Integrations
AWS and GitHub connections in StrictOps
Integrations
StrictOps connects to your AWS account and GitHub repositories to deploy your applications. This page explains how these integrations work.
AWS Connection
The AWS connection allows StrictOps to provision and manage resources in your AWS account.
How It Works
- You create an IAM role in your AWS account with a trust relationship to StrictOps
- You provide the role ARN and external ID to StrictOps
- StrictOps assumes this role to perform actions in your account
This cross-account access model means:
- StrictOps never stores your AWS credentials
- All actions are logged in your AWS CloudTrail
- You control exactly what permissions StrictOps has
- You can revoke access at any time by deleting the role
Required Permissions
The IAM role needs permissions to:
- Create and manage ECS services and task definitions
- Create and manage CloudFormation stacks
- Push images to ECR repositories
- Create and manage load balancer target groups
- Write logs to CloudWatch
- Access Secrets Manager for application secrets
See the AWS Setup guide for the complete IAM policy.
Key Fields
| Field | Description |
|---|---|
roleArn | ARN of the IAM role (e.g., arn:aws:iam::123456789012:role/StrictOpsRole) |
externalId | External ID for secure role assumption |
region | Default AWS region for deployments |
API Reference
See the Onboarding API in Swagger for endpoint details.
GitHub Installation
The GitHub installation allows StrictOps to access your repositories and set up automated deployments.
How It Works
- You install the StrictOps GitHub App on your account or organization
- You select which repositories to grant access to
- StrictOps receives webhook events for pushes to those repositories
- StrictOps can create workflow files and trigger GitHub Actions
GitHub App Permissions
The StrictOps GitHub App requests:
| Permission | Purpose |
|---|---|
| Repository contents (read/write) | Read code, create workflow files |
| Actions (read/write) | Trigger and monitor GitHub Actions |
| Webhooks | Receive push events for auto-deploy |
| Metadata (read) | List accessible repositories |
Webhook Events
StrictOps listens for these GitHub events:
| Event | Action |
|---|---|
push | Triggers deployment if configured |
installation | Tracks app installation status |
installation_repositories | Tracks repository access changes |
Key Fields
| Field | Description |
|---|---|
installationId | GitHub App installation ID |
token | Installation access token (rotated automatically) |
tokenExpiresAt | Token expiration time |
API Reference
See the GitHub API in Swagger for endpoint details.
Integration Status
Both integrations are required for deployments to work. The onboarding flow guides you through setting up both connections.
Relationship to Other Entities
- Organizations own exactly one AWS connection and one GitHub installation
- Deployments use the AWS connection to provision infrastructure
- Deployments use the GitHub installation to trigger builds