This approach should never be recommended, as it can be a serious concern.

Anyone who has access to PAT essentially has access to the GitHub user's entire account (even if it is scoped by permissions).

Since GitHub practices an "account per person" policy, one person may have access to many orgs.

Sharing a PAT in a shared environment (which AWS accounts often can be), can lead to someone stealing this PAT and then using that to gain access to information they were not privy of.

Alternative approaches to be considered:

1. aws-cdk-github-oidc (https://github.com/aripalo/aws-cdk-github-oidc)
2. Custom GitHub app
3. CodeStar connections (https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-github.html)

Hi @moltar , thanks for your feedback. At the time of writing this kit all those options where not available but you are totally right. Adding this to the backlog and will take care of it asap.