As of November 7, 2025, you can't create new repository associations in Amazon CodeGuru Reviewer. To learn about services with capabilities similar to CodeGuru Reviewer, see [Amazon CodeGuru Reviewer availability change](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/codeguru-reviewer-availability-change.html). # Working with repository associations in Amazon CodeGuru Reviewer Working with repository associations Amazon CodeGuru Reviewer requires a repository that contains the source code you want it to review. To add a repository with your source code to CodeGuru Reviewer, you create a *repository association*. Immediately after you create the repository association, its status is **Associating**. A repository association with this status is doing the following. + Setting up pull request notifications. This is required for pull requests to initiate a CodeGuru Reviewer review. For GitHub, GitHub Enterprise Server, and Bitbucket repositories, the notifications are webhooks created in your repository to initiate CodeGuru Reviewer reviews. If you delete these webhooks, reviews of code in your repository cannot be initiated. + Setting up source code access. This is required for CodeGuru Reviewer to securely clone the code in your repository. When the pull request notifications, source code access, and creation of required permissions are complete, the status changes to **Associated**. The association is now complete and CodeGuru Reviewer performs its first full scan of the repository. You can later create incremental code reviews or full repository analysis code reviews to get recommendations. For more information, see [About full repository analysis and incremental code reviews](repository-analysis-vs-pull-request.md). CodeGuru Reviewer supports associations with repositories from the following source providers: + AWS CodeCommit + Bitbucket + GitHub and GitHub Enterprise Cloud (These are listed together because you work with them identically using CodeGuru Reviewer.) + GitHub Enterprise Server **Note** The source code reviewed by CodeGuru Reviewer is not stored. For more information, see [Captured data in CodeGuru Reviewer](data-protection.md#data-captured). **Topics** + [ # Create an AWS CodeCommit repository association in Amazon CodeGuru Reviewer ](create-codecommit-association.md) + [ # Create a Bitbucket repository association in Amazon CodeGuru Reviewer ](create-bitbucket-association.md) + [ # Create a GitHub or GitHub Enterprise Cloud repository association in Amazon CodeGuru Reviewer ](create-github-association.md) + [ # Create a GitHub Enterprise Server repository association in Amazon CodeGuru Reviewer ](create-github-enterprise-association.md) + [ # View all repository associations in CodeGuru Reviewer ](repository-association-view-all.md) + [ # Disassociate a repository in CodeGuru Reviewer ](disassociate-repository-association.md) + [ # Encrypting a repository association in Amazon CodeGuru Reviewer ](encrypt-repository-association.md) + [ # Tagging a repository association in Amazon CodeGuru Reviewer ](tag-repository-association.md) # Create an AWS CodeCommit repository association in Amazon CodeGuru Reviewer Create a CodeCommit repository association You can create an AWS CodeCommit repository association using the Amazon CodeGuru Reviewer console, the AWS CodeCommit console, the AWS CLI, or the CodeGuru Reviewer SDK. Before you create a CodeCommit repository association, you must have a CodeCommit repository in the same AWS account and Region in which you want your CodeGuru Reviewer code reviews. For more information, see [Create an AWS CodeCommit repository](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-create-repository.html) in the *AWS CodeCommit User Guide*. **Topics** + [ ## Create a CodeCommit repository association (CodeGuru Reviewer console) ](#create-codecommit-association-console) + [ ## Create a CodeCommit repository association (CodeCommit console) ](#create-codecommit-association-other-console) + [ ## Create a CodeCommit repository association (AWS CLI) ](#create-codecommit-association-cli) + [ ## Create a CodeCommit repository association (AWS SDKs) ](#create-codecommit-association-sdk) ## Create a CodeCommit repository association (CodeGuru Reviewer console) Create an CodeCommit repository association (console) **To create a CodeCommit repository association** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Choose **Associate repository and run analysis**. 1. Choose **AWS CodeCommit**. 1. From **Repository location**, choose the name of your CodeCommit repository that contains the source code you want CodeGuru Reviewer to analyze. 1. (Optional) Expand **Encryption key - optional** to use your own AWS Key Management Service key (KMS key) to encrypt your associated repository. For more information, see [Encrypting a repository association in Amazon CodeGuru Reviewer](encrypt-repository-association.md). 1. Select **Customize encryption settings (advanced)**. 1. Do one of the following: + If you already have a KMS key that you manage, enter its Amazon Resource Name (ARN). For information about finding the ARN of your key using the console, see [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) in the *AWS Key Management Service Developer Guide*. + If you want to create a KMS key, choose **Create an AWS KMS key** and follow the steps in the AWS KMS console. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. 1. In **Run a repository analysis**, specify information for your associated repository's first full scan. This scan generates your repository's initial code review. For more information, see [Get recommendations using full repository analysis](create-code-reviews.md#get-repository-scan). 1. From **Source branch**, choose the branch to use. 1. (Optional) In **Code review name**, type a name for your code review. 1. (Optional) Expand **Analysis configuration file - optional** to download a sample `aws-codeguru-reviewer.yml` file to use as a template. Modify the file and upload it to the root directory of your repository. For more information about the analysis configuration file, see [Suppress recommendations](recommendation-suppression.md). ![\[The Run a repository analysis section with settings and sample YAML file information.\]](http://docs.aws.amazon.com/codeguru/latest/reviewer-ug/images/run-repo-analysis-config-file.png) 1. (Optional) Expand **Tags** to add one or more tags to your repository association. For more information, see [Tagging a repository association in Amazon CodeGuru Reviewer](tag-repository-association.md). 1. Choose **Add new tag**. 1. In **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. 1. (Optional) To add another tag, choose **Add new tag**. 1. Choose **Associate repository and run analysis**. On the **Repositories** page, the **Status** is **Associating**. When the association is complete, the status changes to **Associated** and a full repository analysis begins. Refresh the page to check for the status change. ## Create a CodeCommit repository association (CodeCommit console) You can [connect to CodeGuru Reviewer directly from the CodeCommit console.](https://docs.aws.amazon.com//codecommit/latest/userguide/how-to-amazon-codeguru-reviewer.html#how-to-amazon-codeguru-reviewer-associate) This allows you to create a CodeCommit repository association with CodeGuru Reviewer without leaving your CodeCommit repository context. ## Create a CodeCommit repository association (AWS CLI) Create a CodeCommit repository association (AWS CLI) For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section of the AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html). **To create a CodeCommit repository association** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews and in which your CodeCommit repository exists. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **associate-repository** command specifying the name of the CodeCommit repository you want to associate. ``` aws codeguru-reviewer associate-repository --repository CodeCommit={Name=my-codecommit-repo} ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-codecommit-repo", "LastUpdatedTimeStamp": 1595634764.029, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1595634764.029, "Owner": "123456789012", "State": "Associating", "StateReason": "Pending Repository Association", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", } } ``` 1. When the **associate-repository** command succeeds, the status in the returned output is **Associating**. When the association is complete, the status changes to **Associated** and you can create a pull request or a full repository analysis to get recommendations. You can check your repository association's status using the `describe-repository` command with its Amazon Resource Name (ARN). ``` aws codeguru-reviewer describe-repository-association --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object which shows its status. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-codecommit-repo", "LastUpdatedTimeStamp": 1595634764.029, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1595634764.029, "Owner": "123456789012", "State": "Associated", "StateReason": ""Pull Request Notification configuration successful", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid" } } ``` ## Create a CodeCommit repository association (AWS SDKs) Create a CodeCommit repository association (AWS SDKs) To create a CodeCommit repository association with the AWS SDKs, use the `AssociateRepository` API. For more information, see [AssociateRepository](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_AssociateRepository.html) in the *Amazon CodeGuru Reviewer API Reference*. # Create a Bitbucket repository association in Amazon CodeGuru Reviewer Create a Bitbucket repository association You can create a Bitbucket repository association using the Amazon CodeGuru Reviewer console, the AWS CLI, or the CodeGuru Reviewer SDK. Before you create a Bitbucket repository association, you must have a Bitbucket repository and you must create a connection to it using the Developer Tools console. For more information, see [Create a connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html) in the *Developer Tools User Guide*. For information about creating a Bitbucket repository, see [Create a Git repository](https://support.atlassian.com/bitbucket-cloud/docs/create-a-git-repository/) on the Bitbucket website. **Topics** + [ ## Create a Bitbucket repository association (console) ](#create-bitbucket-association-console) + [ ## Create a Bitbucket repository association (AWS CLI) ](#create-bitbucket-association-cli) + [ ## Create a Bitbucket repository association (AWS SDKs) ](#create-bitbucket-association-sdk) ## Create a Bitbucket repository association (console) Create an AWS CodeCommit repository association (console) **To create a Bitbucket repository association** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Choose **Associate repository and run analysis**. 1. Choose **Bitbucket**. 1. From **Connect to Bitbucket (with CodeConnections)**, choose the connection you want to use. If you don't have a connection, choose **Create a Bitbucket connection** to create one in the Developer Tools console. For more information, see [Create a connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html) in the *Developer Tools User Guide*. 1. From **Repository location**, choose the name of your Bitbucket repository that contains the source code you want CodeGuru Reviewer to analyze. 1. (Optional) Expand **Encryption key - optional** to use your own AWS Key Management Service key (KMS key) to encrypt your associated repository. For more information, see [Encrypting a repository association in Amazon CodeGuru Reviewer](encrypt-repository-association.md). 1. Select **Customize encryption settings (advanced)**. 1. Do one of the following: + If you already have a KMS key that you manage, enter its Amazon Resource Name (ARN). For information about finding the ARN of your key using the console, see [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) in the *AWS Key Management Service Developer Guide*. + If you want to create a KMS key, choose **Create an AWS KMS key** and follow the steps in the AWS KMS console. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. 1. In **Run a repository analysis**, specify information for your associated repository's first full scan. This scan generates your repository's initial code review. For more information, see [Get recommendations using full repository analysis](create-code-reviews.md#get-repository-scan). 1. From **Source branch**, choose the branch to use. 1. (Optional) In **Code review name**, type a name for your code review. 1. (Optional) Expand **Analysis configuration file - optional** to download a sample `aws-codeguru-reviewer.yml` file to use as a template. Modify the file and upload it to the root directory of your repository. For more information about the analysis configuration file, see [Suppress recommendations](recommendation-suppression.md). ![\[The Run a repository analysis section with settings and sample YAML file information.\]](http://docs.aws.amazon.com/codeguru/latest/reviewer-ug/images/run-repo-analysis-config-file.png) 1. (Optional) Expand **Tags** to add one or more tags to your repository association. For more information, see [Tagging a repository association in Amazon CodeGuru Reviewer](tag-repository-association.md). 1. Choose **Add new tag**. 1. In **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. 1. (Optional) To add another tag, choose **Add new tag**. 1. Choose **Associate repository and run analysis**. On the **Repositories** page, the **Status** is **Associating**. When the association is complete, the status changes to **Associated** and a full repository analysis begins. Refresh the page to check for the status change. ## Create a Bitbucket repository association (AWS CLI) Create a Bitbucket repository association (AWS CLI) For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section of the AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html) **To create a Bitbucket repository association** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **associate-repository** command specifying the owner (or user name) of your Bitbucket account, the name of your repository, and the Amazon Resource Name (ARN) of your connection. ``` aws codeguru-reviewer associate-repository --repository Bitbucket="{Owner=bitbucket-user-name, Name=repository-name, \ ConnectionArn=arn:aws:codeconnections:us-west-2:123456789012:connection/repository-uuid }" ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object. ``` { "RepositoryAssociation": { "ProviderType": "Bitbucket", "Name": "repository-name", "LastUpdatedTimeStamp": 1595886585.96, "AssociationId": "repository_association_uuid", "CreatedTimeStamp": 1595886585.96, "ConnectionArn": "arn:aws:codeconnections:us-west-2:123456789012:connection/connection_uuid", "State": "Associating", "StateReason": "Pending Repository Association", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", "Owner": "bitbucket-user-name" } } ``` 1. When the **associate-repository** command succeeds, the status in the returned output is **Associating**. When the association is complete, the status changes to **Associated** and you can create a pull request or a full repository analysis to get recommendations. You can check your repository association's status using the `describe-repository` command with its Amazon Resource Name (ARN). ``` aws codeguru-reviewer describe-repository-association --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object which shows its status. ``` { "RepositoryAssociation": { "ProviderType": "Bitbucket", "Name": "repository-name", "LastUpdatedTimeStamp": 1595886585.96, "AssociationId": "repository_association_uuid", "CreatedTimeStamp": 1595886585.96, "ConnectionArn": "arn:aws:codeconnections:us-west-2:123456789012:connection/connection_uuid", "State": "Associated", "StateReason": ""Pull Request Notification configuration successful", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", "Owner": "bitbucket-user-name" } } ``` ## Create a Bitbucket repository association (AWS SDKs) Create a Bitbucket repository association (AWS SDKs) To create a Bitbucket repository association with the AWS SDKs, use the `AssociateRepository` API. For more information, see [AssociateRepository](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_AssociateRepository.html) in the *Amazon CodeGuru Reviewer API Reference*. # Create a GitHub or GitHub Enterprise Cloud repository association in Amazon CodeGuru Reviewer Create a GitHub or GitHub Enterprise Cloud repository association You can create a GitHub or GitHub Enterprise Cloud repository association using the Amazon CodeGuru Reviewer console. You cannot create a GitHub or GitHub Enterprise Cloud repository association using the AWS CLI or the CodeGuru Reviewer SDK. Before you create a GitHub or GitHub Enterprise Cloud repository association, you must have a GitHub or GitHub Enterprise Cloud repository. **Note** We recommend creating a new GitHub user (for example, *MyCodeGuruUser*) and using that user to provide CodeGuru Reviewer with access to your GitHub repositories. This ensures that CodeGuru Reviewer posts comments on behalf of a unique user. This helps avoid confusion and make the account more transferable, so that it doesn't belong to a single person who might not always be available to maintain it. **To create a GitHub repository association** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Choose **Associate repository and run analysis**. 1. Choose **GitHub or GitHub Enterprise Cloud**. 1. If you are not connected to GitHub, choose **Connect to GitHub or GitHub Enterprise Cloud** and follow the prompts to connect. 1. From **Repository location**, choose the name of your GitHub repository that contains the source code you want CodeGuru Reviewer to analyze. 1. (Optional) Expand **Encryption key - optional** to use your own AWS Key Management Service key (KMS key) to encrypt your associated repository. For more information, see [Encrypting a repository association in Amazon CodeGuru Reviewer](encrypt-repository-association.md). 1. Select **Customize encryption settings (advanced)**. 1. Do one of the following: + If you already have a KMS key that you manage, enter its Amazon Resource Name (ARN). For information about finding the ARN of your key using the console, see [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) in the *AWS Key Management Service Developer Guide*. + If you want to create a KMS key, choose **Create an AWS KMS key** and follow the steps in the AWS KMS console. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. 1. In **Run a repository analysis**, specify information for your associated repository's first full scan. This scan generates your repository's initial code review. For more information, see [Get recommendations using full repository analysis](create-code-reviews.md#get-repository-scan). 1. From **Source branch**, choose the branch to use. 1. (Optional) In **Code review name**, type a name for your code review. 1. (Optional) Expand **Analysis configuration file - optional** to download a sample `aws-codeguru-reviewer.yml` file to use as a template. Modify the file and upload it to the root directory of your repository. For more information about the analysis configuration file, see [Suppress recommendations](recommendation-suppression.md). ![\[The Run a repository analysis section with settings and sample YAML file information.\]](http://docs.aws.amazon.com/codeguru/latest/reviewer-ug/images/run-repo-analysis-config-file.png) 1. (Optional) Expand **Tags** to add one or more tags to your repository association. For more information, see [Tagging a repository association in Amazon CodeGuru Reviewer](tag-repository-association.md). 1. Choose **Add new tag**. 1. In **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. 1. (Optional) To add another tag, choose **Add new tag**. 1. Choose **Associate repository and run analysis**. On the **Repositories** page, the **Status** is **Associating**. When the association is complete, the status changes to **Associated** and a full repository analysis begins. Refresh the page to check for the status change. # Create a GitHub Enterprise Server repository association in Amazon CodeGuru Reviewer Create a GitHub Enterprise Server repository association You can create a GitHub Enterprise Server repository association using the Amazon CodeGuru Reviewer console, the AWS CLI, or the CodeGuru Reviewer SDK. Before you create a GitHub Enterprise Server repository association, you must have a GitHub Enterprise Server repository. **Note** GitHub Enterprise Cloud repositories have a different procedure and different prerequisites. If you're using GitHub Enterprise Cloud, [follow this procedure instead](https://docs.aws.amazon.com//codeguru/latest/reviewer-ug/create-github-association.html). **Topics** + [ ## GitHub Enterprise Server repository association prerequisites ](#create-github-enterprise-association-requirements) + [ ## Create a GitHub Enterprise Server repository association (console) ](#create-github-enterprise-association-console) + [ ## Create a GitHub Enterprise Server repository association (AWS CLI) ](#create-github-enterprise-association-cli) + [ ## Create a GitHub Enterprise Server repository association (AWS SDKs) ](#create-github-enterprise-server-association-sdk) ## GitHub Enterprise Server repository association prerequisites GitHub Enterprise Server prerequisites To create a GitHub Enterprise Server repository association, you must have a GitHub Enterprise Server connection in AWS CodeConnections. The connection must be in the same AWS account and Region in which you want your code reviews. For more information, see [Create a connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html) and [Create a connection to GitHub Enterprise Server](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-gheserver.html) in the *Developer Tools User Guide*. **Important** CodeConnections does not support GitHub Enterprise Server version 2.22.0 due to a known issue in the release. To create a connection, use version 2.22.1 or later. Your GitHub Enterprise Server connection requires a *host*. The host represents your GitHub Enterprise Server instance and is to what your GitHub Enterprise Server connection connects. A host can be an on-premises server or a Virtual Private Cloud (VPC). For more information, see [Amazon VPC configuration for your host](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-gheserver-console.html#connections-create-gheserver-prereq) and [Create a host](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-host-create.html) in the *AWS Developer Tools User Guide*. ## Create a GitHub Enterprise Server repository association (console) Create a GitHub Enterprise Server repository association (console) **To create a GitHub Enterprise Server repository association** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Choose **Associate repository and run analysis**. 1. Choose **GitHub Enterprise Server**. 1. From **Connect to GitHub Enterprise Server (with AWS CodeConnections)**, choose the connection you want to use. If you don't have a connection, choose **Create a GitHub Enterprise Server connection** to create one in the Developer Tools console. For more information, see [Create a connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create.html) in the *AWS Developer Tools User Guide*. 1. From **Repository location**, choose the name of your GitHub Enterprise Server repository that contains the source code you want CodeGuru Reviewer to analyze. 1. (Optional) Expand **Encryption key - optional** to use your own AWS Key Management Service key (KMS key) to encrypt your associated repository. For more information, see [Encrypting a repository association in Amazon CodeGuru Reviewer](encrypt-repository-association.md). 1. Select **Customize encryption settings (advanced)**. 1. Do one of the following: + If you already have a KMS key that you manage, enter its Amazon Resource Name (ARN). For information about finding the ARN of your key using the console, see [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) in the *AWS Key Management Service Developer Guide*. + If you want to create a KMS key, choose **Create an AWS KMS key** and follow the steps in the AWS KMS console. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. 1. In **Run a repository analysis**, specify information for your associated repository's first full scan. This scan generates your repository's initial code review. For more information, see [Get recommendations using full repository analysis](create-code-reviews.md#get-repository-scan). 1. From **Source branch**, choose the branch to use. 1. (Optional) In **Code review name**, type a name for your code review. 1. (Optional) Expand **Analysis configuration file - optional** to download a sample `aws-codeguru-reviewer.yml` file to use as a template. Modify the file and upload it to the root directory of your repository. For more information about the analysis configuration file, see [Suppress recommendations](recommendation-suppression.md). ![\[The Run a repository analysis section with settings and sample YAML file information.\]](http://docs.aws.amazon.com/codeguru/latest/reviewer-ug/images/run-repo-analysis-config-file.png) 1. (Optional) Expand **Tags** to add one or more tags to your repository association. For more information, see [Tagging a repository association in Amazon CodeGuru Reviewer](tag-repository-association.md). 1. Choose **Add new tag**. 1. In **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. 1. (Optional) To add another tag, choose **Add new tag**. 1. Choose **Associate repository and run analysis**. On the **Repositories ** page, the **Status** is **Associating**. When the association is complete, the status changes to **Associated** and a full repository analysis begins. Refresh the page to check for the status change. ## Create a GitHub Enterprise Server repository association (AWS CLI) Create a GitHub Enterprise Server repository association (AWS CLI) For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section of the AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html) **To create a GitHub Enterprise Server repository association** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` 1. Run the **associate-repository** command specifying the owner (or user name) of your GitHub Enterprise Server account, the name of your repository, and the Amazon Resource Name (ARN) of your connection. ``` aws codeguru-reviewer associate-repository --repository GitHubEnterpriseServer="{Owner=github-enterprise-server-user-name, Name=repository-name, \ ConnectionArn=arn:aws:codeconnections:us-west-2:123456789012:connection/connection-uuid }" ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object. ``` { "RepositoryAssociation": { "ProviderType": "GitHubEnterpriseServer", "Name": "repository-name", "LastUpdatedTimeStamp": 1595966211.79, "AssociationId": "repository-association-uuid", "CreatedTimeStamp": 1595966211.79, "ConnectionArn": "arn:aws:codeconnections:us-west-2:123456789012:connection/connection-uuid", "State": "Associating", "StateReason": "Pending Repository Association", "AssociationArn": "arn:aws:codeguru-reviewer:us-east-2:123456789012:association:repository-association-uuid", "Owner": "github-enterprise-server-user-name" } } ``` 1. When the **associate-repository** command succeeds, the status in the returned output is **Associating**. When the association is complete, the status changes to **Associated** and you can create a pull request or a full repository analysis to get recommendations. You can check your repository association's status using the `describe-repository` command with its Amazon Resource Name (ARN). ``` aws codeguru-reviewer describe-repository-association --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object which shows its status. ``` { "RepositoryAssociation": { "ProviderType": "GitHubEnterpriseServer", "Name": "repository-name", "LastUpdatedTimeStamp": 1595634764.029, "AssociationId": "repository-association-uuid", "CreatedTimeStamp": 1595634764.029, "ConnectionArn": "arn:aws:codeconnections:us-west-2:123456789012:connection/connection_uuid" "State": "Associated", "StateReason": "Pull Request Notification configuration successful", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", "Owner": "github-enterprise-server-user-name" } } ``` ## Create a GitHub Enterprise Server repository association (AWS SDKs) Create a GitHub Enterprise Server repository association (AWS SDKs) To create a GitHub Enterprise Server repository association with the AWS SDKs, use the `AssociateRepository` API. For more information, see [AssociateRepository](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_AssociateRepository.html) in the *Amazon CodeGuru Reviewer API Reference*. # View all repository associations in CodeGuru Reviewer View all repository associations You can view all the associated repositories in your AWS Region and your AWS account using the console or the AWS CLI. **Topics** + [ ## View all associated repositories in CodeGuru Reviewer (console) ](#repository-association-view-all-console) + [ ## View all repository associations in CodeGuru Reviewer (AWS CLI) ](#repository-association-view-all-cli) ## View all associated repositories in CodeGuru Reviewer (console) View all associated repositories (console) **View all associated repositories** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Associated repositories**. ## View all repository associations in CodeGuru Reviewer (AWS CLI) View all repository associations (AWS CLI) For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html) and [list-repository-associations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/list-repository-associations.html) in the *AWS CLI Command Reference*. **View all repository associations** 1. Make sure that you have configured the AWS CLI with the AWS Region that contains the repository associations you want to view. Run the following command at the command line or terminal and review or configure the Region for the AWS CLI. ``` aws configure ``` 1. Run **list-repository-associations**. ``` aws codeguru-reviewer list-repository-associations ``` 1. If successful, this command outputs one [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociationSummary.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociationSummary.html) object for each of your associated repositories. ``` { "RepositoryAssociationSummaries": [ { "LastUpdatedTimeStamp": 1595886609.616, "Name": "test", "AssociationId": "0bdac454-f6af-4adf-a625-de4db4b4bca1", "Owner": "123456789012", "State": "Associated", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:0bdac454-f6af-4adf-a625-de4db4b4bca1", "ProviderType": "Bitbucket" }, { "LastUpdatedTimeStamp": 1595636969.035, "Name": "CodeDeploy-CodePipeline-ECS-Tutorial", "AssociationId": "eb2f7513-a132-47ad-81dc-bd718468ee1e", "Owner": "123456789012", "State": "Associated", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:eb2f7513-a132-47ad-81dc-bd718468ee1e", "ProviderType": "CodeCommit" }, { "LastUpdatedTimeStamp": 1595634785.983, "Name": "My-ecs-beta-repo", "AssociationId": "d79156d7-6297-4b08-ba5a-f05b274e3518", "Owner": "123456789012", "State": "Associated", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:d79156d7-6297-4b08-ba5a-f05b274e3518", "ProviderType": "CodeCommit" } ] } ``` # Disassociate a repository in CodeGuru Reviewer Disassociate a repository You can disassociate any associated repository you create. After you disassociate a repository, Amazon CodeGuru Reviewer no longer has permission to read code in the repository's pull requests and doesn't have access to your repository's source code. This means that CodeGuru Reviewer does not have permission to perform operations such as cloning or publishing comments in source code. A disassociated repository does not send pull request notifications to Amazon CodeGuru Reviewer. You cannot create code reviews of any kind for a disassociated repository. Immediately after you choose to disassociate a repository, its status changes to `Disassociating`. If you want to review code in your disassociated repository later, you can create a new repository association. **Important** If you are disassociating a Bitbucket or GitHub Enterprise Server repository, you must disassociate the repository before deleting your AWS CodeStar connection. **Note** Charges are not incurred for disassociated repositories. **Topics** + [ ## Disassociate a repository in CodeGuru Reviewer (console) ](#disassociate-repository-association-console) + [ ## Disassociate a repository in CodeGuru Reviewer (AWS CLI) ](#disassociate-repository-association-cli) ## Disassociate a repository in CodeGuru Reviewer (console) Disassociate a repository (console) **To disassociate a repository** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Do one of the following: + Choose the radio button next to the repository you want to disassociate, then choose **Disassociate repository**. + Choose the association ID of the repository you want to disassociate. On its **Repository** page, choose **Disassociate repository**. With this option, you can view details about your repository before you disassociate it. ## Disassociate a repository in CodeGuru Reviewer (AWS CLI) Disassociate a repository (AWS CLI) For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section of the AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html) **Disassociate a repository association** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **disassociate-repository** command specifying the Amazon Resource Name (ARN) of your associated repository. ``` aws codeguru-reviewer disassociate-repository --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object with a state of `Disassociating`. ``` { "RepositoryAssociation": { "AssociationId": "repository_association_uuid", "Name": "repository-name", "LastUpdatedTimeStamp": 1602119553.692, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1590712779.949, "Owner": "123456789012", "State": "Disassociating", "AssociationArn": ""arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid" } } ``` 1. When the **disassociate-repository** command completes, the repository is not associated with Amazon CodeGuru Reviewer. You can check if your repository association successfully disassociated using the `describe-repository` command with its Amazon Resource Name (ARN). ``` aws codeguru-reviewer describe-repository-association --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, the repository association is deleted and the command correctly outputs the following: ``` An error occurred (NotFoundException) when calling the DescribeRepositoryAssociation operation: The requested resource arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid is not found. ``` # Encrypting a repository association in Amazon CodeGuru Reviewer Encrypting a repository association All associated repositories in Amazon CodeGuru Reviewer are encrypted by default using a key that AWS owns and manages for you. You can encrypt an associated repository using an AWS Key Management Service key, known as a *KMS key*, that you manage. If you want to use a KMS key, then you must create one in advance using AWS KMS, or create one when you create your associated repository. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. You can encrypt an associated repository with a KMS key only when you create it. If you want to update how an existing repository is encrypted, you must disassociate it and then recreate it with the encryption you want. For more information, see [Disassociate a repository in CodeGuru Reviewer](disassociate-repository-association.md). The encryption key (either an AWS owned and managed key, or a KMS key you create) encrypts the associated repository and all of its code reviews. Each code review is a child of the associated repository that contains the reviewed code. If you encrypt an associated repository with a KMS key, then revoke access to that key by disabling it or removing CodeGuru Reviewer access to AWS KMS using the AWS Identity and Access Management AWS CLI or SDK, the following occurs: + Recommendations related to the associated repository become unavailable. + You cannot successfully review code in the associated repository. You can schedule a code review, but the code review fails. To restore access to an associated repository that is encrypted with a disabled key, you can re-enable it. For more information, see [Enabling and disabling keys](https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html) in the *AWS Key Management Service Developer Guide*. **Note** Creation of an AWS KMS key results in charges to your AWS account. For more information, see [AWS Key Management Service pricing](https://aws.amazon.com/kms/pricing). **Topics** + [ ## Encrypt an associated repository using an AWS KMS key ](#encrypt-repository-association-how-to-use-cmk) + [ ## Update how a repository association is encrypted ](#encrypt-repository-association-how-to-change-cmk) ## Encrypt an associated repository using an AWS KMS key Encrypt an associated repository using an AWS KMS key You can use the Amazon CodeGuru Reviewer console to specify an AWS Key Management Service key (KMS key) to encrypt your associated repository. If you don't do this, your associated repository is encrypted by default using a key that is owned and managed by AWS. **Encrypt an associated repository using a KMS key** 1. Follow the steps in one of the following topics to create an association with your repository type: + [Create an AWS CodeCommit repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-codecommit-association.html#create-codecommit-association-console) + [Create a Bitbucket repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-bitbucket-association.html#create-bitbucket-association-console) + [Create a GitHub or GitHub Enterprise Cloud repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-association.html) + [Create a GitHub Enterprise Server repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-enterprise-association.html#create-github-enterprise-association-console) 1. Expand **Additional configuration**. 1. Select **Customize encryption settings (advanced)**. 1. Do one of the following: + If you already have a KMS key that you manage, enter its Amazon Resource Name (ARN). For information about finding the ARN of your key using the console, see [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) in the *AWS Key Management Service Developer Guide*. + If you want to create a KMS key, choose **Create an AWS KMS key** and follow the steps in the AWS KMS console. For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*. 1. Complete the rest of the steps to create your repository association. ## Update how a repository association is encrypted Update how a repository association is encrypted If you want to update how your associated repository is encrypted, you must disassociate it, then recreate it. When you recreate the associated repository, specify the AWS Key Management Service key (KMS key) you want to use. If you don't specify a KMS key, then your data is encrypted by a key that is managed by AWS. **Change how an associated repository is encrypted** 1. Disassociate your associated repository by following the steps in [Disassociate a repository in CodeGuru Reviewer (console)](disassociate-repository-association.md#disassociate-repository-association-console). 1. Follow the steps in one of the following topics to create an association with your repository type. Specify the KMS key you want to use or don't specify any KMS key if you want to encrypt your data using an AWS owned and managed key. + [Create an AWS CodeCommit repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-codecommit-association.html#create-codecommit-association-console) + [Create a Bitbucket repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-bitbucket-association.html#create-bitbucket-association-console) + [Create a GitHub or GitHub Enterprise Cloud repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-association.html) + [Create a GitHub Enterprise Server repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-enterprise-association.html#create-github-enterprise-association-console) # Tagging a repository association in Amazon CodeGuru Reviewer Tagging a repository association A *tag* is a custom attribute label that you or AWS assigns to an AWS resource. Each AWS tag has two parts: + A tag *key* (for example, `CostCenter`, `Environment`, `Project`, or `Secret`). Tag keys are case sensitive. + An optional field known as a tag *value* (for example, `111122223333`, `Production`, or a team name). Omitting the tag value is the same as using an empty string. Like tag keys, tag values are case sensitive. Together these are known as *key*-*value* pairs. For limits on the number of tags you can have on an associated repository and restrictions on tag keys and values, see [Tags](quotas.md#limits-tags). Tags help you identify and organize your AWS resources. Many AWS services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to a CodeGuru Reviewer associated repository that you assign to an AWS CodeBuild build project. For more information about using tags, see the [Tagging Best Practices](https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) whitepaper. In CodeGuru Reviewer, you can use the CodeGuru Reviewer console, the AWS CLI, CodeGuru Reviewer APIs, or AWS SDKs to add, manage, and remove tags for a repository association. In addition to identifying, organizing, and tracking your repository association with tags, you can use tags in IAM policies to help control who can view and interact with your repository association. A repository association has a parent-child hierarchical relationship with code reviews because a repository association contains all the code reviews inside it. Because of this, you can use tags on repository associations to control access to the code reviews in it. For examples of tag-based access policies, see [Using tags to control access to Amazon CodeGuru Reviewer associated repositories](auth-and-access-control-using-tags.md). **Topics** + [ # Add a tag to a CodeGuru Reviewer associated repository ](how-to-tag-associated-repositories-add.md) + [ # View tags for a CodeGuru Reviewer associated repository ](how-to-tag-associated-repository-view.md) + [ # Add or update tags for a CodeGuru Reviewer associated repository ](how-to-tag-associated-repository-update.md) + [ # Remove tags from a CodeGuru Reviewer associated repository ](how-to-tag-associated-repository-remove.md) # Add a tag to a CodeGuru Reviewer associated repository Add a tag to an associated repository Adding tags to an associated repository can help you identify and organize your AWS resources and manage access to them. First, you add one or more tags (key-value pairs) to an associated repository. Keep in mind that there are limits on the number of tags you can have on an associated repository. There are restrictions on the characters you can use in the key and value fields. For more information, see [Tags](quotas.md#limits-tags). After you have tags, you can create IAM policies to manage access to the associated repository based on these tags. You can use the CodeGuru Reviewer console, AWS CLI, or SDK to add tags to an associated repository. **Important** Adding tags to an associated repository can impact access to that associated repository. Before you add a tag to an associated repository, make sure to review any IAM policies that might use tags to control access to resources such as associated repositories. For examples of tag-based access policies, see [Using tags to control access to Amazon CodeGuru Reviewer associated repositories](auth-and-access-control-using-tags.md). **Topics** + [ # Add a tag to a CodeGuru Reviewer associated repository (console) ](how-to-tag-associated-repository-add-console.md) + [ # Add a tag to a CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-add-cli.md) # Add a tag to a CodeGuru Reviewer associated repository (console) Add a tag to an associated repository (console) You can use the console to add a tag when you create an associated repository or to one that already exists. **Topics** + [ # Add a tag when you create a CodeGuru Reviewer associated repository (console) ](how-to-tag-associated-repository-add-on-create-console.md) + [ # Add a tag to an existing CodeGuru Reviewer associated repository (console) ](how-to-tag-associated-repository-add-on-existing-console.md) # Add a tag when you create a CodeGuru Reviewer associated repository (console) Add a tag when you create an associated repository (console) You can use the Amazon CodeGuru Reviewer console to add one or more tags when you create an Amazon CodeGuru Reviewer associated repository. **Add a tag when you create an associated repository** 1. Follow the steps in one of the following topics to create an association with your repository type: + [Create an AWS CodeCommit repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-codecommit-association.html#create-codecommit-association-console) + [Create a Bitbucket repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-bitbucket-association.html#create-bitbucket-association-console) + [Create a GitHub or GitHub Enterprise Cloud repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-association.html) + [Create a GitHub Enterprise Server repository association (console)](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/create-github-enterprise-association.html#create-github-enterprise-association-console) 1. Expand **Tags**. 1. Choose **Add new tag**. 1. In **Key**, enter a name for the tag. You can add an optional value for the tag in **Value**. 1. (Optional) To add another tag, choose **Add new tag**. 1. Complete the rest of the steps to create your repository association. # Add a tag to an existing CodeGuru Reviewer associated repository (console) Add a tag to an existing associated repository (console) You can use the Amazon CodeGuru Reviewer console to add one or more tags to an existing CodeGuru Reviewer associated repository. **Add a tag to an existing associated repository** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Do one of the following: + Choose the association ID of the associated repository where you want to view tags, then choose **Manage tags**. + Choose the radio button next to the associated repository where you want to view tags, then choose **Manage tags**. 1. In **Manage tags**, for each tag you want to add: 1. Choose **Add new tag**. 1. In **key**, enter a name for the tag. 1. (Optional) In **value**, enter a value for the tag. 1. When you have finished adding tags, choose **Save changes**. # Add a tag to a CodeGuru Reviewer associated repository (AWS CLI) Add a tag to an associated repository (AWS CLI) You can use the AWS CLI to add a tag to an associated repository that already exists or when you create it. For information about using the AWS CLI with CodeGuru Reviewer, see the [CodeGuru Reviewer section of the AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/codeguru-reviewer/index.html). **Topics** + [ # Add a tag when you create a CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-add-on-create-cli.md) + [ # Add a tag to an existing CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-add-on-existing-cli.md) # Add a tag when you create a CodeGuru Reviewer associated repository (AWS CLI) Add a tag when you create an associated repository (AWS CLI) You can use the AWS CLI to add tags to an associated repository when you create it. **Note** Because you cannot use the AWS CLI to create a GitHub repository, you cannot use the AWS CLI to add tags to a GitHub repository when you create it. You can use the AWS CLI to add tags to an existing GitHub repository using **tag-resource**. You can also add tags when you create a GitHub repository association with the console. **To add a tag when you create a repository association** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **associate-repository** command specifying the tags you want to add with the `--tags` parameter. Specify a tag's key and value using an equal symbol (for example, `my-key=my-value`). For more information about how to use **associate-repository** to create an association with your repository type, see one of the following: + [Create a CodeCommit repository association (AWS CLI)](create-codecommit-association.md#create-codecommit-association-cli) + [Create a Bitbucket repository association (AWS CLI)](create-bitbucket-association.md#create-bitbucket-association-cli) + [Create a GitHub Enterprise Server repository association (AWS CLI)](create-github-enterprise-association.md#create-github-enterprise-association-cli) The following example adds 3 tags when you create an AWS CodeCommit repository association. ``` aws codeguru-reviewer associate-repository --repository CodeCommit={Name=my-codecommit-repo} / --tags value-1=key-1,owner=admin,status=beta ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object that includes an array with the 3 tags. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-codecommit-repo", "LastUpdatedTimeStamp": 1595634764.029, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1595634764.029, "Owner": "123456789012", "State": "Associating", "StateReason": "Pending Repository Association", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", }, "Tags": { "owner": "admin", "status": "beta", "value-1": "key-1", } } ``` # Add a tag to an existing CodeGuru Reviewer associated repository (AWS CLI) Add a tag to an existing associated repository (AWS CLI) You use the same command, **tag-resource**, to update and to use the AWS CLI to add tags to an associated repository. **To add a tag to an existing repository association** + Follow the steps in [Add or update tags for a CodeGuru Reviewer associated repository (AWS CLI)](how-to-tag-associated-repository-update-cli.md). # View tags for a CodeGuru Reviewer associated repository View tags for an associated repository Tags can help you identify and organize your AWS resources and manage access to them. For more information about tagging strategies, see [Tagging AWS resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *Amazon Web Services General Reference*. For examples of tag-based access policies, see [Using tags to control access to Amazon CodeGuru Reviewer associated repositories](auth-and-access-control-using-tags.md). **Topics** + [ # View tags for an associated repository (console) ](how-to-tag-associated-repository-view-console.md) + [ # View tags for a CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-view-cli.md) # View tags for an associated repository (console) You can use the CodeGuru Reviewer console to view the tags associated with a CodeGuru Reviewer associated repository. **To view tags for an associated repository** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Do one of the following: + Choose the association ID of the associated repository where you want to view tags, then look under **Tags**. + Choose the radio button next to the associated repository where you want to view tags, then choose **Manage tags**. # View tags for a CodeGuru Reviewer associated repository (AWS CLI) View tags for an associated repository (AWS CLI) Follow these steps to use the AWS CLI to view the AWS tags for an associated repository. If no tags have been added, the returned tags list in the response is empty (`"Tags": {}`). **To view tags for an associated repository** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **describe-repository-association** command and specify the Amazon Resource Name (ARN) of the associated repository. ``` aws codeguru-reviewer describe-repository-association / --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` 1. If successful, this command outputs a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object that includes an array with its tags. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-codecommit-repo", "LastUpdatedTimeStamp": 1595634764.029, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1595634764.029, "Owner": "123456789012", "State": "Associating", "StateReason": "Pending Repository Association", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid", }, "Tags": { "owner": "admin", "status": "beta", "value-1": "key-1", } } ``` # Add or update tags for a CodeGuru Reviewer associated repository Add or update tags for an associated repository You can change the value for a tag associated with an associated repository or add a new tag. Keep in mind that there are limits on the characters you can use in the key and value fields. For more information, see [Limits](quotas.md#limits-tags). **Important** Updating the value of a tag for an associated repository can impact access to that associated repository. Before you update the value of a tag for an associated repository, make sure to review any IAM policies that might use the value to control access to resources such as associated repositories. For examples of tag-based access policies, see [Using tags to control access to Amazon CodeGuru Reviewer associated repositories](auth-and-access-control-using-tags.md). **Topics** + [ # Add or update tags for a CodeGuru Reviewer associated repository (console) ](how-to-tag-associated-repository-update-console.md) + [ # Add or update tags for a CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-update-cli.md) # Add or update tags for a CodeGuru Reviewer associated repository (console) Add or update tags for an associated repository (console) You can use the CodeGuru Reviewer console to update, add, or remove the tags associated with a CodeGuru Reviewer associated repository. Using the console, you can also change the name of the key, which is equivalent to removing the current tag and adding a different one with the new name and the same value. **To add or update tags for an associated repository** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Do one of the following: + Choose the association ID of the associated repository where you want to view tags, then choose **Manage tags**. + Choose the radio button next to the associated repository where you want to view tags, then choose **Manage tags**. 1. Enter new values in **key** and **value** to edit tags. Choose **Remove** next to a tag to remove it. Choose **Add new tag** to add a new tag. 1. Choose **Save changes** when you are finished. # Add or update tags for a CodeGuru Reviewer associated repository (AWS CLI) Add or update tags for an associated repository (AWS CLI) Follow these steps to use the AWS CLI and the **tag-resource** command to add or update the AWS tags for an associated repository. This command adds a new tag or, if you pass in a tag with an existing key, updates the value associated with that key. If you want to use the AWS CLI to update the key of a tag, use **untag-resource** to remove it, then use **tag-resource** to add a new tag with the updated key and its value. **To add or update tags for an associated repository** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **tag-resource** command. Use `--resource-arn` to specify the Amazon Resource Name (ARN) of the associated repository that contains the tags you want to update or add. Use the `--tags` argument to specify the tags you want to update or add. The following command specifies 3 tags. If one of the keys already exists, its value is updated. If not, a new key is added. ``` aws codeguru-reviewer tag-resource / --resource-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid / --tags key1=value1,key2=value2,key3=value3 ``` 1. If successful, there is no output and no error. If you want to verify the tags were added correctly, use the **describe-repository-association** command and use `--association-arn` to specify the ARN of the associated repository. ``` aws codeguru-reviewer describe-repository-association / --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` The output is a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object that includes an array with the 3 added or updated tags. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-repository-name", "LastUpdatedTimeStamp": 1603493340.035, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1603493328.512, "Owner": "123456789012", "State": "Associated", "StateReason": ""Pull Request Notification configuration successful", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid" }, "Tags": { "key3": "value3", "key2": "value2", "key1": "value1" } } ``` # Remove tags from a CodeGuru Reviewer associated repository Remove tags from an associated repository You can use the console or the AWS CLI to remove tags from an associated repository. **Topics** + [ # Remove tags from a CodeGuru Reviewer associated repository (console) ](how-to-tag-associated-repository-rmeove-console.md) + [ # Remove tags from a CodeGuru Reviewer associated repository (AWS CLI) ](how-to-tag-associated-repository-remove-cli.md) # Remove tags from a CodeGuru Reviewer associated repository (console) Remove tags from an associated repository (console) **To remove tags from an associated repository** 1. Open the Amazon CodeGuru Reviewer console at [https://console.aws.amazon.com/codeguru/reviewer/](https://console.aws.amazon.com/codeguru/reviewer/). 1. In the navigation pane, choose **Repositories**. 1. Choose the association ID of the associated repository with the tags you want to edit. 1. In **Tags**, choose **Manage tags**. 1. Choose **Remove** next to each tag you want to remove. 1. Choose **Save changes**. # Remove tags from a CodeGuru Reviewer associated repository (AWS CLI) Remove tags from an associated repository (AWS CLI) You can remove a tag from an associated repository using the console or the AWS CLI. **Important** Removing a tag from an associated repository can impact access to that associated repository. Before you remove a tag from an associated repository, make sure to review any IAM policies that might use its key or value to control access to resources such as associated repositories. For examples of tag-based access policies, see [Using tags to control access to Amazon CodeGuru Reviewer associated repositories](auth-and-access-control-using-tags.md). **To remove tags from an associated repository** 1. Make sure that you have configured the AWS CLI with the AWS Region in which you want to create your code reviews. To verify the Region, run the following command at the command line or terminal and review the information for the default name. ``` aws configure ``` The default Region name must match the AWS Region for the repository in CodeCommit. 1. Run the **untag-resource** command. Use `--resource-arn` to specify the Amazon Resource Name (ARN) of the associated repository that contains the tags you want to update or add to. Use the `--tag-keys` argument to specify the *key* of the tags you want to remove. The following command removes 3 tags. ``` aws codeguru-reviewer untag-resource / --resource-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid / --tag-keys key1 key2 key3 ``` 1. If successful, there is no output and no error. If you want to verify the tags were removed correctly, use the **describe-repository-association** command and use `--association-arn` to specify the ARN of the associated repository. ``` aws codeguru-reviewer describe-repository-association / --association-arn arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid ``` The output is a [https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html](https://docs.aws.amazon.com/codeguru/latest/reviewer-api/API_RepositoryAssociation.html) object that includes an array that does not contain the keys you removed. In the following output example, all tags were removed so the tags array is empty. ``` { "RepositoryAssociation": { "AssociationId": "repository-association-uuid", "Name": "my-repository-name", "LastUpdatedTimeStamp": 1603493340.035, "ProviderType": "CodeCommit", "CreatedTimeStamp": 1603493328.512, "Owner": "123456789012", "State": "Associated", "StateReason": ""Pull Request Notification configuration successful", "AssociationArn": "arn:aws:codeguru-reviewer:us-west-2:123456789012:association:repository-association-uuid" }, "Tags": {} } ```