AWS Machine Learning Blog

Reimagine search on GitHub repositories with the power of the Amazon Kendra GitHub connector

Amazon Kendra offers highly accurate semantic and natural language search powered by machine learning (ML).

Many organizations use GitHub as a code hosting platform for version control and to redefine collaboration of open-source software projects. A GitHub account repository might include many content types, such as files, issues, issue comments, issue comment attachments, pull requests, pull request comments, pull request comment attachments, and more. This corpus data is scattered across multiple locations and content repositories (public, private, and internal) within an organization. However, surfacing the relevant information in a traditional keyword search is ineffective. You can now use the new Amazon Kendra data source for GitHub to index specific content types and easily find information from this data. The GitHub data source syncs the data in your GitHub repositories to your Amazon Kendra index.

This post guides you through the step-by-step process to configure the Amazon Kendra connector for GitHub. We also show you how to configure for the connector both GitHub Enterprise Cloud (SaaS) and GitHub Enterprise Server (on premises) services.

Solution overview

The solution consists of the following high-level steps:

  1. Set up your GitHub enterprise account.
  2. Set up a GitHub repo.
  3. Create a GitHub data source connector.
  4. Search the indexed content.


You need the following prerequisites to set up the Amazon Kendra connector for GitHub:

Set up your GitHub enterprise account

Create an enterprise account before proceeding to the next steps. For authentication, you can specify two types of tokens while configuring the GitHub connector:

  • Personal access token – Direct API requests that you authenticate with a personal access token are user-to-server requests. User-to-server requests are limited to 5,000 requests per hour and per authenticated user. Your personal access token is also an OAuth token.
  • OAuth token – With this token, the requests are subject to a higher limit of 15,000 requests per hour and per authenticated user.

Our recommendation is to use an OAuth token for better API throttle limits and connector performance.

For this post, we assume you have an enterprise account and generated OAuth token.

Set up your GitHub repo

To configure your GitHub repo, complete the following steps:

  1. Create a new repository, and specify its owner and name.
  2. Choose if the repository is public, internal, or private.
  3. For this post, update the README file with the following text:
    CreateIndex API creates a new Amazon Kendra index. Index creation is an asynchronous API. To determine if index creation has completed, check the Status field returned from a call to DescribeIndex. The Status field is set to ACTIVE when the index is ready to use.
    Once the index is active you can index your documents using the BatchPutDocument API or using one of the supported data sources.
  4. You can add a sample file to your repository with commit changes. The following is an example of using Amazon Kendra in Python:
    import boto3
    from botocore.exceptions import ClientError
    import pprint
    import time
    kendra = boto3.client("kendra")
    print("Create an index.")
    # Provide a name for the index
    index_name = "python-getting-started-index"
    # Provide an optional decription for the index
    description = "Getting started index"
    # Provide the IAM role ARN required for indexes
    index_role_arn = "arn:aws:iam::${accountId}:role/KendraRoleForGettingStartedIndex"
        index_response = kendra.create_index(
            Description = description,
            Name = index_name,
            RoleArn = index_role_arn
        index_id = index_response["Id"]
        print("Wait for Amazon Kendra to create the index.")
        while True:
            # Get the details of the index, such as the status
            index_description = kendra.describe_index(
                Id = index_id
            # When status is not CREATING quit.
            status = index_description["Status"]
            print(" Creating index. Status: "+status)
            if status != "CREATING":
        print("Create an S3 data source.")
        # Provide a name for the data source
        data_source_name = "python-getting-started-data-source"
        # Provide an optional description for the data source
        data_source_description = "Getting started data source."
        # Provide the IAM role ARN required for data sources
        data_source_role_arn = "arn:aws:iam::${accountId}:role/KendraRoleForGettingStartedDataSource"
        # Provide the data source connection information 
        S3_bucket_name = "S3-bucket-name"
        data_source_type = "S3"
        # Configure the data source
        configuration = {"S3Configuration":
                "BucketName": S3_bucket_name
        data_source_response = kendra.create_data_source(
            Name = data_source_name,
            Description = description,
            RoleArn = data_source_role_arn,
            Type = data_source_type,
            Configuration = configuration,
            IndexId = index_id
        data_source_id = data_source_response["Id"]
        print("Wait for Amazon Kendra to create the data source.")
        while True:
            # Get the details of the data source, such as the status
            data_source_description = kendra.describe_data_source(
                Id = data_source_id,
                IndexId = index_id
            # If status is not CREATING, then quit
            status = data_source_description["Status"]
            print(" Creating data source. Status: "+status)
            if status != "CREATING":
        print("Synchronize the data source.")
        sync_response = kendra.start_data_source_sync_job(
            Id = data_source_id,
            IndexId = index_id
        print("Wait for the data source to sync with the index.")
        while True:
            jobs = kendra.list_data_source_sync_jobs(
                Id = data_source_id,
                IndexId = index_id
            # For this example, there should be one job
            status = jobs["History"][0]["Status"]
            print(" Syncing data source. Status: "+status)
            if status != "SYNCING":
    except  ClientError as e:
            print("%s" % e)
    print("Program ends.")
  5. Download to your computer, and extract the files into a folder called AWS_Whitepapers.
  6. Upload AWS_Whitepapers/Best_Practices/AWS_Serverless_Multi-Tier_Architectures to your repository.

Your repository should look like the following screenshot.

Your organization’s code repositories might hold hundreds of thousands of documents, README notes, code comments, webpages, and other items. In the next section, we showcase the document comprehension capability of Amazon Kendra to find the relevant information contained in these repositories.

Create a GitHub data source connector

For this post, we assume you have already created an Amazon Kendra index. If you don’t have an index, create a new index before proceeding with the following steps.

  1. On the Amazon Kendra console, choose the index that you want to add the data source to.
  2. Choose Add data sources.
  3. From the list of data source connectors, choose Add connector under GitHub.
  4. On the Specify data source details page, enter a data source name and an optional description.
  5. To assign metadata to your AWS resources in the form of tags, choose Add tags and enter a key and value.
  6. Choose Next.
  7. On the Define access and security page, choose your GitHub source. Amazon Kendra supports two types of GitHub services:
    1. GitHub Enterprise Cloud – If you choose this option, specify the GitHub host URL and GitHub organization name. Configure your Secrets Manager secret with the authentication credentials in the form of an OAuth2 access token of the GitHub enterprise owner. The Oauth2 token scope should be authorized for repo:status, public_repo, repo:invite, read:org, user:email, and read:user.
    2. GitHub Enterprise Server – If you choose this option, specify the GitHub host URL and GitHub organization name you created in the previous section. Configure your Secrets Manager secret with the authentication credentials in the form of an OAuth2 access token of the GitHub enterprise owner. The Oauth2 token scope should be authorized for repo:status, public_repo, repo:invite, read:org, user:email, read:user, and site_admin. To configure the SSL certificate, you can create a self-signed certificate for this post using openssl x509 -in sample.pem -out new_github.cer and add this certificate to an S3 bucket.
  8. For Virtual Private Cloud (VPC), choose the default option (No VPC).
  9. For IAM role, choose Create a new role (recommended) and enter a role name.
    Whenever you modify the Secrets Manager secret, make sure you also modify the IAM role, because it requires permission to access your secret to authenticate your GitHub account. For more information on the required permissions to include in the IAM role, see IAM roles for data sources.
  10. Choose Next.

    On the Configure sync settings page, you provide details about the sync scope and run schedule.
  11. For Select repositories to crawl, select Select repositories to configure a specific list.
  12. Choose the repository kendra-githubconnector-demo that you created earlier.
  13. Optionally, you can adjust the crawl mode. The GitHub connector supports the two modes:
    1. Full crawl mode – It crawls the entire GitHub organization as configured whenever there is a data source sync. By default, the connector runs in this mode.
    2. Change log mode – It crawls the specified changed GitHub content (added, deleted, modified, permission changes) of the organization whenever there is a data source sync.
  14. Optionally, you can filter on the specific content types to index, and configure inclusion and exclusion filters on the file name, type, and path.
  15. Under Sync run schedule, for Frequency, choose Run on demand.
  16. Choose Next.
  17. In the Set fields mapping section, define the mappings between GitHub fields to Amazon Kendra field names.
    You can configure for each content type and enable these GitHub fields as facets to further refine your search results. For this post, we use the default options.
  18. Choose Next.
  19. On the Review and create page, review your options for the GitHub data source.
  20. Choose Add data source.
  21. After the data source is created, choose Sync now to index the data from GitHub.

Search indexed content

After about 10 minutes, the data source sync is complete and the GitHub content is ingested into the index. The GitHub connector crawls the following entities:

  • Repositories on GitHub Enterprise Cloud:
    • Repository with its description
    • Code and their branches with folders and subfolders
    • Issues and pull request files for public repositories
    • Issues and pull request comments and their replies for public and private repositories
    • Issues and pull request comment attachments and their replies’ attachments for public repositories
  • Repositories on GitHub Enterprise Server:
    • Repository with its description
    • Code and their branches with folders and subfolders
    • Issues and pull request comments and their replies for public, private, and internal repositories

Now you can test some queries on the Amazon Kendra Search console.

  1. Choose Search indexed content.
  2. Enter the sample text How to check the status of the index creation?
  3. Run another query and enter the sample text What are most popular usecases for AWS Lambda?

Amazon Kendra accurately surfaces relevant information based on the content indexed from the GitHub repositories. Access control to all the information is still enforced by the original repository.

Clean up

To avoid incurring unnecessary charges, clean up the resources you created for testing this connector.

  1. Delete the Amazon Kendra index if you created one specifically for testing this solution.
  2. Delete the GitHub connector data source if you added a new data source to an existing index.
  3. Delete the content you added for your GitHub account.


In this post, we covered the process of setting up the new Amazon Kendra connector for GitHub. Organizations can empower their software developers by providing secure and intelligent search of content spread across many different GitHub repositories.

This post illustrates the basic connector capabilities. You can also customize the search by enabling facets based on GitHub fields and map to Amazon Kendra index fields. With the GitHub connector, you can control access to the data because it can crawl orgname-reponame and set a group as the principle and collaborators of the repository as members of the group. Furthermore, Amazon Kendra provides features such as Custom Document Enrichment and Experience Builder to enhance the search experience.

For more details about Amazon Kendra, refer to the Amazon Kendra Developer Guide.

About the Authors

Manjula Nagineni is a Solutions Architect with AWS based in New York. She works with major Financial service institutions, architecting, and modernizing their large-scale applications while adopting AWS cloud services. She is passionate about designing big data workloads cloud-natively. She has over 20 years of IT experience in Software Development, Analytics and Architecture across multiple domains such as finance, manufacturing and telecom.

Arjun Agrawal is Software Development Engineer at AWS Kendra.