AWS CodePipeline recognizes my new GitHub commit fine - but how?

Question

I am currently fiddling around with AWS CodePipeline for the first time and set up the Source and the Build step so far with a demo project.

I have connected the Source Step with a GitHub account (a system-account we use), with admin access to all Repos. As the documentation states, the OAuth-scopes admin:repo_hook and repo are required for this to use; which are granted and the connection is fine.

As the title of this question already states: The integration works just fine - when I push a new commit on master to GitHub, the Pipeline starts working and runs through smoothly.

My question however is: How? As the docs state here:

To integrate with GitHub, AWS CodePipeline uses OAuth tokens

however, when looking in my GitHub settings, I would have expected to find the application listed as an "OAuth application" directly on the Repository or on the organization "OAuth applications", but neither is the case!

Thus, I am wondering how CodePipeline recognizes my new commit. Is it polling the SCM or some other sort of magic? I did not find any WebHooks either.

Thank you in advance!

Answer 1

AWS CodePipeline is connected to GitHub via the new "Integrations" concept: https://github.com/integrations/aws-codepipeline

This concept was announced here: https://developer.github.com/changes/2016-09-14-Integrations-Early-Access/

GitHub Integrations authenticate using JSON Web Tokens and private/public keys, so I'm not sure if AWS are technically correct in describing that as "OAuth" or not. Details here: https://developer.github.com/early-access/integrations/authentication/#as-an-integration