AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-06-25 · Documentation medium

File: devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md

Summary

Added documentation about GitHub App permission levels (Read & Write vs Read Only) and their impact on DevOps Agent capabilities.

Security assessment

The change documents the principle of least privilege implementation by explaining permission levels and their security implications. It adds security-relevant documentation about access controls but doesn't address a specific vulnerability.

Diff

diff --git a/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md b/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
index c2c12aa9d..5e76ba5db 100644
--- a//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
+++ b//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
@@ -70,0 +71,9 @@ On the "Register GitHub Account / Organization" screen, select whether you're co
+Select the **GitHub App permissions** for your GitHub App. The permission level determines the actions the GitHub App can perform in your repository:
+
+  * **Read & Write** (default): The GitHub App requests both read and write permissions. This enables all features. DevOps Agent can post inline pull request comments, propose fixes, and trigger workflows.
+
+  * **Read Only** : The GitHub App requests only read permissions. DevOps Agent can view code and pull requests but cannot post comments, propose fixes, or trigger workflows.
+
+
+
+
@@ -222,0 +232,2 @@ The following table describes each permission the AWS DevOps Agent GitHub App re
+If you selected **Read Only** during registration, the GitHub App requests read-level access only for each permission in the following table. With Read Only permissions, the GitHub App cannot perform write-level actions listed in the **Purpose** column.
+