CDK Codepipeline with github : insufficient permissions

Question

I've been using aws cdk with github to set up my cicd pipeline for a while. This is the main tutorial I followed https://docs.aws.amazon.com/cdk/v2/guide/cdk_pipeline.html#cdk_pipeline_define. Along with this video https://www.youtube.com/watch?v=EVDw0sdxaec&t=433s which shows how to set up a github personal access token and save it to secrets manager.

Whenever the github personal access token would expire, I would just create a new one and update the secret in aws secrets manager.

However today. Even after reseting the access token the codepipeline does not work. It fails at soucing the github repo and give the following error and explanation.

```
Insufficient permissions

Could not access the GitHub repository: "REDACTED". The access token might be invalid or has been revoked. Edit the pipeline to reconnect with GitHub.
```

Answer

I have experienced this issue in a similar manner when using GitHub V1 source action, which AWS does not recommend. When I would manually expire a GitHub oauth token and update the token in AWS Secrets Manager, it would continue to use the original token. AWS secrets are often cached client side to reduce the number of hits to AWS Secrets Manager. This is done to optimize performance. However, in this case, there is a need to expire the client side cache. The workaround that I used was to establish a new secret name and switch AWS CodePipeline to use this new secret.

The preferred solution is to switch to GitHub version 2 source action. AWS has provided instructions to Update a GitHub version 1 source action to a GitHub version 2 source action

The preferred solution is to switch to GitHub version 2 source action.   AWS has provided instructions to [Update a GitHub version 1 source action to a GitHub version 2 source action](https://docs.aws.amazon.com/codepipeline/latest/userguide/update-github-action-connections.html)

CDK Codepipeline with github : insufficient permissions

相關內容