With AWS CodeBuild you define GitHub as the source. If your repo is private, you can pass a personal token. I've built a CodeBuild process and confirmed this worked.

What I'd like to do is not use a personal token, instead use a GitHub Deploy Key to authenticate to the private repo. I've setup the Deploy Key in GitHub. How do I configure this either in the AWS CodeBuild Console or in the YAML script?

CodeBuild doesn't natively support deploy keys. It is on our product backlog and is a feature that we will likely support in a future release.

In order to use your existing deploy key in CodeBuild, please follow the instruction that Adrian has highlighted in https://adrianhesketh.com/2018/05/02/go-private-repositories-and-aws-codebuild/. You will need to setup the key in parameter-store and use that in your buildspec.

You can use the source type as "no_source", since you would be doing the source cloning with the deploy key in this case.

For those struggling using your SSH Keys in CodeBuild, you can use AWS' System Manager Service.

Simply put, can store your key in the Parameter Store and use that in your buildspec.yml

You can refer to this tutorial for a detailed implementation: https://medium.com/@cristiano.ventura/working-with-git-submodules-in-codepipeline-83e843e5d0a

It works for my case. Bitbucket webhook integration with private repo deps in the package.json

Best of luck y'all!