# Working with connections
*Connections* are configurations that you use to connect AWS resources to external code repositories. Each connection is a resource that can be given to services such as AWS CodePipeline to connect to a third-party repository such as Bitbucket. For example, you can add the connection in CodePipeline so that it triggers your pipeline when a code change is made to your third-party code repository. You can also connect your AWS resources to an installed provider type such as GitHub Enterprise Server.
**Note**
For organizations in GitHub or GitHub Enterprise Server, you cannot install a GitHub App into multiple GitHub Organizations. The app to GitHub Organization mapping is a 1:1 mapping. One organization can only have one app at a time; however, you can have multiple connections pointing to the same app. For more detail, see [How connections in AWS CodeConnections work with organizations](welcome-connections-how-it-works-github-organizations.md).
If you want to create a connection to an installed provider type, such as GitHub Enterprise Server, the console creates a host for you. A host is a resource that you create to represent the server where your provider is installed. For more information, see [Working with hosts](connections-hosts.md).
When you create a connection, you use a wizard in the console to install the connections app with your third-party provider and associate it with a new connection. If you have already installed the app, you can use it.
**Note**
To use connections in the Europe (Milan) AWS Region, you must:
Install a Region-specific app
Enable the Region
This Region-specific app supports connections in the Europe (Milan) Region. It is published on the third-party provider site, and it is separate from the existing app supporting connections for other Regions. By installing this app, you authorize third-party providers to share your data with the service for this Region only, and you can revoke the permissions at any time by uninstalling the app.
The service will not process or store your data unless you enable the Region. By enabling this Region, you grant our service permissions to process and store your data.
Even if the Region is not enabled, third-party providers can still share your data with our service if the Region-specific app remains installed, so make sure to uninstall the app once you disable the Region. For more information, see [ Enabling a Region](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable).
For more information about connections, see the [AWS CodeConnections API reference](https://docs.aws.amazon.com/codeconnections/latest/APIReference/Welcome.html). For more information about the CodePipeline source action for Bitbucket, see [CodestarConnectionSource](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html) in the *AWS CodePipeline User Guide*.
To create or attach a policy to your AWS Identity and Access Management (IAM) user or role with the permissions required to use connections, see [AWS CodeConnections permissions reference](security-iam.md#permissions-reference-connections). Depending on when your CodePipeline service role was created, you might need to update its permissions to support AWS CodeConnections. For instructions, see [Update the service role](https://docs.aws.amazon.com/codepipeline/latest/userguide/how-to-update-role-new-services.html) in the *AWS CodePipeline User Guide*.
**Topics**
+ [Create a connection](connections-create.md)
+ [Create a connection to Azure DevOps](connections-create-azure.md)
+ [Create a connection to Bitbucket](connections-create-bitbucket.md)
+ [Create a connection to GitHub](connections-create-github.md)
+ [Create a connection to GitHub Enterprise Server](connections-create-gheserver.md)
+ [Create a connection to GitLab](connections-create-gitlab.md)
+ [Create a connection to GitLab self-managed](connections-create-gitlab-managed.md)
+ [Update a pending connection](connections-update.md)
+ [List connections](connections-list.md)
+ [Delete a connection](connections-delete.md)
+ [Tag connections resources](connections-tag.md)
+ [View connection details](connections-view-details.md)
+ [Share connections with AWS accounts](connections-share.md)
# Create a connection
You can create connections to the following third-party provider types:
+ To create a connection to Bitbucket, see [Create a connection to Bitbucket](connections-create-bitbucket.md).
+ To create a connection to GitHub or GitHub Enterprise Cloud, see [Create a connection to GitHub](connections-create-github.md).
+ To create a connection to GitHub Enterprise Server, including creating your host resource, see [Create a connection to GitHub Enterprise Server](connections-create-gheserver.md).
+ To create a connection to GitLab, see [Create a connection to GitLab](connections-create-gitlab.md).
+ To create a connection to Azure DevOps, see [Create a connections to Azure DevOps](connections-create-azure.md).
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
# Create a connection to Azure DevOps
You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection to a repository hosted on Azure DevOps.
Before you begin:
+ You must have already created an account with Azure DevOps.
+ You must have already created a project and Azure repository on the Azure DevOps portal. Your account must have administrator access to the repository.
**Note**
You can create connections to an Azure DevOps repository. Installed (on a host) Azure provider types, such as Azure Cloud Hosting, are not supported. See [AWS CodeConnections supported providers and versions](supported-versions-connections.md).
**Note**
Connections only provide access to repositories owned by the account that was used to create the connection.
**Topics**
+ [Create a connection to Azure DevOps (console)](#connections-create-azure-console)
+ [Create a connection to Azure DevOps (CLI)](#connections-create-azure-cli)
## Create a connection to Azure DevOps (console)
You can use the console to create a connection to Azure DevOps.
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
**Step 1: Create your connection**
1. Sign in to the AWS Management Console, and open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**, and then choose **Create connection**.
1. To create a connection to an Azure DevOps repository, under **Select a provider**, choose **Azure DevOps**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to Azure DevOps**, and proceed to Step 2.
![\[Console screenshot showing connection option selected for Azure DevOps.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-azure-updated.png)
**Step 2: Connect to Azure DevOps**
1. On the **Connect to Azure DevOps** settings page, your connection name displays.
1. If the login page for Microsoft displays, log in with your credentials and then choose to continue.
You may need to grant permissions if this is your first time creating a connection to Azure DevOps from AWS Management Console.
![\[Microsoft permissions request screenshot for the first time users when creating a connection to Azure DevOps.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/permissions_request_azure.png)
1. Choose **Accept**.
1. On the connection page, the connection ID for your new installation is displayed.
1. Choose **Connect** to establish the connection. The created connection displays in the connections list and is now in available status and ready to use.
## Create a connection to Azure DevOps (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a connection.
To do this, use the **create-connection** command.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**To create a connection to Azure DevOps**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `AzureDevOps` and the specified connection name is `MyConnection`.
```
aws codeconnections create-connection --provider-type AzureDevOps --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
}
```
1. Use the console to complete the connection. For more information, see [Update a pending connection](connections-update.md).
# Create a connection to Bitbucket
You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection to a repository hosted on bitbucket.org.
Before you begin:
+ You must have already created an account with Bitbucket.
+ You must have already created a code repository on bitbucket.org.
**Note**
You can create connections to a Bitbucket Cloud repository. Installed Bitbucket provider types, such as Bitbucket Server, are not supported. See [AWS CodeConnections supported providers and versions](supported-versions-connections.md).
**Note**
Connections only provide access to repositories owned by the account that was used to create the connection.
If the application is being installed in a Bitbucket workspace, you need **Administer workspace** permissions. Otherwise, the option to install the app will not display.
**Topics**
+ [Create a connection to Bitbucket (console)](#connections-create-bitbucket-console)
+ [Create a connection to Bitbucket (CLI)](#connections-create-bitbucket-cli)
## Create a connection to Bitbucket (console)
You can use the console to create a connection to Bitbucket.
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
**Step 1: Create your connection**
1. Sign in to the AWS Management Console, and open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**, and then choose **Create connection**.
1. To create a connection to a Bitbucket repository, under **Select a provider**, choose **Bitbucket**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to Bitbucket**, and proceed to Step 2.
![\[Console screenshot showing connection option selected for Bitbucket.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-bitbucket.png)
**Step 2: Connect to Bitbucket**
1. On the **Connect to Bitbucket** settings page, your connection name displays.
Under **Bitbucket apps**, choose an app installation or choose **Install a new app** to create one.
**Note**
You only install the app once for each Bitbucket workspace or account. If you have already installed the Bitbucket app, choose it and move to the last step in this section.
![\[Console screenshot showing the Connect to Bitbucket dialog box, with the install new app button.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/newreview-source-wizard-bitbucket.png)
1. If the login page for Bitbucket displays, log in with your credentials and then choose to continue.
1. On the app installation page, a message shows that the AWS CodeStar app is trying to connect to your Bitbucket account.
If you are using a Bitbucket workspace, change the **Authorize for** option to the workspace. Only workspaces where you have administrator access will display.
Choose **Grant access**.
![\[Console screenshot showing the connector access request.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/bitbucket-access-popup.png)
1. In **Bitbucket apps**, the connection ID for your new installation is displayed. Choose **Connect**. The created connection displays in the connections list.
![\[Console screenshot showing the connector access request.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/create-connection-bitbucket-app-ID.png)
## Create a connection to Bitbucket (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a connection.
To do this, use the **create-connection** command.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**To create a connection to Bitbucket**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `Bitbucket` and the specified connection name is `MyConnection`.
```
aws codeconnections create-connection --provider-type Bitbucket --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
}
```
1. Use the console to complete the connection. For more information, see [Update a pending connection](connections-update.md).
# Create a connection to GitHub
You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection to GitHub.
Before you begin:
+ You must have already created an account with GitHub.
+ You must have already created your third-party code repository.
**Note**
To create the connection, you must be the GitHub organization owner. For repositories that are not under an organization, you must be the repository owner.
**Topics**
+ [Create a connection to GitHub (console)](#connections-create-github-console)
+ [Create a connection to GitHub (CLI)](#connections-create-github-cli)
## Create a connection to GitHub (console)
You can use the console to create a connection to GitHub.
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
1. Sign in to the AWS Management Console, and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**, and then choose **Create connection**.
1. To create a connection to a GitHub or GitHub Enterprise Cloud repository, under **Select a provider**, choose **GitHub**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to GitHub**, and proceed to Step 2.
![\[Console screenshot showing connection option selected for Bitbucket.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/github-conn.png)
**To create a connection to GitHub**
1. Under **GitHub connection settings**, your connection name appears in **Connection name**. Choose **Connect to GitHub**. The access request page appears.
![\[Console screenshot showing the GitHub account access page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/github-conn-access.png)
1. Choose **Authorize AWS Connector for GitHub**. The connection page displays and shows the **GitHub Apps** field.
![\[Console screenshot showing the initial GitHub connection page with the GitHub Apps field.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/github-conn-access-app.png)
1. Under **GitHub Apps**, choose an app installation or choose **Install a new app** to create one.
**Note**
You install one app for all of your connections to a particular provider. If you have already installed the AWS Connector for GitHub app, choose it and skip this step.
1. On the Install **AWS Connector for GitHub** page, choose the account where you want to install the app.
![\[Console screenshot showing the AWS Connector for GitHub installation page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/github-conn-access-app-install1.png)
**Note**
You only install the app once for each GitHub account. If you previously installed the app, you can choose **Configure** to proceed to a modification page for your app installation, or you can use the back button to return to the console.
1. On the **Install AWS Connector for GitHub** page, leave the defaults, and choose **Install**.
![\[Console screenshot showing the second AWS Connector for GitHub installation page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/github-conn-access-app-install2.png)
After this step, an updated permissions page might display in GitHub.
1. If a page displays showing that there are updated permissions for the AWS Connector for GitHub app, choose **Accept new permissions**.
![\[Console screenshot showing the AWS Connector for GitHub updated permissions page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/accept-new-permissions.png)
1. You are returned to the **Connect to GitHub** page. The connection ID for your new installation appears in **GitHub Apps**. Choose **Connect**.
### View your created connection
+ The created connection displays in the connections list.
![\[Console screenshot showing connections listing with successfully created connection.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghe-complete.png)
## Create a connection to GitHub (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a connection to GitHub.
To do this, use the **create-connection** command.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**To create a connection to GitHub**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `GitHub` and the specified connection name is `MyConnection`.
```
aws codeconnections create-connection --provider-type GitHub --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
}
```
1. Use the console to complete the connection. For more information, see [Update a pending connection](connections-update.md).
# Create a connection to GitHub Enterprise Server
You use connections to associate your AWS resources with a third-party repository. You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection to GitHub Enterprise Server.
Connections only provide access to repositories owned by the GitHub Enterprise Server account that is used during connection creation to authorize installation of the GitHub app.
Before you begin:
+ You must already have a GitHub Enterprise Server instance and a repository in it.
+ You need to be an administrator of the GitHub Enterprise Server instance in order to create GitHub apps and create a host resource as shown in this section.
**Important**
When you set up your host for GitHub Enterprise Server, a VPC endpoint for webhooks event data is created for you. If you created your host before November 24, 2020, and you want to use VPC PrivateLink webhook endpoints, you must first [delete](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-host-delete.html) your host and then [create](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-host-create.html) a new host.
**Note**
For organizations in GitHub Enterprise Server or GitLab self-managed, you don’t pass an available host. You create a new host for each connection in your organization, and you must be sure to enter the same information in the network fields (VPC ID, Subnet IDs, and Security Group IDs) for the host. For more information, see [Connection and host setup for installed providers supporting organizations](troubleshooting-connections.md#troubleshooting-organization-host).
**Topics**
+ [Create a connection to GitHub Enterprise Server (console)](connections-create-gheserver-console.md)
+ [Create a connection to GitHub Enterprise Server (CLI)](connections-create-gheserver-cli.md)
# Create a connection to GitHub Enterprise Server (console)
To create a GitHub Enterprise Server connection, you provide information for where your GitHub Enterprise Server is installed and authorize the connection creation with your GitHub Enterprise credentials.
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
**Topics**
+ [Create your GitHub Enterprise Server connection (console)](#connections-create-gheserver-connection)
## Create your GitHub Enterprise Server connection (console)
To create a connection to GitHub Enterprise Server, have your server URL and GitHub Enterprise credentials ready.
**To create a host**
1. Sign in to the AWS Management Console, and open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. On the **Hosts** tab, choose **Create host**.
1. In **Host name**, enter the name you want to use for your host.
1. In **Select a provider**, choose one of the following:
+ **GitHub Enterprise Server**
+ **GitLab self-managed**
1. In **URL**, enter the endpoint for the infrastructure where your provider is installed.
1. If your server is configured within an Amazon VPC and you want to connect with your VPC, choose **Use a VPC**. Otherwise, choose **No VPC**.
1. If you have launched your instance into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the following.
1. In **VPC ID**, choose your VPC ID. Make sure to choose the VPC for the infrastructure where your instance is installed or a VPC with access to your instance through VPN or Direct Connect.
1. If you have a private VPC configured, and you have configured your instance to perform TLS validation using a non-public certificate authority, in **TLS certificate**, enter your certificate ID. The TLS Certificate value is the public key of the certificate.
1. Choose **Create host**.
1. After the host details page displays, the host status changes as the host is created.
**Note**
If your host setup includes a VPC configuration, allow several minutes for provisioning of host network components.
Wait for your host to reach a **Pending** status, and then complete the setup. For more information, see [Set up a pending host](connections-host-setup.md).
![\[Console screenshot showing host details with the host in Pending status.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-host-pending.png)
**Step 2: Create your connection to GitHub Enterprise Server (console)**
1. Sign in to the AWS Management Console and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**, and then choose **Create connection**.
1. To create a connection to an installed GitHub Enterprise Server repository, choose **GitHub Enterprise Server**.
**Connect to GitHub Enterprise Server**
1. In **Connection name**, enter the name for your connection.
![\[Console screenshot showing Create host settings page with no VPC.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-screen.png)
1. In **URL**, enter the endpoint for your server.
**Note**
If the provided URL has already been used to set up a GitHub Enterprise Server for a connection, you will be prompted to choose the host resource ARN that was created previously for that endpoint.
1. (Optional) If you have launched your server into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the following.
**Note**
For organizations in GitHub Enterprise Server or GitLab self-managed, you don’t pass an available host. You create a new host for each connection in your organization, and you must be sure to enter the same information in the network fields (VPC ID, Subnet IDs, and Security Group IDs) for the host. For more information, see [Connection and host setup for installed providers supporting organizations](troubleshooting-connections.md#troubleshooting-organization-host).
1. In **VPC ID**, choose your VPC ID. Make sure to choose the VPC for the infrastructure where your GitHub Enterprise Server instance is installed or a VPC with access to your GitHub Enterprise Server instance through VPN or Direct Connect.
1. Under **Subnet ID**, choose **Add**. In the field, choose the subnet ID you want to use for your host. You can choose up to 10 subnets.
Make sure to choose the subnet for the infrastructure where your GitHub Enterprise Server instance is installed or a subnet with access to your installed GitHub Enterprise Server instance through VPN or Direct Connect.
1. Under **Security group IDs**, choose **Add**. In the field, choose the security group you want to use for your host. You can choose up to 10 security groups.
Make sure to choose the security group for the infrastructure where your GitHub Enterprise Server instance is installed or a security group with access to your installed GitHub Enterprise Server instance through VPN or Direct Connect.
1. If you have a private VPC configured, and you have configured your GitHub Enterprise Server instance to perform TLS validation using a non-public certificate authority, in **TLS certificate**, enter your certificate ID. The TLS Certificate value should be the public key of the certificate.
![\[Console screenshot showing create GitHub Enterprise Server connection page for VPC options.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-screen-vpc.png)
1. Choose **Connect to GitHub Enterprise Server**. The created connection is shown with a **Pending** status. A host resource is created for the connection with the server information you provided. For the host name, the URL is used.
1. Choose **Update pending connection.**
![\[Console screenshot showing pending GitHub Enterprise Server connection page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-pending.png)
1. If prompted, on the GitHub Enterprise login page, sign in with your GitHub Enterprise credentials.
1. On the **Create GitHub App** page, choose a name for your app.
![\[Console screenshot showing app creation page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-app-name.png)
1. On the GitHub authorization page, choose **Authorize **.
![\[Console screenshot showing app authorization page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-app-authorize.png)
1. On the app installation page, a message shows that the connector app is ready to be installed. If you have multiple organizations, you might be prompted to choose the organization where you want to install the app.
Choose the repository settings where you want to install the app. Choose **Install**.
![\[Console screenshot showing app authorization page.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-ghes-app-install.png)
1. The connection page shows the created connection in an **Available** status.
# Create a connection to GitHub Enterprise Server (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a connection.
To do this, use the **create-host** and the **create-connection** commands.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**Step 1: To create a host for GitHub Enterprise Server (CLI)**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-host** command, specifying the `--name`, `--provider-type`, and `--provider-endpoint` for your connection. In this example, the third-party provider name is `GitHubEnterpriseServer` and the endpoint is `my-instance.dev`.
```
aws codeconnections create-host --name MyHost --provider-type GitHubEnterpriseServer --provider-endpoint "https://my-instance.dev"
```
If successful, this command returns the host Amazon Resource Name (ARN) information similar to the following.
```
{
"HostArn": "arn:aws:codeconnections:us-west-2:account_id:host/My-Host-28aef605"
}
```
After this step, the host is in `PENDING` status.
1. Use the console to complete the host setup and move the host to an `Available` status. For more information, see [Set up a pending host](connections-host-setup.md).
**Step 2: To set up a pending host in the console**
1. Sign in to the AWS Management Console and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Use the console to complete the host setup and move the host to an `Available` status. See [Set up a pending host](connections-host-setup.md).
**Step 3: To create a connection for GitHub Enterprise Server (CLI)**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--host-arn` and `--connection-name` for your connection.
```
aws codeconnections create-connection --host-arn arn:aws:codeconnections:us-west-2:account_id:host/MyHost-234EXAMPLE --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad"
}
```
1. Use the console to set up the pending connection. For more information, see [Update a pending connection](connections-update.md).
**Step 4: To complete a connection for GitHub Enterprise Server in the console**
1. Sign in to the AWS Management Console and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Use the console to set up the pending connection and move the connection to an `Available` status. For more information, see [Update a pending connection](connections-update.md).
# Create a connection to GitLab
You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection to a repository hosted on gitlab.com.
**Note**
By authorizing this connection installation in GitLab, you grant our service permissions to process your data, and you can revoke the permissions at any time by uninstalling the application.
Before you begin:
+ You must have already created an account with GitLab.
**Note**
Connections only provide access for the account that was used to create and authorize the connection.
**Note**
You can create connections where you have the **Owner** role in GitLab, and then the connection can be used with the repository with resources such as CodePipeline. For repositories in groups, you do not need to be the group owner.
**Topics**
+ [Create a connection to GitLab (console)](#connections-create-gitlab-console)
+ [Create a connection to GitLab (CLI)](#connections-create-gitlab-cli)
## Create a connection to GitLab (console)
You can use the console to create a connection.
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
**Step 1: Create your connection**
1. Sign in to the AWS Management Console, and then open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings**, and then choose **Connections**. Choose **Create connection**.
1. To create a connection to a GitLab repository, under **Select a provider**, choose **GitLab**. In **Connection name**, enter the name for the connection that you want to create. Choose **Connect to GitLab**.
![\[Console screenshot showing connection option selected for GitLab.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-gitlab.png)
1. When the sign-in page for GitLab displays, log in with your credentials and then choose **Sign in**.
1. An authorization page displays with a message requesting authorization for the connection to access your GitLab account.
Choose **Authorize**.
![\[Screenshot showing the message to authorize the connection for your GitLab account.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/gitlab-authorization.png)
1. The browser returns to the connections console page. Under **Create GitLab connection**, the new connection is shown in **Connection name**.
1. Choose **Connect to GitLab**.
After the connection is created successfully, a success banner displays. The connection details are shown on the **Connection settings** page.
## Create a connection to GitLab (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a connection.
To do this, use the **create-connection** command.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**To create a connection to GitLab**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--provider-type` and `--connection-name` for your connection. In this example, the third-party provider name is `GitLab` and the specified connection name is `MyConnection`.
```
aws codeconnections create-connection --provider-type GitLab --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
}
```
1. Use the console to complete the connection. For more information, see [Update a pending connection](connections-update.md).
# Create a connection to GitLab self-managed
You can create connections for GitLab Enterprise Edition or GitLab Community Edition with a self-managed installation.
You can use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to create a connection and host for GitLab self-managed.
**Note**
By authorizing this connection application in GitLab self-managed, you grant our service permissions to process your data, and you can revoke the permissions at any time by uninstalling the application.
Before you create a connection to GitLab self-managed, you must create a host to use for the connection, as detailed in these steps. For an overview of the host creation workflow for installed providers, see [Workflow to create or update a host](welcome-hosts-workflow.md).
You can optionally configure your host with a VPC. For more information about network and VPC configuration for your host resource, see the VPC prerequisites in [(Optional) Prerequisites: Network or Amazon VPC configuration for your connection](connections-host-create.md#connections-create-host-prereq) and [Troubleshooting VPC configuration for your host](troubleshooting-connections.md#troubleshooting-connections-host-vpc).
Before you begin:
+ You must have already created an account with GitLab and have GitLab Enterprise Edition or GitLab Community Edition with a self-managed installation. For more information, see [https://docs.gitlab.com/ee/subscriptions/self\$1managed/](https://docs.gitlab.com/ee/subscriptions/self_managed/).
**Note**
Connections only provide access for the account that was used to create and authorize the connection.
**Note**
You can create connections to a repository where you have the **Owner** role in GitLab, and then the connection can be used with with resources such as CodePipeline. For repositories in groups, you do not need to be the group owner.
+ You must have already created a GitLab personal access token (PAT) with the following scoped-down permission only: `api`, `admin_mode`. For more information, see [https://docs.gitlab.com/ee/user/profile/personal\$1access\$1tokens.html](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). You must be an administrator to create and use the PAT.
**Note**
Your PAT is used to authorize the host and is not otherwise stored or used by connections. To set up a host, you can create a temporary PAT and then after you set up the host, you can delete the PAT.
**Note**
For organizations in GitHub Enterprise Server or GitLab self-managed, you don’t pass an available host. You create a new host for each connection in your organization, and you must be sure to enter the same information in the network fields (VPC ID, Subnet IDs, and Security Group IDs) for the host. For more information, see [Connection and host setup for installed providers supporting organizations](troubleshooting-connections.md#troubleshooting-organization-host).
**Topics**
+ [Create a connection to GitLab self-managed (console)](#connections-create-gitlab-managed-console)
+ [Create a connection to GitLab self-managed (CLI)](#connections-create-gitlab-managed-cli)
## Create a connection to GitLab self-managed (console)
Use these steps to create a host and a connection to GitLab self-managed in the console. For considerations for setting up a host in a VPC, see [(Optional) Prerequisites: Network or Amazon VPC configuration for your connection](connections-host-create.md#connections-create-host-prereq).
**Note**
Beginning July 1, 2024, the console creates connections with `codeconnections` in the resource ARN. Resources with both service prefixes will continue to display in the console.
**Note**
You create a host for a single GitLab self-managed installation, and then you can manage one or more GitLab self-managed connections to that host.
**Step 1: Create your host**
1. Sign in to the AWS Management Console, and then open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. On the **Hosts** tab, choose **Create host**.
1. In **Host name**, enter the name you want to use for your host.
1. In **Select a provider**, choose **GitLab self-managed**.
1. In **URL**, enter the endpoint for the infrastructure where your provider is installed.
1. If your server is configured within an Amazon VPC and you want to connect with your VPC, choose **Use a VPC**. Otherwise, choose **No VPC**.
1. (Optional) If you have launched your host into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the following.
**Note**
For organizations in GitHub Enterprise Server or GitLab self-managed, you don’t pass an available host. You create a new host for each connection in your organization, and you must be sure to enter the same information in the network fields (VPC ID, Subnet IDs, and Security Group IDs) for the host. For more information, see [Connection and host setup for installed providers supporting organizations](troubleshooting-connections.md#troubleshooting-organization-host).
1. In **VPC ID**, choose your VPC ID. Make sure to choose the VPC for the infrastructure where your host is installed or a VPC with access to your instance through VPN or Direct Connect.
1. If you have a private VPC configured, and you have configured your host to perform TLS validation using a non-public certificate authority, in **TLS certificate**, enter your certificate ID. The TLS Certificate value is the public key of the certificate.
1. Choose **Create host**.
1. After the host details page displays, the host status changes as the host is created.
**Note**
If your host setup includes a VPC configuration, allow several minutes for provisioning of host network components.
Wait for your host to reach a **Pending** status, and then complete the setup. For more information, see [Set up a pending host](connections-host-setup.md).
![\[Console screenshot showing GitLab self-managed host details with the host in Pending status.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-glsm-host.png)
**Step 2: Set up your pending host**
1. Choose **Set up host**.
1. A **Set up *host\$1name*** page displays. In **Provide personal access token**, provide your GitLab PAT with the following scoped-down permissions only: `api` and `admin_mode`.
**Note**
Only an administrator can create and use the PAT.
![\[Console screenshot showing GitLab personal access token entry for the new host\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-glsm-pat.png)
1. After your host is successfully registered, the host details page appears and shows that the host status is **Available**.
![\[Console screenshot showing available status for the new host\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-glsm-host-available.png)
**Step 3: Create your connection**
1. Sign in to the AWS Management Console, and then open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings**, and then choose **Connections**. Choose **Create connection**.
1. To create a connection to a GitLab repository, under **Select a provider**, choose **GitLab self-managed**. In **Connection name**, enter the name for the connection that you want to create.
![\[Console screenshot showing connection option selected for GitLab self-managed.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-create-glsm.png)
1. In **URL**, enter the endpoint for your server.
1. If you have launched your server into an Amazon VPC and you want to connect with your VPC, choose **Use a VPC** and complete the following.
1. In **VPC ID**, choose your VPC ID. Make sure to choose the VPC for the infrastructure where your host is installed or a VPC with access to your host through VPN or Direct Connect.
1. Under **Subnet ID**, choose **Add**. In the field, choose the subnet ID you want to use for your host. You can choose up to 10 subnets.
Make sure to choose the subnet for the infrastructure where your host is installed or a subnet with access to your installed host through VPN or Direct Connect.
1. Under **Security group IDs**, choose **Add**. In the field, choose the security group you want to use for your host. You can choose up to 10 security groups.
Make sure to choose the security group for the infrastructure where your host is installed or a security group with access to your installed host through VPN or Direct Connect.
1. If you have a private VPC configured, and you have configured your host to perform TLS validation using a non-public certificate authority, in **TLS certificate**, enter your certificate ID. The TLS Certificate value should be the public key of the certificate.
1. Choose **Connect to GitLab self-managed**. The created connection is shown with a **Pending** status. A host resource is created for the connection with the server information you provided. For the host name, the URL is used.
1. Choose **Update pending connection.**
1. When the sign-in page for GitLab displays, log in with your credentials and then choose **Sign in**.
1. An authorization page displays with a message requesting authorization for the connection to access your GitLab account.
Choose **Authorize**.
1. The browser returns to the connections console page. Under **Create GitLab connection**, the new connection is shown in **Connection name**.
1. Choose **Connect to GitLab self-managed**.
After the connection is created successfully, a success banner displays. The connection details are shown on the **Connection settings** page.
## Create a connection to GitLab self-managed (CLI)
You can use the AWS Command Line Interface (AWS CLI) to create a host and connection for GitLab self-managed.
To do this, use the **create-host** and the **create-connection** commands.
**Important**
A connection created through the AWS CLI or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the CLI or CloudFormation, use the console to edit the connection to make its status `AVAILABLE`.
**Step 1: To create a host for GitLab self-managed (CLI)**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-host** command, specifying the `--name`, `--provider-type`, and `--provider-endpoint` for your connection. In this example, the third-party provider name is `GitLabSelfManaged` and the endpoint is `my-instance.dev`.
```
aws codeconnections create-host --name MyHost --provider-type GitLabSelfManaged --provider-endpoint "https://my-instance.dev"
```
If successful, this command returns the host Amazon Resource Name (ARN) information similar to the following.
```
{
"HostArn": "arn:aws:codeconnections:us-west-2:account_id:host/My-Host-28aef605"
}
```
After this step, the host is in `PENDING` status.
1. Use the console to complete the host setup and move the host to an `Available` status in the following step.
**Step 2: To set up a pending host in the console**
1. Sign in to the AWS Management Console and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Use the console to complete the host setup and move the host to an `Available` status. See [Set up a pending host](connections-host-setup.md).
**Step 3: To create a connection for GitLab self-managed (CLI)**
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-connection** command, specifying the `--host-arn` and `--connection-name` for your connection.
```
aws codeconnections create-connection --host-arn arn:aws:codeconnections:us-west-2:account_id:host/MyHost-234EXAMPLE --connection-name MyConnection
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad"
}
```
1. Use the console to set up the pending connection in the following step.
**Step 4: To complete a connection for GitLab self-managed in the console**
1. Sign in to the AWS Management Console and open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Use the console to set up the pending connection and move the connection to an `Available` status. For more information, see [Update a pending connection](connections-update.md).
# Update a pending connection
A connection created through the AWS Command Line Interface (AWS CLI) or AWS CloudFormation is in `PENDING` status by default. After you create a connection with the AWS CLI or CloudFormation, use the console to update the connection to make its status `AVAILABLE`.
**Note**
You must use the console to update a pending connection. You cannot update a pending connection using the AWS CLI.
The first time you use the console to add a new connection to a third-party provider, you must complete the OAuth handshake with the third-party provider using the installation associated with your connection.
You can use the Developer Tools console to complete a pending connection.
**To complete a connection**
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**.
The names of all connections associated with your AWS account are displayed.
1. In **Name**, choose the name of the pending connection you want to update.
**Update a pending connection** is enabled when you choose a connection with a **Pending** status.
1. Choose **Update a pending connection**.
1. On the **Connect to Bitbucket** page, in **Connection name**, verify the name of your connection.
Under **Bitbucket apps**, choose an app installation, or choose **Install a new app** to create one.
![\[Console screenshot showing the Connect to Bitbucket dialog box, with the install new app button.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/newreview-source-wizard-bitbucket.png)
1. On the app installation page, a message shows that the AWS CodeStar app is trying to connect to your Bitbucket account. Choose **Grant access**.
![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/bitbucket-access-popup.png)
1. The connection ID for your new installation is displayed. Choose **Complete connection**.
# List connections
You can use the Developer Tools console or the **list-connections** command in the AWS Command Line Interface (AWS CLI) to view a list of connections in your account.
## List connections (console)
**To list connections**
1. Open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**.
1. View the name, status, and ARN for your connections.
## List connections (CLI)
You can use the AWS CLI to list your connections to third-party code repositories. For a connection associated to a host resource, such as connections to GitHub Enteprise Server, the output additionally returns the host ARN.
To do this, use the **list-connections** command.
**To list connections**
+ Open a terminal (Linux, macOS, or Unix) or command prompt (Windows), and use the AWS CLI to run the **list-connections** command.
```
aws codeconnections list-connections --provider-type Bitbucket
--max-results 5 --next-token: next-token
```
This command returns the following output.
```
{
"Connections": [
{
"ConnectionName": "my-connection",
"ProviderType": "Bitbucket",
"Status": "PENDING",
"ARN": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f",
"OwnerAccountId": "account_id"
},
{
"ConnectionName": "my-other-connection",
"ProviderType": "Bitbucket",
"Status": "AVAILABLE",
"ARN": "arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f",
"OwnerAccountId": "account_id"
},
],
"NextToken": "next-token"
}
```
# Delete a connection
You can use the Developer Tools console or the **delete-connection** command in the AWS Command Line Interface (AWS CLI) to delete a connection.
**Topics**
+ [Delete a connection (console)](#connections-delete-console)
+ [Delete a connection (CLI)](#connections-delete-cli)
## Delete a connection (console)
**To delete a connection**
1. Open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**.
1. In **Connection name**, choose the name of the connection you want to delete.
1. Choose **Delete**.
1. Enter **delete** in the field to confirm, and then choose **Delete**.
**Important**
This action cannot be undone.
## Delete a connection (CLI)
You can use the AWS Command Line Interface (AWS CLI) to delete a connection.
To do this, use the **delete-connection** command.
**Important**
After you run the command, the connection is deleted. No confirmation dialog box is displayed. You can create a new connection, but the Amazon Resource Name (ARN) is never reused.
**To delete a connection**
+ Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **delete-connection** command, specifying the ARN of the connection that you want to delete.
```
aws codeconnections delete-connection --connection-arn arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f
```
This command returns nothing.
# Tag connections resources
A *tag* is a custom attribute label that you or AWS assigns to an AWS resource. Each AWS tag has two parts:
+ A *tag key* (for example, `CostCenter`, `Environment`, or `Project`). Tag keys are case sensitive.
+ An optional field known as a *tag value* (for example, `111122223333`, `Production`, or a team name). Omitting the tag value is the same as using an empty string. Like tag keys, tag values are case sensitive.
Together these are known as *key-value pairs*.
You can use the console or the CLI to tag resources.
You can tag the following resource types in AWS CodeConnections:
+ Connections
+ Hosts
These steps assume that you have already installed a recent version of the AWS CLI or updated to the current version. For more information, see [Installing the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/installing.html) in the *AWS Command Line Interface User Guide*.
In addition to identifying, organizing, and tracking your resource with tags, you can use tags in AWS Identity and Access Management (IAM) policies to help control who can view and interact with your resource. For examples of tag-based access policies, see [Using tags to control access to AWS CodeConnections resources](connections-tag-based-access-control.md).
**Topics**
+ [Tag resources (console)](#connections-tag-console)
+ [Tag resources (CLI)](#connections-tag-cli)
## Tag resources (console)
You can use the console to add, update, or remove tags on a connections resource.
**Topics**
+ [Add tags to a connections resource (console)](#connections-tag-console-add)
+ [View tags for a connections resource (console)](#connections-tag-console-view)
+ [Edit tags for a connections resource (console)](#connections-tag-console-edit)
+ [Remove tags from a connections resource (console)](#connections-tag-console-remove)
### Add tags to a connections resource (console)
You can use the console to add tags to an existing connection or host.
**Note**
When you create a connection for an installed provider such as GitHub Enterprise Server, and a host resource is also created for you, the tags during creation are added to the connection only. This allows you to tag a host separately if you want to reuse it for a new connection. If you want to add tags to the host, use the steps here.
****To add tags for a connection****
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Connections** tab.
1. Choose the connection you want to edit. The connection settings page displays.
1. Under **Connection tags**, choose **Edit**. The **Edit Connection tags** page displays.
1. In the **Key** and **Value** fields, enter a key pair for each set of tags you want to add. (The **Value** field is optional.) For example, in **Key**, enter **Project**. In **Value**, enter **ProjectA**.
![\[Connection tags interface with fields for Key and Value, and buttons to Add tag and Remove tag.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-tags.png)
1. (Optional) Choose **Add tag** to add more rows and enter more tags.
1. Choose **Submit**. The tags are listed under connection settings.
****To add tags for a host****
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Hosts** tab.
1. Choose the host you want to edit. The host settings page displays.
1. Under **Host tags**, choose **Edit**. The **Host tags** page displays.
1. In the **Key** and **Value** fields, enter a key pair for each set of tags you want to add. (The **Value** field is optional.) For example, in **Key**, enter **Project**. In **Value**, enter **ProjectA**.
![\[Edit Host tags interface with fields for Key and Value, and buttons to Add tag and Remove tag.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/hosts-tag.png)
1. (Optional) Choose **Add tag** to add more rows and enter more tags for a host.
1. Choose **Submit**. The tags are listed under host settings.
### View tags for a connections resource (console)
You can use the console to view the tags for existing resources.
**To view tags for a connection**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Connections** tab.
1. Choose the connection you want to view. The connection settings page displays.
1. Under **Connection tags**, view the tags for the connection under the **Key** and **Value** columns.
**To view tags for a host**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Hosts** tab.
1. Choose the host you want to view.
1. Under **Host tags**, view the tags for the host under the **Key** and **Value** columns.
### Edit tags for a connections resource (console)
You can use the console to edit tags that have been added to connections resources.
**To edit tags for a connection**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Connections** tab.
1. Choose the connection you want to edit. The connection settings page displays.
1. Under **Connection tags**, choose **Edit**. The **Connection tags** page displays.
1. In the **Key** and **Value** fields, update the values in each field as needed. For example, for the **Project** key, in **Value**, change **ProjectA** to **ProjectB**.
1. Choose **Submit**.
**To edit tags for a host**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Hosts** tab.
1. Choose the host you want to edit. The host settings page displays.
1. Under **Host tags**, choose **Edit**. The **Host tags** page displays.
1. In the **Key** and **Value** fields, update the values in each field as needed. For example, for the **Project** key, in **Value**, change **ProjectA** to **ProjectB**.
1. Choose **Submit**.
### Remove tags from a connections resource (console)
You can use the console to remove tags from connections resources. When you remove tags from the associated resource, the tags are deleted.
**To remove tags for a connection**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Connections** tab.
1. Choose the connection you want to edit. The connection settings page displays.
1. Under **Connection tags**, choose **Edit**. The **Connection tags** page displays.
1. Next to the key and value for each tag you want to delete, choose **Remove tag**.
1. Choose **Submit**.
**To remove tags for a host**
1. Sign in to the console. From the navigation pane, choose **Settings**.
1. Under **Settings**, choose **Connections**. Choose the **Hosts** tab.
1. Choose the host you want to edit. The host settings page displays.
1. Under **Host tags**, choose **Edit**. The **Host tags** page displays.
1. Next to the key and value for each tag you want to delete, choose **Remove tag**.
1. Choose **Submit**.
## Tag resources (CLI)
You can use the CLI to view, add, update, or remove tags on a connections resource.
**Topics**
+ [Add tags to a connections resource (CLI)](#connections-tag-add)
+ [View tags for a connections resource (CLI)](#connections-tag-view)
+ [Edit tags for a connections resource (CLI)](#connections-tag-edit)
+ [Remove tags from a connections resource (CLI)](#connections-tag-delete)
### Add tags to a connections resource (CLI)
You can use the AWS CLI to tag resources in connections.
At the terminal or command line, run the **tag-resource** command, specifying the Amazon Resource Name (ARN) of the resource where you want to add tags and the key and value of the tag you want to add. You can add more than one tag.
****To add tags for a connection****
1. Get the ARN for your resource. Use the **list-connections** command shown in [List connections](connections-list.md) to get the connection ARN.
1. In a terminal or at the command line, run the **tag-resource** command.
For example, use the following command to tag a connection with two tags, a tag key named *Project* with the tag value of *ProjectA*, and a tag key named *ReadOnly* with the tag value of *true*.
```
aws codestar-connections tag-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f --tags Key=Project,Value=ProjectA Key=IscontainerBased,Value=true
```
If successful, this command returns nothing.
****To add tags for a host****
1. Get the ARN for your resource. Use the **list-hosts** command shown in [List hosts](connections-host-list.md) to get the host ARN.
1. In a terminal or at the command line, run the **tag-resource** command.
For example, use the following command to tag a host with two tags, a tag key named *Project* with the tag value of *ProjectA*, and a tag key named *IscontainerBased* with the tag value of *true*.
```
aws codestar-connections tag-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:host/My-Host-28aef605 --tags Key=Project,Value=ProjectA Key=IscontainerBased,Value=true
```
If successful, this command returns nothing.
### View tags for a connections resource (CLI)
You can use the AWS CLI to view the AWS tags for a connections resource. If no tags have been added, the returned list is empty. Use the **list-tags-for-resource** command to view tags that have been added to a connection or a host.
****To view tags for a connection****
1. Get the ARN for your resource. Use the **list-connections** command shown in [List connections](connections-list.md) to get the connection ARN.
1. In a terminal or at the command line, run the **list-tags-for-resource** command. For example, use the following command to view a list of tag keys and tag values for a connection.
```
aws codestar-connections list-tags-for-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f
```
This command returns the tags associated with the resource. This example shows two key-value pairs returned for a connection.
```
{
"Tags": [
{
"Key": "Project",
"Value": "ProjectA"
},
{
"Key": "ReadOnly",
"Value": "true"
}
]
}
```
****To view tags for a host****
1. Get the ARN for your resource. Use the **list-hosts** command shown in [List hosts](connections-host-list.md) to get the host ARN.
1. In a terminal or at the command line, run the **list-tags-for-resource** command. For example, use the following command to view a list of tag keys and tag values for a host.
```
aws codestar-connections list-tags-for-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:host/My-Host-28aef605
```
This command returns the tags associated with the resource. This example shows two key-value pairs returned for a host.
```
{
"Tags": [
{
"Key": "IscontainerBased",
"Value": "true"
},
{
"Key": "Project",
"Value": "ProjectA"
}
]
}
```
### Edit tags for a connections resource (CLI)
You can use the AWS CLI to edit a tag for a resource. You can change the value for an existing key or add another key.
At the terminal or command line, run the **tag-resource** command, specifying the ARN of the resource where you want to update a tag and specify the tag key and tag value to update.
When you edit tags, any tag keys not specified will be retained, while anything with the same key but a new value will be updated. New keys that are added with the edit command are added as a new key-value pair.
****To edit tags for a connection****
1. Get the ARN for your resource. Use the **list-connections** command shown in [List connections](connections-list.md) to get the connection ARN.
1. In a terminal or at the command line, run the **tag-resource** command.
In this example, the value for the key `Project` is changed to `ProjectB`.
```
aws codestar-connections tag-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f --tags Key=Project,Value=ProjectB
```
If successful, this command returns nothing. To verify the tags associated with the connection, run the **list-tags-for-resource** command.
****To edit tags for a host****
1. Get the ARN for your resource. Use the **list-hosts** command shown in [List hosts](connections-host-list.md) to get the host ARN.
1. In a terminal or at the command line, run the **tag-resource** command.
In this example, the value for the key `Project` is changed to `ProjectB`.
```
aws codestar-connections tag-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:host/My-Host-28aef605 --tags Key=Project,Value=ProjectB
```
If successful, this command returns nothing. To verify the tags associated with the host, run the **list-tags-for-resource** command.
### Remove tags from a connections resource (CLI)
Follow these steps to use the AWS CLI to remove a tag from a resource. When you remove tags from the associated resource, the tags are deleted.
**Note**
If you delete a connection resource, all tag associations are removed from the deleted resource. You do not have to remove tags before you delete a connection resource.
At the terminal or command line, run the **untag-resource** command, specifying the ARN of the resource where you want to remove tags and the tag key of the tag you want to remove. For example, to remove multiple tags on a connection with the tag keys *Project* and *ReadOnly*, use the following command.
```
aws codestar-connections untag-resource --resource-arn arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f --tag-keys Project ReadOnly
```
If successful, this command returns nothing. To verify the tags associated with the resource, run the **list-tags-for-resource** command. The output shows that all tags have been removed.
```
{
"Tags": []
}
```
# View connection details
You can use the Developer Tools console or the **get-connection** command in the AWS Command Line Interface (AWS CLI) to view details for a connection. To use the AWS CLI, you must have already installed a recent version of the AWS CLI or updated to the current version. For more information, see [Installing the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/installing.html) in the *AWS Command Line Interface User Guide*.
**To view a connection (console)**
1. Open the Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/connections](https://console.aws.amazon.com/codesuite/settings/connections).
1. Choose **Settings > Connections**.
1. Choose the button next to the connection you want to view, and then choose **View details**.
1. The following information appears for your connection:
+ The connection name.
+ The provider type for your connection.
+ The connection status.
+ The connection ARN.
+ If the connection was created for an installed provider, such as GitHub Enterprise Server, the host information associated with the connection.
+ If the connection was created for an installed provider, such as GitHub Enterprise Server, the endpoint information associated with the host for the connection.
1. If the connection is in **Pending** status, to complete the connection, choose **Update pending connection**. For more information , see [Update a pending connection](connections-update.md).
**To view a connection (CLI)**
+ At the terminal or command line, run the **get-connection** command. For example, use the following command to view details for a connection with the `arn:aws:codestar-connections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f` ARN value.
```
aws codeconnections get-connection --connection-arn arn:aws:codeconnections:us-west-2:account_id:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f
```
If successful, this command returns the connections details.
Example output for a Bitbucket connection:
```
{
"Connection": {
"ConnectionName": "MyConnection",
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/cdacd948-EXAMPLE",
"ProviderType": "Bitbucket",
"OwnerAccountId": "account_id",
"ConnectionStatus": "AVAILABLE"
}
}
```
Example output for a GitHub connection:
```
{
"Connection": {
"ConnectionName": "MyGitHubConnection",
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/ebcd4a13-EXAMPLE",
"ProviderType": "GitHub",
"OwnerAccountId": "account_id",
"ConnectionStatus": "AVAILABLE"
}
}
```
Example output for a GitHub Enterprise Server connection:
```
{
"Connection": {
"ConnectionName": "MyConnection",
"ConnectionArn": "arn:aws:codeconnections:us-west-2:account_id:connection/2d178fb9-EXAMPLE",
"ProviderType": "GitHubEnterpriseServer",
"OwnerAccountId": "account_id",
"ConnectionStatus": "PENDING",
"HostArn": "arn:aws:ccodeconnections:us-west-2:account_id:host/sdfsdf-EXAMPLE"
}
}
```
# Share connections with AWS accounts
You can use resource sharing with AWS RAM to share an existing connection with another AWS account or with accounts in your organization. You can use your shared connection with resources in AWS that you manage for third-party source connections, such as in CodePipeline.
**Important**
Connection sharing is not supported for `codestar-connections `resources. This is only supported for `codeconnections` resources.
Before you begin:
+ You must have already created a connection with your AWS account.
+ You must have resource sharing enabled.
+ You must have the required permissions configured. For more information, see [Supported permissions for connection sharing](security-iam.md#permissions-reference-connections-sharing).
**Note**
To share the connection, you must be the organization owner or the repository owner if not under an organization. The account that you are sharing with will also need permissions to the repository.
**Topics**
+ [Share a connection (console)](#connections-share-console)
+ [Share a connection (CLI)](#connections-share-cli)
+ [View shared connections (console)](#connections-view-console)
+ [View shared connections (CLI)](#connections-view-cli)
## Share a connection (console)
You can use the console to create shared connection resources.
1. Sign in to the AWS Management Console.
Choose **Create resource share** on the **[Shared by me : Shared resources](https://console.aws.amazon.com/ram/home#OwnedResources:)** page in the AWS RAM console.
1. Because AWS RAM resource shares exist in specific AWS Regions, choose the appropriate AWS Region from the dropdown list in the upper-right corner of the console. To create resource shares that contain global resources, you must set the AWS Region to US East (N. Virginia),
For more information about sharing global resources, see [Sharing Regional resources compared to global resources](https://docs.aws.amazon.com/ram/latest/userguide/working-with-regional-vs-global.html).
1. On the creation page, in **Name**, enter a name for your resource share. Under **Resources**, choose **Code Connections**.
![\[\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/connections-share-create.png)
1. Choose your connection resource and assign the principals with whom you want to share.
1. Choose **Create**.
## Share a connection (CLI)
You can use the AWS Command Line Interface (AWS CLI) to share an existing connection with other accounts and view connections that you own or have had shared with you.
To do this, use the **create-resource-share** and `accept-resource-share-invitation `commands for AWS RAM.
**To share a connection**
1. Sign in with the account that will share the connection.
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **create-resource-share** command, specifying the `--name`, `--resource-arns`, and `--principals` for your connection share. In this example, the name is `my-shared-resource` and the specified connection name is `MyConnection` in the resource ARN. In `principals`, provide the destination account or accounts that you are sharing with.
```
aws ram create-resource-share --name my-shared-resource --resource-arns connection_ARN --principals destination_account
```
If successful, this command returns the connection ARN information similar to the following.
```
{
"resourceShare": {
"resourceShareArn": "arn:aws:ram:us-west-2:111111111111:resource-share/4476c27d-8feb-4b21-afe9-7de23EXAMPLE",
"name": "MyNewResourceShare",
"owningAccountId": "111111111111",
"allowExternalPrincipals": true,
"status": "ACTIVE",
"creationTime": 1634586271.302,
"lastUpdatedTime": 1634586271.302
}
}
```
1. Requests to share can be accepted as detailed in the next procedure.
**To authenticate and accept the connection share with the destination account**
The following procedure is optional for destination accounts that belong to the same organization and have resource sharing enabled in Organizations.
1. Sign in with the destination account that will receive the invitation.
1. Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **get-resource-share-invitations** command.
```
aws ram get-resource-share-invitations
```
Capture the resource share invitation ARN for the next step.
1. Run the **accept-resource-share-invitation** command, specifying the `--resource-share-invitation-arn`.
```
aws ram accept-resource-share-invitation --resource-share-invitation-arn invitation_ARN
```
If successful, this command returns the following output.
```
{
"resourceShareInvitation": {
"resourceShareInvitationArn": "arn:aws:ram:us-west-2:111111111111:resource-share-invitation/1e3477be-4a95-46b4-bbe0-c4001EXAMPLE",
"resourceShareName": "MyResourceShare",
"resourceShareArn": "arn:aws:ram:us-west-2:111111111111:resource-share/27d09b4b-5e12-41d1-a4f2-19dedEXAMPLE",
"senderAccountId": "111111111111",
"receiverAccountId": "222222222222",
"invitationTimestamp": "2021-09-22T15:07:35.620000-07:00",
"status": "ACCEPTED"
}
}
```
## View shared connections (console)
You can use the console to view shared connection resources.
1. Sign in to the AWS Management Console.
Open the **[Shared by me : Shared resources](https://console.aws.amazon.com/ram/home#OwnedResources:)** page in the AWS RAM console.
1. Because AWS RAM resource shares exist in specific AWS Regions, choose the appropriate AWS Region from the dropdown list in the upper-right corner of the console. To see resource shares that contain global resources, you must set the AWS Region to US East (N. Virginia),
For more information about sharing global resources, see [Sharing Regional resources compared to global resources](https://docs.aws.amazon.com/ram/latest/userguide/working-with-regional-vs-global.html).
1. For each shared resource, the following information is available:
+ **Resource ID** – The ID of the resource. Choose the ID of a resource to open a new browser tab to view the resource in its native service console.
+ **Resource type** – The type of resource.
+ **Last share date** – The date on which the resource was last shared.
+ **Resource shares** – The number of resource shares that include the resource. To see the list of the resource shares, choose the number.
+ **Principals** – The number of principals who can access the resource. Choose the value to view the principals.
## View shared connections (CLI)
You can use the AWS CLI to view connections that you own or have had shared with you.
To do this, use the **get-resource-shares** command.
**To view shared connections**
+ Open a terminal (Linux, macOS, or Unix) or command prompt (Windows). Use the AWS CLI to run the **get-resource-shares** command.
```
aws ram get-resource-shares
```
The output returns a list of resource shares for your account.