Skip to main content

Restricting access to machine types

You can set constraints on the types of machines users can choose when they create codespaces in your organization.

Who can use this feature

To manage access to machine types for the repositories in an organization, you must be an owner of the organization.

GitHub Codespaces 可用于使用 GitHub Team 或 GitHub Enterprise Cloud 的组织。 GitHub Codespaces 也可作为受限的 beta 版本提供给使用 GitHub Free 和 GitHub Pro 计划的个人用户。 有关详细信息,请参阅“GitHub 的产品”。


Typically, when you create a codespace you are offered a choice of specifications for the machine that will run your codespace. You can choose the machine type that best suits your needs. For more information, see "Creating a codespace." If you pay for using GitHub Codespaces then your choice of machine type will affect how much your are billed. For more information about pricing, see "About billing for GitHub Codespaces."

As an organization owner, you may want to configure constraints on the types of machine that are available. For example, if the work in your organization doesn't require significant compute power or storage space, you can remove the highly resourced machines from the list of options that people can choose from. You do this by defining one or more policies in the GitHub Codespaces settings for your organization.

Behavior when you set a machine type constraint

If there are existing codespaces that no longer conform to a policy you have defined, these codespaces will continue to operate until they are stopped or time out. When the user attempts to resume the codespace they are shown a message telling them that the currenly selected machine type is no longer allowed for this organization and prompting them to choose an alternative machine type.

If you remove higher specification machine types that are required by the GitHub Codespaces configuration for an individual repository in your organization, then it won't be possible to create a codespace for that repository. When someone attempts to create a codespace they will see a message telling them that there are no valid machine types available that meet the requirements of the repository's GitHub Codespaces configuration.

Note: Anyone who can edit the devcontainer.json configuration file in a repository can set a minimum specification for machines that can be used for codespaces for that repository. For more information, see "Setting a minimum specification for codespace machines."

If setting a policy for machine types prevents people from using GitHub Codespaces for a particular repository there are two options:

  • You can adjust your policies to specifically remove the restrictions from the affected repository.
  • Anyone who has a codespace that they can no longer access, because of the new policy, can export their codespace to a branch. This branch will contain all of their changes from the codespace. They can then open a new codespace on this branch with a compliant machine type or work on this branch locally. For more information, see "Exporting changes to a branch."

Setting organization-wide and repository-specific policies

When you create a policy you choose whether it applies to all repositories in your organization, or only to specified repositories. If you set an organization-wide policy then any policies you set for individual repositories must fall within the restriction set at the organization level. Adding policies makes the choice of machine more, not less, restrictive.

For example, you could create an organization-wide policy that restricts the machine types to either 2 or 4 cores. You can then set a policy for Repository A that restricts it to just 2-core machines. Setting a policy for Repository A that restricted it to machines with 2, 4, or 8 cores would result in a choice of 2-core and 4-core machines only, because the organization-wide policy prevents access to 8-core machines.

If you add an organization-wide policy, you should set it to the largest choice of machine types that will be available for any repository in your organization. You can then add repository-specific policies to further restrict the choice.

Note: Organization policies you define for Codespaces only apply to codespaces for which your organization will be billed. If an individual user creates a codespace for a repository in your organization, and the organization is not billed, then the codespace will not be bound by these policies. For information on how to choose who can create codespaces that are billed to your organization, see "Enabling GitHub Codespaces for your organization."

Adding a policy to limit the available machine types

  1. 在 的右上角,单击你的个人资料照片,然后单击“你的组织”。 贵组织在配置文件菜单中

  2. 在组织旁边,单击“设置”。 设置按钮

  3. 在边栏的“代码、规划和自动化”部分中,选择“ Codespaces”,然后单击“策略” 。

  4. 在“codespace 策略”页上,单击“创建策略”。

  5. 输入新策略的名称。

  6. Click Add constraint and choose Machine types.

    Add a constraint for machine types

  7. Click to edit the constraint, then clear the selection of any machine types that you don't want to be available.

    Edit the machine type constraint

  8. 在“Change policy target(更改策略目标)”区域中,单击下拉按钮。

  9. 选择“所有存储库”或“所选存储库”以确定此策略将应用到的存储库 。

  10. 如果选择“选定的存储库”:

    1. 单击


    2. 选择要应用此策略的存储库。

    3. 在存储库列表的底部,单击“选择存储库”。


  11. If you want to add another constraint to the policy, click Add constraint and choose another constraint. For information about other constraints, see "Restricting the visibility of forwarded ports," "Restricting the idle timeout period," and "Restricting the retention period for codespaces."

  12. After you've finished adding constraints to your policy, click Save.

Editing a policy

You can edit an existing policy. For example, you may want to add or remove constraints to or from a policy.

  1. Display the "Codespace policies" page. For more information, see "Adding a policy to limit the available machine types."
  2. Click the name of the policy you want to edit.
  3. Make the required changes then click Save.

Deleting a policy

  1. Display the "Codespace policies" page. For more information, see "Adding a policy to limit the available machine types."

  2. Click the delete button to the right of the policy you want to delete.

    The delete button for a policy

Further reading