# Connecting GitHub (Cloud) to Amazon Q Business GitHub (Cloud) GitHub (Cloud) is a web-based hosting service for software development providing code storage and management services with version control. You can connect your GitHub (Cloud) instance to Amazon Q Business—using either the AWS Management Console, CLI, or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) API—and create an Amazon Q web experience. **Topics** + [ # GitHub (Cloud) connector overview ](github-cloud-overview.md) + [ # Prerequisites for connecting Amazon Q Business to GitHub (Cloud) ](github-cloud-prereqs.md) + [ # Connecting Amazon Q Business to GitHub (Cloud) using the console ](github-cloud-console.md) + [ # Connecting Amazon Q Business to GitHub (Cloud) using APIs ](github-cloud-api.md) + [ # Connecting Amazon Q Business to GitHub (Cloud) using AWS CloudFormation ](github-cloud-cfn.md) + [ # How Amazon Q Business connector crawls GitHub Cloud ACLs ](github-cloud-user-management.md) + [ # GitHub (Cloud) data source connector field mappings ](github-cloud-field-mappings.md) + [ # IAM role for GitHub (Cloud) connector ](github-cloud-iam-role.md) **Learn more** + For an overview of the Amazon Q web experience creation process using IAM Identity Center, see [Configuring an application using IAM Identity Center](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application.html). + For an overview of the Amazon Q web experience creation process using AWS Identity and Access Management, see [Configuring an application using IAM](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application-iam.html). + For an overview of connector features, see [Data source connector concepts](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html). + For information about connector configuration best practices, see [Connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html). # GitHub (Cloud) connector overview Overview The following table gives an overview of the Amazon Q Business GitHub (Cloud) connector and its supported features. **** [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-overview.html) # Prerequisites for connecting Amazon Q Business to GitHub (Cloud) Prerequisites Before you begin, make sure that you have completed the following prerequisites. **In GitHub (Cloud), make sure you have:** + Created a GitHub (Cloud) user with administrative permissions to the GitHub (Cloud) organization. + Created a classic personal access token for authentication credentials. See [GitHub (Cloud) documentation on creating a personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). + **Recommended:** Created an OAuth token for authentication credentials. Use OAuth token for better API throttle limits and connector performance. See [GitHub (Cloud) documentation on OAuth authorization](https://docs.github.com/en/rest/apps/oauth-applications?apiVersion=2022-11-28#about-oauth-apps-and-oauth-authorizations-of-github-apps). Then, added the following OAuth scopes: + `repo:status` – Grants read/write access to commit statuses in public and private repositories. This scope is only necessary to grant other users or services access to private repository commit statuses without granting access to the code. + `repo_deployment` – Grants access to deployment statuses for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, without granting access to the code. + `public_repo` – Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories. + `repo:invite` – Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites without granting access to the code. + `security_events` – Grants: read and write access to security events in the code scanning API. This scope is only necessary to grant other users or services access to security events without granting access to the code. + `read:org` – Read-only access to organization membership, organization projects, and team membership. + `user:email` – Grants read access to a user's email addresses. Required by Amazon Q Business to crawl ACLs. + `user:follow` – Grants access to follow or unfollow other users. Required by Amazon Q Business to crawl ACLs. + `read:user` – Grants access to read a user's profile data. Required by Amazon Q Business to crawl ACLs. + `workflow` – Grants the ability to add and update GitHub (Cloud) Actions workflow files. Workflow files can be committed without this scope if the same file (with both the same path and contents) exists on another branch in the same repository. For more information, see [Scopes for OAuth apps](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps) in GitHub (Cloud) Docs. + Noted the GitHub (Cloud) host URL for the type of GitHub (Cloud) service that you use. For example, the host URL for GitHub (Cloud) Cloud could be *https://api.github.com*. + Noted the name of your organization for GitHub (Cloud) the GitHub (Cloud) Enterprise account you want to connect to. You can find your organization name by logging into GitHub (Cloud) desktop and selecting **Your organizations** under your profile picture dropdown. **In your AWS account, make sure you have:** + Created a Amazon Q Business application. + Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html). + Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role. + Stored your GitHub (Cloud) authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret. **Note** If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console. For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html). **Note** For more information on connecting GitHub (Cloud) to Amazon Q Business, see [Connect the Amazon Q Business generative AI coding companion to your GitHub repositories with Amazon Q GitHub (Cloud) connector](https://aws.amazon.com/blogs/machine-learning/connect-the-amazon-q-business-generative-ai-coding-companion-to-your-github-repositories-with-amazon-q-github-cloud-connector/) in the *AWS Machine Learning Blog*. # Connecting Amazon Q Business to GitHub (Cloud) using the console Using the console The following procedure outlines how to connect Amazon Q Business to GitHub (Cloud) using the AWS Management Console. **Connecting Amazon Q to GitHub (Cloud)** 1. Sign in to the AWS Management Console and open the Amazon Q Business console. 1. From the left navigation menu, choose **Data sources**. 1. From the **Data sources** page, choose **Add data source**. 1. Then, on the **Add data sources** page, from **Data sources**, add the **GitHub** data source to your Amazon Q application. 1. Then, on the **GitHub (Cloud)** data source page, enter the following information: 1. **Name and description**, do the following: + For **Data source name** – Name your data source for easy tracking. **Note** You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters. + **Description – *optional*** – Add an optional description for your data source. This text is viewed only by Amazon Q Business administrators and can be edited later. 1. **Source** – Choose your GitHub (Cloud) source details. 1. **GitHub (Cloud) source** – Choose GitHub (Cloud) Enterprise Cloud. 1. **GitHub (Cloud) host URL** – Enter the GitHub (Cloud) host name with the protocol (http:// or https://). For example: *https://api.github.com*. 1. **GitHub (Cloud) organization name** – You can find your organization name when you log in to GitHub (Cloud) desktop and go to **Your organizations** under your profile picture dropdown. 1. **Authorization** – Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. If supported for your connector, you can manage ACLs by selecting ** Enable ACLs ** to enable ACLs or **Disable ACLs** to disable them. To manage ACLs, you need specific IAM permissions. See [Grant permission to create data sources with ACLs disabled](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html#DisableAclOnDataSource) for more details. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details. 1. **Authentication** – Enter the following information for your **AWS Secrets Manager secret**. 1. **Secret name** – A name for your secret. 1. **GitHub (Cloud) token** – Enter the access token you created in GitHub (Cloud). 1. **Configure VPC and security group – *optional*** – Choose whether you want to use a VPC. If you do, enter the following information: 1. **Subnets** – Select up to 6 repository subnets that define the subnets and IP ranges the repository instance uses in the selected VPC. 1. **VPC security groups** – Choose up to 10 security groups that allow access to your data source. Ensure that the security group allows incoming traffic from Amazon EC2 instances and devices outside your VPC. For databases, security group instances are required. For more information, see [VPC](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-vpc). 1. **IAM role** – Choose an existing IAM role or create an IAM role to access your repository credentials and index content. **Note** Creating a new service IAM role is recommended. For more information, see [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-connector.html#github-cloud-iam). 1. In **Sync scope**, enter the following information: 1. **Select repositories to crawl**—Select between crawling **All** repositories or **Select repositories**. If you choose **Select repositories**, add names for the repositories in **Name of repository** and, optionally, the name of any specific branches in **Name of branch**. 1. For **Maximum file size** – Specify the file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. 1. **Additional configuration – *optional*** – Configure the following settings: + **Content types** – Select the file types you want to include. You can choose from the following options: **All**, **Files**, **Issues**, **Issue comments**, **Issue comment attachments**, **Pull request comment attachments**, **Pull requests**, and **Pull request comments**. + **Regex patterns** – Regular expression patterns to include or exclude certain files. You can add up to 100 patterns. 1. **Advanced settings** **Document deletion safeguard** - *optional*–To safeguard your documents from deletion during a sync job, select **On** and enter an integer between 0 - 100. If the percentage of documents to be deleted in your sync job exceeds the percentage you selected, the delete phase will be skipped and no documents from this data source will be deleted from your index. For more information, see [Document deletion safeguard](connector-concepts.md#document-deletion-safeguard). 1. In **Sync mode**, choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Q for the first time, all content is synced by default. + **Full sync** – Sync all content regardless of the previous sync status. + **New or modified content sync** – Sync only new and modified documents. + **New, modified, or deleted content sync** – Sync only new, modified, and deleted documents. For more details, see [Sync mode](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-mode). 1. In **Sync run schedule**, for **Frequency** – Choose how often Amazon Q will sync with your data source. For more details, see [Sync run schedule](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-run). To learn how to start a data sync job, see [Starting data source connector sync jobs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/supported-datasource-actions.html#start-datasource-sync-jobs). 1. **Tags - *optional*** – Add tags to search and filter your resources or track your AWS costs. See [Tags](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tagging.html) for more details. 1. **Field mappings** – A list of data source document attributes to map to your index fields. **Note** Add or update the fields from the **Data source details** page after you finish adding your data source. You can choose from two types of fields: 1. **Default** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can't edit these. 1. **Custom** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can edit these. You can also create and add new custom fields. **Note** Support for adding custom fields varies by connector. You won't see the **Add field** option if your connector doesn't support adding custom fields. For more information, see [Field mappings](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-field-mappings). 1. In **Data source details**, choose **Sync now** to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use. **Note** View CloudWatch logs for your data source sync job by selecting **View CloudWatch logs**. If you encounter a `Resource not found exception` error, wait and try again as logs may not be available immediately. You can also view a detailed document-level report by selecting **View Report**. This report shows the status of each document during the crawl, sync, and index stages, including any errors. If the report is empty for an in-progress job, check back later as data is emitted to the report as events occur during the sync process. For more information, see [Troubleshooting data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/troubleshooting-data-sources.html#troubleshooting-data-sources-not-indexed). # Connecting Amazon Q Business to GitHub (Cloud) using APIs Using the API You use the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) action to connect a data source to your Amazon Q application. You can also use the [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) action to modify an existing data source configuration. Then, you use the `configuration` parameter to provide a JSON blob that conforms the AWS-defined JSON schema. For an example of the API request, see [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) and [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) in the Amazon Q API Reference. **Topics** + [ ## GitHub (Cloud) configuration properties ](#github-cloud-configuration-keys) + [ ## GitHub (Cloud) JSON schema ](#github-cloud-json) + [ ## GitHub (Cloud) JSON schema example ](#s3-api-json-example) ## GitHub (Cloud) configuration properties The following provides information about important configuration properties required in the schema. | Configuration | Description | Type | Required | | --- | --- | --- | --- | | `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has a sub-property called `repositoryEndpointMetadata`. | Yes | | `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | Yes | | `hostUrl` | The GitHub (Cloud) host URL. For example, if you use GitHub (Cloud) Enterprise Cloud: https://api.github.com. | `string` | Yes | | `type` | The hosting method for your GitHub instance. | `string` The only allowed value is `SAAS`. | Yes | | `organizationName` | You can find your organization name when you log in to GitHub (Cloud) desktop and go to Your organizations under your profile picture dropdown. | `string` | Yes | | `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. | `array` This property has the following sub-properties: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | Yes | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | A list of objects that map the attributes or field names of your GitHub (Cloud) pages and assets to Amazon Q index field names. | `object` These properties have the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | No | | `indexFieldName` | The field name of your GitHub (Cloud) pages and assets. | `string` | Yes | | `indexFieldType` | The field type of your GitHub (Cloud) pages and assets. | `string` The allowed values are `STRING`, `STRING_LIST`, and `DATE`. | Yes | | `dataSourceFieldName` | The data source field name of your GitHub (Cloud) pages and assets. | `string` | Yes | | `dateFieldFormat` | The date format of your GitHub (Cloud) pages and assets. | `string` Specify the date format in the form `yyyy-MM-dd'T'HH:mm:ss'Z'` | No | | `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | Yes | | `isCrawlAcl` | Specify true to crawl access control information from documents. | `boolean` | No | | `maxFileSizeInMegaBytes` | Specify the maximum single file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` The allowed values are numbers between greater than 0 and less than or equal to 50. | No | | `fieldForUserId` | Specify field to use for UserId for ACL crawling. | `string` | No | | repositoryFilter | A list of names of the specific repositories and branch names you want to index. | `object` This property has the following sub-properties: `repositoryName` and `branchNameList`. | No | | `repositoryName` | The list of repository names that you want to index. | `string` | No | | `branchNameList` | The list of branch names that you want to index. | `array (string)` | No | | `crawlRepository` | Specify true to crawl repositories. | `boolean` | No | | `crawlRepositoryDocuments` | Specify true to crawl repository documents. | `boolean` | No | | `crawlIssue` | Specify true to crawl issues. | `boolean` | No | | `crawlIssueComment` | Specify true to crawl issue comments. | `boolean` | No | | `crawlIssueCommentAttachment` | Specify true to crawl issue comment attachments. | `boolean` | No | | `crawlPullRequest` | Specify true to crawl pull requests. | `boolean` | No | | `crawlPullRequestComment` | Specify true to crawl pull request comments. | `boolean` | No | | `crawlPullRequestCommentAttachment` | Specify true to crawl pull request comment attachments. | `boolean` | No | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | A list of regular expression patterns to include specific content in your GitHub (Cloud) data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | A list of regular expression patterns to exclude specific content in your GitHub (Cloud) data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No | | `type` | The type of data source. Specify GITHUB as your data source type. | `string` | Yes | | `enableIdentityCrawler` | Specify true to use the Amazon Q identity crawler to sync identity/principal information on users and groups with access to specific documents. | `boolean` | Yes | | `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-api.html) | Yes | | `secretArn` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your GitHub (Cloud). | `string` The secret must contain a JSON structure with the following keys: 
{
    "personalToken": "token"
}
| No | | `version` | The version of this template that's currently supported. | `string` | No | ## GitHub (Cloud) JSON schema The following is the GitHub (Cloud) JSON schema: ``` { "type": "object", "properties": { "type": { "type": "string", "pattern": "GITHUB" }, "syncMode": { "type": "string", "enum": ["FULL_CRAWL", "FORCED_FULL_CRAWL", "CHANGE_LOG"] }, "secretArn": { "type": "string", "minLength": 20, "maxLength": 2048 }, "enableIdentityCrawler": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "connectionConfiguration": { "type": "object", "properties": { "repositoryEndpointMetadata": { "type": "object", "properties": { "type": { "type": "string" }, "hostUrl": { "type": "string", "pattern": "https://.*" }, "organizationName": { "type": "string" } }, "required": ["type", "hostUrl", "organizationName"] } }, "required": ["repositoryEndpointMetadata"] }, "repositoryConfigurations": { "type": "object", "properties": { "ghRepository": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghCommit": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueDocument": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueComment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueAttachment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRDocument": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRComment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRAttachment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] } } }, "additionalProperties": { "type": "object", "properties": { "isCrawlAcl": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "maxFileSizeInMegaBytes": { "type": "string" }, "fieldForUserId": { "type": "string" }, "crawlRepository": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlRepositoryDocuments": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssue": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssueComment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssueCommentAttachment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequest": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequestComment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequestCommentAttachment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "repositoryFilter": { "type": "array", "items": [ { "type": "object", "properties": { "repositoryName": { "type": "string" }, "branchNameList": { "type": "array", "items": { "type": "string" } } } } ] }, "inclusionFolderNamePatterns": { "type": "array", "items": { "type": "string" } }, "inclusionFileTypePatterns": { "type": "array", "items": { "type": "string" } }, "inclusionFileNamePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFolderNamePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFileTypePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFileNamePatterns": { "type": "array", "items": { "type": "string" } }, "enableDeletionProtection": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ], "default": false }, "deletionProtectionThreshold": { "type": "string", "default": "15" } }, "required": [] }, "version": { "type": "string", "anyOf": [ { "pattern": "1.0.0" } ] } }, "required": [ "syncMode", "enableIdentityCrawler", "connectionConfiguration", "repositoryConfigurations", "additionalProperties" ] } ``` ## GitHub (Cloud) JSON schema example The following is the GitHub (Cloud) JSON schema example: ``` { "type": "GITHUB", "syncMode": "FULL_CRAWL", "secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-github-secret", "enableIdentityCrawler": "true", "sslCertificatePath": { "bucket": "my-github-bucket", "key": "certificates/my-cert.pem" }, "connectionConfiguration": { "repositoryEndpointMetadata": { "type": "GitHub", "hostUrl": "https://api.github.com", "organizationName": "my-org" } }, "repositoryConfigurations": { "ghRepository": { "fieldMappings": [ { "indexFieldName": "repo_name", "indexFieldType": "STRING", "dataSourceFieldName": "name", "dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'" } ] }, "ghCommit": { "fieldMappings": [ { "indexFieldName": "commit_id", "indexFieldType": "STRING", "dataSourceFieldName": "id", "dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'" } ] } }, "additionalProperties": { "isCrawlAcl": "true", "maxFileSizeInMegaBytes": "50", "crawlRepository": "true", "crawlIssue": "true", "repositoryFilter": [ { "repositoryName": "my-repo", "branchNameList": ["main", "develop"] } ], "inclusionFileTypePatterns": ["*.md", "*.txt"], "exclusionFileNamePatterns": ["*draft*"], "enableDeletionProtection": "false", "deletionProtectionThreshold": "15" }, "version": "1.0.0" } ``` # Connecting Amazon Q Business to GitHub (Cloud) using AWS CloudFormation Using the CloudFormation You use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html) resource to connect a data source to your Amazon Q application. Use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid) property to provide a JSON or YAML schema with the necessary configuration details specific to your data source connector. To learn more about AWS CloudFormation, see [What is AWS CloudFormation?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in the *CloudFormation User Guide*. **Topics** + [ ## GitHub (Cloud) configuration properties ](#github-cloud-configuration-keys) + [ ## GitHub (Cloud) JSON schema for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-json) + [ ## GitHub (Cloud) YAML schema for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-yaml) ## GitHub (Cloud) configuration properties The following provides information about important configuration properties required in the schema. | Configuration | Description | Type | Required | | --- | --- | --- | --- | | `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has a sub-property called `repositoryEndpointMetadata`. | Yes | | `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | Yes | | `hostUrl` | The GitHub (Cloud) host URL. For example, if you use GitHub (Cloud) Enterprise Cloud: https://api.github.com. | `string` | Yes | | `type` | The hosting method for your GitHub instance. | `string` The only allowed value is `SAAS`. | Yes | | `organizationName` | You can find your organization name when you log in to GitHub (Cloud) desktop and go to Your organizations under your profile picture dropdown. | `string` | Yes | | `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. | `array` This property has the following sub-properties: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | Yes | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | A list of objects that map the attributes or field names of your GitHub (Cloud) pages and assets to Amazon Q index field names. | `object` These properties have the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | No | | `indexFieldName` | The field name of your GitHub (Cloud) pages and assets. | `string` | Yes | | `indexFieldType` | The field type of your GitHub (Cloud) pages and assets. | `string` The allowed values are `STRING`, `STRING_LIST`, and `DATE`. | Yes | | `dataSourceFieldName` | The data source field name of your GitHub (Cloud) pages and assets. | `string` | Yes | | `dateFieldFormat` | The date format of your GitHub (Cloud) pages and assets. | `string` Specify the date format in the form `yyyy-MM-dd'T'HH:mm:ss'Z'` | No | | `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | Yes | | `isCrawlAcl` | Specify true to crawl access control information from documents. | `boolean` | No | | `maxFileSizeInMegaBytes` | Specify the maximum single file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` The allowed values are numbers between greater than 0 and less than or equal to 50. | No | | `fieldForUserId` | Specify field to use for UserId for ACL crawling. | `string` | No | | repositoryFilter | A list of names of the specific repositories and branch names you want to index. | `object` This property has the following sub-properties: `repositoryName` and `branchNameList`. | No | | `repositoryName` | The list of repository names that you want to index. | `string` | No | | `branchNameList` | The list of branch names that you want to index. | `array (string)` | No | | `crawlRepository` | Specify true to crawl repositories. | `boolean` | No | | `crawlRepositoryDocuments` | Specify true to crawl repository documents. | `boolean` | No | | `crawlIssue` | Specify true to crawl issues. | `boolean` | No | | `crawlIssueComment` | Specify true to crawl issue comments. | `boolean` | No | | `crawlIssueCommentAttachment` | Specify true to crawl issue comment attachments. | `boolean` | No | | `crawlPullRequest` | Specify true to crawl pull requests. | `boolean` | No | | `crawlPullRequestComment` | Specify true to crawl pull request comments. | `boolean` | No | | `crawlPullRequestCommentAttachment` | Specify true to crawl pull request comment attachments. | `boolean` | No | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | A list of regular expression patterns to include specific content in your GitHub (Cloud) data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | A list of regular expression patterns to exclude specific content in your GitHub (Cloud) data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No | | `type` | The type of data source. Specify GITHUB as your data source type. | `string` | Yes | | `enableIdentityCrawler` | Specify true to use the Amazon Q identity crawler to sync identity/principal information on users and groups with access to specific documents. | `boolean` | Yes | | `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/github-cloud-cfn.html) | Yes | | `secretArn` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your GitHub (Cloud). | `string` The secret must contain a JSON structure with the following keys: 
{
    "personalToken": "token"
}
| No | | `version` | The version of this template that's currently supported. | `string` | No | ## GitHub (Cloud) JSON schema for using the configuration property with AWS CloudFormation GitHub (Cloud) JSON schema The following is the GitHub (Cloud) JSON schema and examples for the configuration property for AWS CloudFormation. **Topics** + [ ### GitHub (Cloud) JSON schema for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-json-schema) + [ ### GitHub (Cloud) JSON schema example for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-json-example) ### GitHub (Cloud) JSON schema for using the configuration property with AWS CloudFormation GitHub (Cloud) JSON schema The following is the GitHub (Cloud) JSON schema for the configuration property for CloudFormation ``` { "type": "object", "properties": { "type": { "type": "string", "pattern": "GITHUB" }, "syncMode": { "type": "string", "enum": ["FULL_CRAWL", "FORCED_FULL_CRAWL", "CHANGE_LOG"] }, "secretArn": { "type": "string", "minLength": 20, "maxLength": 2048 }, "enableIdentityCrawler": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "connectionConfiguration": { "type": "object", "properties": { "repositoryEndpointMetadata": { "type": "object", "properties": { "type": { "type": "string" }, "hostUrl": { "type": "string", "pattern": "https://.*" }, "organizationName": { "type": "string" } }, "required": ["type", "hostUrl", "organizationName"] } }, "required": ["repositoryEndpointMetadata"] }, "repositoryConfigurations": { "type": "object", "properties": { "ghRepository": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghCommit": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueDocument": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueComment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghIssueAttachment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRDocument": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRComment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] }, "ghPRAttachment": { "type": "object", "properties": { "fieldMappings": { "type": "array", "items": [ { "type": "object", "properties": { "indexFieldName": { "type": "string" }, "indexFieldType": { "type": "string", "enum": ["STRING", "STRING_LIST", "DATE"] }, "dataSourceFieldName": { "type": "string" }, "dateFieldFormat": { "type": "string", "pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'" } }, "required": [ "indexFieldName", "indexFieldType", "dataSourceFieldName" ] } ] } }, "required": ["fieldMappings"] } } }, "additionalProperties": { "type": "object", "properties": { "isCrawlAcl": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "maxFileSizeInMegaBytes": { "type": "string" }, "fieldForUserId": { "type": "string" }, "crawlRepository": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlRepositoryDocuments": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssue": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssueComment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlIssueCommentAttachment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequest": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequestComment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "crawlPullRequestCommentAttachment": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ] }, "repositoryFilter": { "type": "array", "items": [ { "type": "object", "properties": { "repositoryName": { "type": "string" }, "branchNameList": { "type": "array", "items": { "type": "string" } } } } ] }, "inclusionFolderNamePatterns": { "type": "array", "items": { "type": "string" } }, "inclusionFileTypePatterns": { "type": "array", "items": { "type": "string" } }, "inclusionFileNamePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFolderNamePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFileTypePatterns": { "type": "array", "items": { "type": "string" } }, "exclusionFileNamePatterns": { "type": "array", "items": { "type": "string" } }, "enableDeletionProtection": { "anyOf": [ { "type": "boolean" }, { "type": "string", "enum": ["true", "false"] } ], "default": false }, "deletionProtectionThreshold": { "type": "string", "default": "15" } }, "required": [] }, "version": { "type": "string", "anyOf": [ { "pattern": "1.0.0" } ] } }, "required": [ "syncMode", "enableIdentityCrawler", "connectionConfiguration", "repositoryConfigurations", "additionalProperties" ] } ``` ### GitHub (Cloud) JSON schema example for using the configuration property with AWS CloudFormation GitHub (Cloud) JSON schema example The following is the GitHub (Cloud) JSON schema example for the configuration property for CloudFormation ``` { "AWSTemplateFormatVersion": "2010-09-09", "Description": "CloudFormation GITHUB Data Source Template", "Resources": { "DataSourceGitHub": { "Type": "AWS::QBusiness::DataSource", "Properties": { "ApplicationId": "app12345-1234-1234-1234-123456789012", "IndexId": "indx1234-1234-1234-1234-123456789012", "DisplayName": "MyGitHubDataSource", "RoleArn": "arn:aws:iam::123456789012:role/qbusiness-data-source-role", "Configuration": { "type": "GITHUB", "syncMode": "FULL_CRAWL", "secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-github-secret", "enableIdentityCrawler": "true", "sslCertificatePath": { "bucket": "my-github-bucket", "key": "certificates/my-cert.pem" }, "connectionConfiguration": { "repositoryEndpointMetadata": { "type": "GitHub", "hostUrl": "https://api.github.com", "organizationName": "my-org" } }, "repositoryConfigurations": { "ghRepository": { "fieldMappings": [ { "indexFieldName": "repo_name", "indexFieldType": "STRING", "dataSourceFieldName": "name", "dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'" } ] }, "ghCommit": { "fieldMappings": [ { "indexFieldName": "commit_id", "indexFieldType": "STRING", "dataSourceFieldName": "id", "dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'" } ] } }, "additionalProperties": { "isCrawlAcl": "true", "maxFileSizeInMegaBytes": "50", "crawlRepository": "true", "crawlIssue": "true", "repositoryFilter": [ { "repositoryName": "my-repo", "branchNameList": ["main", "develop"] } ], "inclusionFileTypePatterns": ["*.md", "*.txt"], "exclusionFileNamePatterns": ["*draft*"], "enableDeletionProtection": "false", "deletionProtectionThreshold": "15" } } } } } } ``` ## GitHub (Cloud) YAML schema for using the configuration property with AWS CloudFormation GitHub (Cloud) YAML schema The following is the GitHub (Cloud) YAML schema and examples for the configuration property for AWS CloudFormation: **Topics** + [ ### GitHub (Cloud) YAML schema for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-yaml-schema) + [ ### GitHub (Cloud) YAML schema example for using the configuration property with AWS CloudFormation ](#github-cloud-cfn-yaml-example) ### GitHub (Cloud) YAML schema for using the configuration property with AWS CloudFormation GitHub (Cloud) YAML schema The following is the GitHub (Cloud) YAML schema for the configuration property for CloudFormation. ``` type: object properties: type: type: string pattern: GITHUB syncMode: type: string enum: - FULL_CRAWL - FORCED_FULL_CRAWL - CHANGE_LOG secretArn: type: string minLength: 20 maxLength: 2048 enableIdentityCrawler: anyOf: - type: boolean - type: string enum: - true - false connectionConfiguration: type: object properties: repositoryEndpointMetadata: type: object properties: type: type: string hostUrl: type: string pattern: "https://.*" organizationName: type: string required: - type - hostUrl - organizationName required: - repositoryEndpointMetadata repositoryConfigurations: type: object properties: ghRepository: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghCommit: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghIssueDocument: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghIssueComment: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghIssueAttachment: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghPRDocument: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghPRComment: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings ghPRAttachment: type: object properties: fieldMappings: type: array items: type: object properties: indexFieldName: type: string indexFieldType: type: string enum: - STRING - STRING_LIST - DATE dataSourceFieldName: type: string dateFieldFormat: type: string pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'" required: - indexFieldName - indexFieldType - dataSourceFieldName required: - fieldMappings additionalProperties: type: object properties: isCrawlAcl: anyOf: - type: boolean - type: string enum: - true - false maxFileSizeInMegaBytes: type: string fieldForUserId: type: string crawlRepository: anyOf: - type: boolean - type: string enum: - true - false crawlRepositoryDocuments: anyOf: - type: boolean - type: string enum: - true - false crawlIssue: anyOf: - type: boolean - type: string enum: - true - false crawlIssueComment: anyOf: - type: boolean - type: string enum: - true - false crawlIssueCommentAttachment: anyOf: - type: boolean - type: string enum: - true - false crawlPullRequest: anyOf: - type: boolean - type: string enum: - true - false crawlPullRequestComment: anyOf: - type: boolean - type: string enum: - true - false crawlPullRequestCommentAttachment: anyOf: - type: boolean - type: string enum: - true - false repositoryFilter: type: array items: type: object properties: repositoryName: type: string branchNameList: type: array items: type: string inclusionFolderNamePatterns: type: array items: type: string inclusionFileTypePatterns: type: array items: type: string inclusionFileNamePatterns: type: array items: type: string exclusionFolderNamePatterns: type: array items: type: string exclusionFileTypePatterns: type: array items: type: string exclusionFileNamePatterns: type: array items: type: string enableDeletionProtection: anyOf: - type: boolean - type: string enum: - true - false default: false deletionProtectionThreshold: type: string default: "15" required: [] version: type: string anyOf: - pattern: 1.0.0 required: - syncMode - enableIdentityCrawler - connectionConfiguration - repositoryConfigurations - additionalProperties ``` ### GitHub (Cloud) YAML schema example for using the configuration property with AWS CloudFormation GitHub (Cloud) JSON schema example The following is the GitHub (Cloud) YAML example for the Configuration property for CloudFormation: ``` AWSTemplateFormatVersion: "2010-09-09" Description: CloudFormation GITHUB Data Source Template Resources: DataSourceGitHub: Type: AWS::QBusiness::DataSource Properties: ApplicationId: app12345-1234-1234-1234-123456789012 IndexId: indx1234-1234-1234-1234-123456789012 DisplayName: MyGitHubDataSource RoleArn: arn:aws:iam::123456789012:role/qbusiness-data-source-role Configuration: type: GITHUB syncMode: FULL_CRAWL secretArn: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-github-secret enableIdentityCrawler: "true" sslCertificatePath: bucket: my-github-bucket key: certificates/my-cert.pem connectionConfiguration: repositoryEndpointMetadata: type: GitHub hostUrl: https://api.github.com organizationName: my-org repositoryConfigurations: ghRepository: fieldMappings: - indexFieldName: repo_name indexFieldType: STRING dataSourceFieldName: name dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z' ghCommit: fieldMappings: - indexFieldName: commit_id indexFieldType: STRING dataSourceFieldName: id dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z' additionalProperties: isCrawlAcl: "true" maxFileSizeInMegaBytes: "50" crawlRepository: "true" crawlIssue: "true" repositoryFilter: - repositoryName: my-repo branchNameList: - main - develop inclusionFileTypePatterns: - "*.md" - "*.txt" exclusionFileNamePatterns: - "*draft*" enableDeletionProtection: "false" deletionProtectionThreshold: "15" ``` # How Amazon Q Business connector crawls GitHub Cloud ACLs ACL crawling Connectors support crawling ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security. Amazon Q Business supports crawling ACLs for document security by default. When you connect an GitHub Cloud data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your GitHub instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level. GitHub Cloud's structure consists of repositories, teams, and projects. When you connect a GitHub Cloud data source to Amazon Q Business, it crawls GitHub Cloud repositories as defnied by your configuration, but it does not support teams or projects, meaning data related to team structures, internal communications, and project management is not retrieved. The child entities of repositories like Issues, Pull Requests, Files, and Comments are crawled. When you connect an GitHub Cloud data source to Amazon Q Business, Amazon Q Business makes a copy of these resources and creates an index that can be used to respond to user prompts and queries. Additionally, Amazon Q crawls ACL information attached to a document (user and group information) from your GitHub Cloud instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level. **Roles/permissions**: GitHub Cloud has three roles: + >Members - Default. Users with configurable repository and project permissions + Owners - Users with full administrative control. There should be at least two for continuity. + Outside Collaborators - Users who have restricted access to private repositories with managed permissions The GitHub Cloud connector translates these roles into Amazon Q Business compatible ACLs, supporting View (Read), Edit, and Delete permissions. Since the lowest permission level is Read, more granular permissions beyond this do not impact data synchronization. **Identity Crawling**: The connector supports both individual user and group synchronization. For Users, it maps repository-specific members and outside collaborators based on usernames, enforcing assigned GitHub Cloud permissions in Amazon Q. For Groups, it treats each repository as a group and members as organization group members. The connector retrieves ACL information for shared users based on repository name. **Permission Inheritance**: There are three types of repositories: + Public - Accessible to everyone; repositories inherit permissions from the organization. + Private - Limited to the owner and explicitly granted collaborators. Does not inherit permissions from a parent. However, child entities such as Issues, Pull Requests, Files, and Comments inherit permissions from their parent repositories. When specific ACLs are definted, they replace the parent ACL. + Internal - Accessible to all organization members but not to external users; repositories inherits permission from the organization **Change Management**: Change Log Mode captures and logs any updates to access control lists (ACLs). When a user is removed from a private repository or deactivated, they are automatically excluded from the access list, and these changes are recorded in the change log. Change Log Mode enables incremental updates by indexing only newly added, updated, or deleted content since the last crawl, preventing unnecessary re-indexing. Any modifications to user access or permissions are also captured, ensuring accurate and up-to-date indexing of GitHub Cloud content. **Failure handling**: The connector implements a fail-close approach, meaning that if there are permission-related issues or API failures, the document is skipped from ingestion rather than being made publicly accessible. For more information, see: + [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) + [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler) + [Understanding User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) # GitHub (Cloud) data source connector field mappings Field mappings To improve retrieved results and customize the end user chat experience, Amazon Q Business enables you to map document attributes from your data sources to fields in your Amazon Q index. Amazon Q offers two kinds of attributes to map to index fields: + **Reserved or default** – Reserved attributes are based on document attributes that commonly occur in most data. You can use reserved attributes to map commonly occurring document attributes in your data source to Amazon Q index fields. + **Custom** – You can create custom attributes to map document attributes that are unique to your data to Amazon Q index fields. When you connect Amazon Q to a data source, Amazon Q automatically maps specific data source document attributes to fields within an Amazon Q index. If a document attribute in your data source doesn't have a attribute mapping already available, or if you want to map additional document attributes to index fields, use the custom field mappings to specify how a data source attribute maps to an Amazon Q index field. You create field mappings by editing your data source after your application environment and retriever are created. To learn more about document attributes and how they work in Amazon Q, see [Document attributes and types in Amazon Q](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/doc-attributes-types.html). **Important** Filtering using document attributes in chat is only supported through the API. The Amazon Q GitHub (Cloud) connector supports the following entities and the associated reserved and custom attributes. **Important** If you map any GitHub (Cloud) field to Amazon Q document title and document body fields, Amazon Q will generate responses from data in the document title and body. **Note** You can map any GitHub (Cloud) field to the document title or document body Amazon Q reserved/default index fields. **Topics** + [ ## Repository ](#github-field-mappings-repository) + [ ## Repository Commit ](#github-field-mappings-repository-commit) + [ ## Issue Document ](#github-field-mappings-issue-document) + [ ## Issue Comment ](#github-field-mappings-issue-comment) + [ ## Issue Attachment ](#github-field-mappings-issue-attachment) + [ ## Pull Request Comment ](#github-field-mappings-pull-request-comment) + [ ## Pull Request Document ](#github-field-mappings-pull-request-document) + [ ## Pull Request Attachment ](#github-field-mappings-pull-request-attachment) ## Repository | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | Description | \$1document\$1body | Default | String | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | owner | \$1authors | Default | String list | | sourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | ## Repository Commit | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | Description | \$1document\$1body | Default | String | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | fileType | \$1file\$1type | Default | String | | owner | \$1authors | Default | String list | | sourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | fileName | gh\$1file\$1name | Default | String | | fileSize | gh\$1size | Default | Long (numeric) | | branchName | gh\$1branch\$1name | Default | String | ## Issue Document | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | issueNumber | gh\$1issue\$1number | Custom | Long (numeric) | | issueTitle | gh\$1issue\$1title | Custom | String | | owner | \$1authors | Default | String list | | fileType | \$1file\$1type | Default | String | | issueSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | issueFileName | gh\$1file\$1name | Custom | String | | issueState | gh\$1issue\$1state | Custom | String | | issueLabel | gh\$1issue\$1labels | Default | String list | | issueAssignee | gh\$1issue\$1assignee | Default | String list | ## Issue Comment | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | issueNumber | gh\$1issue\$1number | Custom | Long (numeric) | | issueTitle | gh\$1issue\$1title | Custom | String | | owner | \$1authors | Default | String list | | issueSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | issueState | gh\$1issue\$1state | Custom | String | | issueLabel | gh\$1issue\$1labels | Default | String list | | issueAssignee | gh\$1issue\$1assignee | Default | String list | ## Issue Attachment | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | issueNumber | gh\$1issue\$1number | Custom | Long (numeric) | | issueTitle | gh\$1issue\$1title | Custom | String | | owner | \$1authors | Default | String list | | issueSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | issueFileName | gh\$1file\$1name | Custom | String | | issueFileType | \$1file\$1type | Custom | String | | issueState | gh\$1issue\$1state | Custom | String | | issueLabel | gh\$1issue\$1labels | Default | String list | | issueAssignee | gh\$1issue\$1assignee | Default | String list | ## Pull Request Comment | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | PRNumber | gh\$1pr\$1number | Custom | Long (numeric) | | PRTitle | gh\$1pr\$1title | Custom | String | | owner | \$1authors | Default | String list | | PRSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | PRState | gh\$1pr\$1state | Custom | String | | PRLabel | gh\$1pr\$1labels | Default | String list | | PRAssignee | gh\$1pr\$1assignee | Default | String list | ## Pull Request Document | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | PRNumber | gh\$1number | Custom | Long (numeric) | | PRTitle | gh\$1pr\$1title | Custom | String | | owner | \$1authors | Default | String list | | PRSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | PRFileName | gh\$1file\$1name | Custom | String | | PRFileType | \$1file\$1type | Custom | String | | PRState | gh\$1pr\$1state | Custom | String | | PRLabel | gh\$1pr\$1labels | Default | String list | | PRAssignee | gh\$1pr\$1assignee | Default | String list | ## Pull Request Attachment | GitHub (Cloud) field name | Index field name | Description | Data type | | --- | --- | --- | --- | | repositoryName | gh\$1repository\$1name | Custom | String | | repositoryVisibility | gh\$1repository\$1visibility | Custom | String | | category | \$1category | Default | String | | PRNumber | gh\$1number | Custom | Long (numeric) | | PRTitle | gh\$1pr\$1title | Custom | String | | owner | \$1authors | Default | String list | | PRSourceUrl | \$1source\$1uri | Default | String | | createdAt | \$1created\$1at | Default | Date | | updatedAt | \$1last\$1updated\$1at | Default | Date | | PRFileName | gh\$1file\$1name | Custom | String | | PRFileType | \$1file\$1type | Custom | String | | PRState | gh\$1pr\$1state | Custom | String | | PRLabel | gh\$1pr\$1labels | Default | String list | | PRAssignee | gh\$1pr\$1assignee | Default | String list | # IAM role for GitHub (Cloud) connector IAM role If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create an Amazon Q resource. When you call the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) operation, you provide the Amazon Resource Name (ARN) role with the policy attached. If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role. To learn more about IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *AWS Identity and Access Management User Guide*. To connect your data source connector to Amazon Q, you must give Amazon Q an IAM role that has the following permissions: + Permission to access the `BatchPutDocument` and `BatchDeleteDocument` operations to ingest documents. + Permission to access the [User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) API operations to ingest user and group access control information from documents. + Permission to access your AWS Secrets Manager secret to authenticate your data source connector instance. + **(Optional)** If you're using Amazon VPC, permission to access your Amazon VPC. ``` { "Version": "2012-10-17", , "Statement": [ { "Sid": "AllowsAmazonQToGetSecret", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:{{region}}:{{account_id}}:secret:[[secret_id]]" ] }, { "Sid": "AllowsAmazonQToDecryptSecret", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:{{region}}:{{account_id}}:key/[[key_id]]" ], "Condition": { "StringLike": { "kms:ViaService": [ "secretsmanager.*.amazonaws.com" ] } } }, { "Sid": "AllowsAmazonQToIngestDocuments", "Effect": "Allow", "Action": [ "qbusiness:BatchPutDocument", "qbusiness:BatchDeleteDocument" ], "Resource": [ "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}", "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}" ] }, { "Sid": "AllowsAmazonQToIngestPrincipalMapping", "Effect": "Allow", "Action": [ "qbusiness:PutGroup", "qbusiness:CreateUser", "qbusiness:DeleteGroup", "qbusiness:UpdateUser", "qbusiness:ListGroups" ], "Resource": [ "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}", "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}", "arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}/data-source/*" ] }, { "Sid": "AllowsAmazonQToCreateAndDeleteNI", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface" ], "Resource": [ "arn:aws:ec2:{{region}}:{{account_id}}:subnet/[[subnet_ids]]", "arn:aws:ec2:{{region}}:{{account_id}}:security-group/[[security_group]]" ] }, { "Sid": "AllowsAmazonQToCreateAndDeleteNIForSpecificTag", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface" ], "Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*", "Condition": { "StringLike": { "aws:RequestTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "AMAZON_Q" ] } } }, { "Sid": "AllowsAmazonQToCreateTags", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateNetworkInterface" } } }, { "Sid": "AllowsAmazonQToCreateNetworkInterfacePermission", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission" ], "Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*", "Condition": { "StringLike": { "aws:ResourceTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*" } } }, { "Sid": "AllowsAmazonQToDescribeResourcesForVPC", "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeSubnets" ], "Resource": "*" } ] } ``` **To allow Amazon Q to assume a role, you must also use the following trust policy:** ``` { "Version": "2012-10-17", , "Statement": [ { "Sid": "AllowsAmazonQServicePrincipal", "Effect": "Allow", "Principal": { "Service": "qbusiness.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{source_account}}" }, "ArnEquals": { "aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}" } } } ] } ``` For more information on Amazon Q data source connector IAM roles, see [IAM roles for Amazon Q data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds).