reference deployment

Git Webhooks with AWS services

HTTPS endpoints and AWS Lambda functions for linking your Git repo to AWS

This Quick Start deploys HTTPS endpoints and AWS Lambda functions for implementing webhooks, to enable event-driven integration between Git services and Amazon Web Services (AWS) on the AWS Cloud.

After you deploy the Quick Start, you can set up a webhook that uses the endpoints to create a bridge between your Git repository and AWS services like AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy. With this setup, builds and pipeline executions occur automatically when you commit your code to a Git repository, and your code can be continuously integrated, tested, built, and deployed on AWS with each change.


This Quick Start was developed by
AWS solutions architects.


  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • Use this Quick Start to set up the following environment on AWS:

    • An API Gateway endpoint to accept the webhook requests from Git.
    • Lambda functions to connect to the Git service, either over Secure Shell (SSH) or through the Git service’s endpoint. These functions zip the code and upload it to Amazon Simple Storage Service (Amazon S3).
    • An AWS Key Management Service (AWS KMS) key to encrypt the private key used to connect to the repository over SSH.
    • Two S3 buckets: One bucket stores the zipped contents of your Git repository, and the second bucket stores the AWS KMS-encrypted SSH private keys that are generated during stack creation. The first bucket has versioning enabled, and all previous versions are retained indefinitely. (If you’d like to manage the retention period for old versions, you can follow the instructions in the Amazon S3 documentation.)
    • Several IAM roles required for the Lambda functions and API Gateway. The inline permissions attached to these roles are scoped using the least privilege model.
    • Two Lambda-backed AWS CloudFormation custom resources. One resource generates an SSH keypair, encrypts it using AWS KMS, and stores it in Amazon S3. The second resource deletes the content of the two S3 buckets on stack deletion.
  •  How to deploy
  • To build your Git environment with AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at
    2. Launch the Quick Start. The deployment takes about 15 minutes.
    3. Configure your Git repository to set up webhooks, following the instructions from your Git service. Note that your Git repository must be reachable from the internet.
    4. Configure an AWS service to connect to the S3 object.
    5. Test a commit.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The Quick Start provides an Amazon API Gateway endpoint and several Lambda functions to handle the download, zipping, and deployment of code to Amazon S3. AWS CodePipeline carries a cost for each active pipeline; see AWS CodePipeline pricing. Depending on your configuration, the Quick Start may deploy an AWS KMS key; for pricing, see AWS Key Management Service pricing. API Gateway, Amazon S3, and Lambda costs vary depending on how often you commit code to your repository. Each commit triggers a request to the Lambda execution in API Gateway; for details, see the pricing pages for API Gateway, Amazon S3, and Lambda.