Connect to Git repositories with Amazon CodeConnections - Amazon EKS
Use Amazon CodeConnections with Argo CDConsiderations for using CodeConnections with Argo CD
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.

Connect to Git repositories with Amazon CodeConnections

Amazon CodeConnections provides a secure way to connect Amazon services to third-party source code repositories. Amazon CodeConnections supports GitHub, GitLab, Bitbucket, and other providers. To learn more and get started, see Working with connections.

Use Amazon CodeConnections with Argo CD

When using the EKS capability for Argo CD, you can choose to use Amazon CodeConnections to enable secure authentication to Git repositories without managing long-lived credentials or personal access tokens. Amazon CodeConnections handles the OAuth authentication flow and manages the connection to your Git provider, providing a secure and manageable approach to accessing your GitOps repositories and application manifests stored in third-party Git providers.

Prerequisites

  • An Amazon EKS cluster with the Argo CD capability created

  • A connection created in Amazon CodeConnections to your Git provider

  • IAM permissions configured for Argo CD to use the connection

To configure CodeConnections for Argo CD repository access

  1. Create a connection in the CodeConnections console:

    1. Open the CodeConnections console.

    2. Choose Create connection.

    3. Select your provider (GitHub, GitLab, or Bitbucket) and follow the authentication flow.

    4. Note the connection ARN for use in your Argo CD configuration.

  2. Ensure the Argo CD capability role has permissions to use the connection with a resource-based policy:

    {
  "Version": "2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codeconnections:UseConnection",
        "codeconnections:GetConnection"
      ],
      "Resource": "arn:aws:codeconnections:region:account-id:connection/connection-id"
    }
  ]
}

  3. Configure Argo CD to reference the CodeConnections resource when adding a repository, using the CodeConnections resource endpoint as the repository url. The Argo CD capability uses the connection to authenticate to your Git provider without requiring long-lived credentials.

Considerations for using CodeConnections with Argo CD

When using Amazon CodeConnections with the EKS Capability for Argo CD, keep the following in mind:

  • The CodeConnections connection must be in the same Amazon Region as your EKS cluster

  • The Argo CD capability role must have codeconnections:UseConnection and codeconnections:GetConnection permissions

  • CodeConnections manages the OAuth flow and credential lifecycle automatically

For more information about configuring repository access with Argo CD, see Configure repository access.