI to set up the host to make its status `Available`.

**To create a host**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-host** command, specifying the `--name`, `--provider-type`, and `--provider-endpoint` for your connection. In this example, the third-party provider name is `GitHubEnterpriseServer` and the endpoint is `my-instance.dev`.

   ```
   aws codestar-connections create-host --name MyHost --provider-type GitHubEnterpriseServer --provider-endpoint "https://my-instance.dev"
   ```

   If successful, this command returns the host Amazon Resource Name (ARN) information similar to the following.

   ```
   {
       "HostArn": "arn:aws:codestar-connections:us-west-2:account_id:host/My-Host-28aef605"
   }
   ```

   After this step, the host is in `PENDING` status.

1. Use the console to complete the host setup and move the host to an `Available` status.

**To create a connection to GitHub Enterprise Server**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--host-arn` and `--connection-name` for your connection.

   ```
   aws codestar-connections create-connection --host-arn arn:aws:codestar-connections:us-west-2:account_id:host/MyHost-234EXAMPLE --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad"
   }
   ```

1. Use the console to set up the pending connection.

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# GitLab.com connections
<a name="connections-gitlab"></a>

Connections allow you to authorize and establish configurations that associate your third-party provider with your AWS resources. To associate your third-party repository as a source for your pipeline, you use a connection. 

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add a GitLab.com source action in CodePipeline, you can choose either to: 
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **GitLab** provider option. See [Create a connection to GitLab.com (console)](#connections-gitlab-console) to add the action. The console helps you create a connections resource.
+ Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `GitLab` provider as follows:
  + To create your connections resources, see [Create a connection to GitLab.com (CLI)](#connections-gitlab-cli) to create a connections resource with the CLI.
  + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

**Note**  
By authorizing this connection installation in GitLab.com, you grant our service permissions to process your data by accessing your account, and you can revoke the permissions at any time by uninstalling the application.

Before you begin:
+ You must have already created an account with GitLab.com.
**Note**  
Connections only provide access to repositories owned by the account that was used to create and authorize the connection. 
**Note**  
You can create connections to a repository where you have the **Owner** role in GitLab, and then the connection can be used with the repository with resources such as CodePipeline. For repositories in groups, you do not need to be the group owner.
+ To specify a source for your pipeline, you must have already created a repository on gitlab.com.

**Topics**
+ [Create a connection to GitLab.com (console)](#connections-gitlab-console)
+ [Create a connection to GitLab.com (CLI)](#connections-gitlab-cli)

## Create a connection to GitLab.com (console)
<a name="connections-gitlab-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your project (repository) in GitLab.

**To create or edit your pipeline**

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source Provider**, choose **GitLab**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **GitLab**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to GitLab**. Proceed to step 4 to create the connection.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection. Proceed to step 9.
**Note**  
If you close the pop-up window before a GitLab.com connection is created, you need to refresh the page.

1. To create a connection to a GitLab.com repository, under **Select a provider**, choose **GitLab**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to GitLab**.  
![\[Console screenshot showing connection option selected for GitLab.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/connections-create-gitlab.png)

1. When the sign-in page for GitLab.com displays, log in with your credentials, and then choose **Sign in**.

1. If this is your first time authorizing the connection, an authorization page displays with a message requesting authorization for the connection to access your GitLab.com account.

   Choose **Authorize**.  
![\[Screenshot showing the message to authorize the connection for your GitLab.com account.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/gitlab-authorization.png)

1. The browser returns to the connections console page. Under **Create GitLab connection**, the new connection is shown in **Connection name**.

1. Choose **Connect to GitLab**.

   You will be returned to the CodePipeline console.
**Note**  
After a GitLab.com connection is successfully created, a success banner will be displayed on the main window.   
 If you have not previously logged in to GitLab on the current machine, you will need to manually close the pop-up window.

1. In **Repository name**, choose the name of your project in GitLab by specifying the project path with the namespace. For example, for a group-level repository, enter the repository name in the following format: `group-name/repository-name`. For more information about the path and namespace, see the `path_with_namespace` field in [https://docs.gitlab.com/ee/api/projects.html\$1get-single-project](https://docs.gitlab.com/ee/api/projects.html#get-single-project). For more information about the namespace in GitLab, see [https://docs.gitlab.com/ee/user/namespace/](https://docs.gitlab.com/ee/user/namespace/).
**Note**  
For groups in GitLab, you must manually specify the project path with the namespace. For example, for a repository named `myrepo` in a group `mygroup`, enter the following: `mygroup/myrepo`. You can find the project path with the namespace in the URL in GitLab.

1. Under **Pipeline triggers** you can add triggers if your action is an CodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Branch name**, choose the branch where you want your pipeline to detect source changes.
**Note**  
If the branch name does not populate automatically, then you do not have **Owner** access to the repository. Either the project name is not valid, or the connection used doesn't have access to the project/repository.

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the GitLab.com action using the default method, choose **CodePipeline default**. The action accesses the files from the GitLab.com repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

     If you choose this option, you will need to update the permissions for your CodeBuild project service role as shown in [Add CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.com](troubleshooting.md#codebuild-role-connections). For a tutorial that shows you how to use the **Full clone** option, see [Tutorial: Use full clone with a GitHub pipeline source](tutorials-github-gitclone.md).

1. Choose to save the source action and continue.

## Create a connection to GitLab.com (CLI)
<a name="connections-gitlab-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

**To create a connection**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `GitLab` and the specified connection name is `MyConnection`.

   ```
   aws codestar-connections create-connection --provider-type GitLab --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
   }
   ```

1. Use the console to complete the connection. For more information, see [Update a pending connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-update.html).

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# Connections for GitLab self-managed
<a name="connections-gitlab-managed"></a>

Connections allow you to authorize and establish configurations that associate your third-party provider with your AWS resources. To associate your third-party repository as a source for your pipeline, you use a connection. 

**Note**  
Instead of creating or using an existing connection in your account, you can use a shared connection between another AWS account. See [Use a connection shared with another account](connections-shared.md).

**Note**  
This feature is not available in the Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Osaka), Africa (Cape Town), Middle East (Bahrain), Middle East (UAE), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), or AWS GovCloud (US-West) Regions. To reference other available actions, see [Product and service integrations with CodePipeline](integrations.md). For considerations with this action in the Europe (Milan) Region, see the note in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md).

To add a GitLab self-managed source action in CodePipeline, you can choose either to: 
+ Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **GitLab self-managed** provider option. See [Create a connection to GitLab self-managed (console)](#connections-gitlab-managed-console) to add the action. The console helps you create a host resource and a connections resource.
+ Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `GitLabSelfManaged` provider and create your resources:
  + To create your connections resources, see [Create a host and connection to GitLab self-managed (CLI)](#connections-gitlab-managed-cli) to create a host resource and a connections resource with the CLI.
  + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline (CLI)](pipelines-create.md#pipelines-create-cli).

**Note**  
You can also create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).

Before you begin:
+ You must have already created an account with GitLab and have GitLab Enterprise Edition or GitLab Community Edition with a self-managed installation. For more information, see [https://docs.gitlab.com/ee/subscriptions/self\$1managed/](https://docs.gitlab.com/ee/subscriptions/self_managed/).
**Note**  
Connections only provide access for the account that was used to create and authorize the connection. 
**Note**  
You can create connections to a repository where you have the **Owner** role in GitLab, and then the connection can be used with with resources such as CodePipeline. For repositories in groups, you do not need to be the group owner.
+ You must have already created a GitLab personal access token (PAT) with the following scoped-down permission only: api. For more information, see [https://docs.gitlab.com/ee/user/profile/personal\$1access\$1tokens.html](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). You must be an administrator to create and use the PAT.
**Note**  
Your PAT is used to authorize the host and is not otherwise stored or used by connections. To set up a host, you can create a temporary PAT and then after you set up the host, you can delete the PAT.
+ You can choose to set up your host ahead of time. You can set up a host with or without a VPC. For details about VPC configuration and additional information about creating a host, see [Create a host](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-host-create.html).

**Topics**
+ [Create a connection to GitLab self-managed (console)](#connections-gitlab-managed-console)
+ [Create a host and connection to GitLab self-managed (CLI)](#connections-gitlab-managed-cli)

## Create a connection to GitLab self-managed (console)
<a name="connections-gitlab-managed-console"></a>

Use these steps to use the CodePipeline console to add a connections action for your GitLab self-managedr repository.

**Note**  
GitLab self-managed connections only provide access to repositories owned by the GitLab self-managed account that was used to create the connection.

**Before you begin:**

For a host connection to GitLab self-managed, you must have completed the steps to create a host resource for your connection. See [Manage hosts for connections](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-hosts.html).

### Step 1: Create or edit your pipeline
<a name="connections-gitlab-managed-console-action"></a>

**To create or edit your pipeline**

1. Sign in to the CodePipeline console.

1. Choose one of the following.
   + Choose to create a pipeline. Follow the steps in *Create a Pipeline* to complete the first screen and choose **Next**. On the **Source** page, under **Source provider**, choose **GitLab self-managed**.
   + Choose to edit an existing pipeline. Choose **Edit**, and then choose **Edit stage**. Choose to add or edit your source action. On the **Edit action** page, under **Action name**, enter the name for your action. In **Action provider**, choose **GitLab self-managed**.

1. Do one of the following:
   + Under **Connection**, if you have not already created a connection to your provider, choose **Connect to GitLab self-managed**. Proceed to Step 2: Create a Connection to GitLab self-managed.
   + Under **Connection**, if you have already created a connection to your provider, choose the connection, and then proceed to Step 3: Save your GitLab self-managed source action.

### Step 2: Create a connection to GitLab self-managed
<a name="connections-gitlab-managed-console-create"></a>

After you choose to create the connection, the **Connect to GitLab self-managed** page is shown.

**To connect to GitLab self-managed**

1. In **Connection name**, enter the name for your connection.

1. In **URL**, enter the endpoint for your server.
**Note**  
If the provided URL has already been used to set up a host for a connection, you will be prompted to choose the host resource ARN that was created previously for that endpoint.

1. If you have launched your server into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the information for the VPC.

1. Choose **Connect to GitLab self-managed**. The created connection is shown with a **Pending** status. A host resource is created for the connection with the server information you provided. For the host name, the URL is used.

1. Choose **Update pending connection**. 

1. If a page opens with a redirect message confirming that you want to continue to the provider, choose **Continue**. Enter the authorization for the provider.

1. A **Set up *host\$1name*** page displays. In **Provide personal access token**, provide your GitLab PAT with the following scoped-down permission only: `api`.
**Note**  
Only an administrator can create and use the PAT.

   Choose **Continue**.  
![\[Console screenshot showing GitLab self-managed personal access token entry for the new host\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/connections-create-glsm-pat.png)

1. The connection page shows the created connection in an **Available** status.

### Step 3: Save your GitLab self-managed source action
<a name="connections-gitlab-managed-console-save"></a>

Use these steps on the wizard or **Edit action** page to save your source action with your connection information.

**To complete and save your source action with your connection**

1. In **Repository name**, choose the name of your third-party repository.

1. Under **Pipeline triggers** you can add triggers if your action is an CodeConnections action. To configure the pipeline trigger configuration and to optionally filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md).

1. In **Output artifact format**, you must choose the format for your artifacts. 
   + To store output artifacts from the GitLab self-managed action using the default method, choose **CodePipeline default**. The action accesses the files from the repository and stores the artifacts in a ZIP file in the pipeline artifact store.
   + To store a JSON file that contains a URL reference to the repository so that downstream actions can perform Git commands directly, choose **Full clone**. This option can only be used by CodeBuild downstream actions.

1. Choose **Next** on the wizard or **Save** on the **Edit action** page.

## Create a host and connection to GitLab self-managed (CLI)
<a name="connections-gitlab-managed-cli"></a>

You can use the AWS Command Line Interface (AWS CLI) to create a connection. 

To do this, use the **create-connection** command. 

**Important**  
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.

You can use the AWS Command Line Interface (AWS CLI) to create a host for installed connections. 

You use a host to represent the endpoint for the infrastructure where your third-party provider is installed. After you complete the host creation with the CLI, the host is in **Pending** status. You then set up, or register, the host to move it to an **Available** status. After the host is available, you complete the steps to create a connection.

To do this, use the **create-host** command. 

**Important**  
A host created through the AWS CLI is in `Pending` status by default. After you create a host with the CLI, use the console or the CLI to set up the host to make its status `Available`.

**To create a host**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-host** command, specifying the `--name`, `--provider-type`, and `--provider-endpoint` for your connection. In this example, the third-party provider name is `GitLabSelfManaged` and the endpoint is `my-instance.dev`.

   ```
   aws codestar-connections create-host --name MyHost --provider-type GitLabSelfManaged --provider-endpoint "https://my-instance.dev"
   ```

   If successful, this command returns the host Amazon Resource Name (ARN) information similar to the following.

   ```
   {
       "HostArn": "arn:aws:codestar-connections:us-west-2:account_id:host/My-Host-28aef605"
   }
   ```

   After this step, the host is in `PENDING` status.

1. Use the console to complete the host setup and move the host to an `Available` status.

**To create a connection to GitLab self-managed**

1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--host-arn` and `--connection-name` for your connection.

   ```
   aws codestar-connections create-connection --host-arn arn:aws:codestar-connections:us-west-2:account_id:host/MyHost-234EXAMPLE --connection-name MyConnection
   ```

   If successful, this command returns the connection ARN information similar to the following.

   ```
   {
       "ConnectionArn": "arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad"
   }
   ```

1. Use the console to set up the pending connection.

1. The pipeline defaults to detect changes on code push to the connection source repository. To configure the pipeline trigger configuration for manual release or for Git tags, do one of the following:
   + To configure the pipeline trigger configuration to start with a manual release only, add the following line to the configuration: 

     ```
     "DetectChanges": "false",
     ```
   + To configure the pipeline trigger configuration to filter with triggers, see more details in [Add trigger with code push or pull request event types](pipelines-filter.md). For example, the following adds to the pipeline level of the pipeline JSON definition. In this example, `release-v0` and `release-v1` are the Git tags to include, and `release-v2` is the Git tag to exclude.

     ```
     "triggers": [
                 {
                     "providerType": "CodeStarSourceConnection",
                     "gitConfiguration": {
                         "sourceActionName": "Source",
                         "push": [
                             {
                                 "tags": {
                                     "includes": [
                                         "release-v0", "release-v1"
                                     ],
                                     "excludes": [
                                         "release-v2"
                                     ]
                                 }
                             }
                         ]
                     }
                 }
             ]
     ```

# Use a connection shared with another account
<a name="connections-shared"></a>

You can create and manage a shared connection using AWS RAM. This allows connections to be shared between AWS accounts for access to third-party repositories. This allows a single connection to be used in CodePipeline pipelines across accounts while reducing the need for users to manage and administer separate connections in each account.

To use shared connections in CodePipeline, do the following. 
+ Create a connection using the Developer Tools console under **Settings**. See [Create a Connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html).
+ Set up the resource share using AWS RAM. See [Share connections with AWS accounts](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-share.html).
+ When you use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the connection provider, such as the **Bitbucket** provider option, you can choose the connection that has been shared with the target account.