Connecting GitHub
To sync Terraform templates from your repository, you need to connect a GitHub repository to Amnify using a personal access token.
GitHub integrations are used only by the Deploy module for template synchronization. They do not participate in security scanning.
Prerequisites
Before you begin, make sure you have:
- A GitHub account with access to the repository containing your Terraform templates
- The repository follows the Amnify template structure
- The following values ready:
- Repository — in
owner/repoformat (e.g.,my-org/infra-templates) - Access Token — a GitHub personal access token with read access to the repository
- Repository — in
Choosing a Token Type
GitHub offers two types of personal access tokens:
| Type | Prefix | Best for |
|---|---|---|
| Fine-grained (recommended) | github_pat_... | Scoping access to a single repository with minimal permissions |
| Classic | ghp_... | Quick setup when you're comfortable granting broader access |
We recommend fine-grained tokens because they let you restrict access to the specific repository that contains your templates — nothing else in your GitHub account is exposed.
Method 1: Fine-Grained Token (Recommended)
Step 1: Create the Token
- Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
- Direct link: github.com/settings/tokens?type=beta
- Click Generate new token
- Fill in:
- Token name — e.g.,
Amnify Template Sync - Expiration — choose an appropriate expiration (e.g., 90 days, or custom)
- Resource owner — select the organization or account that owns the repository
- Token name — e.g.,
- Under Repository access, select Only select repositories and pick the repository that contains your templates
- Under Permissions → Repository permissions, grant:
- Contents → Read-only
- Metadata → Read-only (automatically selected)
- Click Generate token
- Copy the token immediately — it starts with
github_pat_and won't be shown again
Fine-grained tokens can require organization approval. If your organization has an approval policy, an organization admin will need to approve the token before it becomes active. Check with your GitHub organization admin if your token shows a "pending" status.
Step 2: Add the Integration in Amnify
- Navigate to Integrations and click Create integration
- Select GitHub as the provider
- Fill in:
- Display Name (optional) — a friendly label (e.g., "Infra Templates Repo")
- Repository — in
owner/repoformat (e.g.,my-org/infra-templates) - Branch (optional) — the branch to sync from; defaults to
mainif not provided - Access Token — paste the
github_pat_...token
- Click Create
Method 2: Classic Token
Use this if fine-grained tokens are not available in your organization or you prefer a simpler setup.
Step 1: Create the Token
- Go to GitHub → Settings → Developer settings → Personal access tokens → Tokens (classic)
- Direct link: github.com/settings/tokens
- Click Generate new token (classic)
- Fill in:
- Note — e.g.,
Amnify Template Sync - Expiration — choose an appropriate expiration
- Note — e.g.,
- Under Select scopes, check:
repo(Full control of private repositories) — required for reading private repository contents
- Click Generate token
- Copy the token immediately — it starts with
ghp_and won't be shown again
Classic tokens grant access to all repositories your account can access, not just one. If your account has access to many repositories, prefer a fine-grained token to limit the blast radius.
Step 2: Add the Integration in Amnify
Follow the same steps as Method 1, Step 2 above.
What Happens Next
Once connected, you can:
- Navigate to Deploy → Templates and click Sync Templates to import templates from your repository
- Browse and use synced templates when creating Deployments
- Add or modify templates by pushing changes to your repository and syncing again
Rotating Tokens
When your token expires, Amnify will no longer be able to sync templates. To rotate:
- Generate a new token in GitHub following the steps above
- Delete the existing GitHub integration in Amnify
- Create a new integration with the new token
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| Sync fails with 401 | Token is invalid or expired | Generate a new token and recreate the integration |
| Sync fails with 404 | Repository not found or token lacks access | Verify the owner/repo format is correct and the token has access to that repository |
| No templates found after sync | Repository doesn't follow the expected structure | Ensure templates are in a templates/ directory — see repository structure |
| Fine-grained token shows "pending" | Organization requires admin approval | Ask your GitHub organization admin to approve the token |
| Sync returns outdated templates | Wrong branch configured | Verify the branch field matches where your templates live (defaults to main) |