diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
index 8233cd7837cb8..ba60295cd406b 100644
--- a/.github/workflows/issue-label-assign.yml
+++ b/.github/workflows/issue-label-assign.yml
@@ -72,7 +72,7 @@ jobs:
            {"keywords":["[@aws-cdk/aws-ecr]","[aws-ecr]","[ecr]"],"labels":["@aws-cdk/aws-ecr"],"assignees":["MrArnoldPalmer"]},
            {"keywords":["[@aws-cdk/aws-ecr-assets]","[aws-ecr-assets]","[ecr-assets]","[ecr assets]","[ecrassets]"],"labels":["@aws-cdk/aws-ecr-assets"],"assignees":["eladb"]},
            {"keywords":["[@aws-cdk/aws-efs]","[aws-efs]","[efs]"],"labels":["@aws-cdk/aws-efs"],"assignees":["rix0rrr"]},
-           {"keywords":["[@aws-cdk/aws-eks]","[aws-eks]","[eks]"],"labels":["@aws-cdk/aws-eks"],"assignees":["eladb"]},
+           {"keywords":["[@aws-cdk/aws-eks]","[aws-eks]","[eks]"],"labels":["@aws-cdk/aws-eks"],"assignees":["iliapolo"]},
            {"keywords":["[@aws-cdk/aws-elasticache]","[aws-elasticache]","[elasticache]","[elastic cache]","[elastic-cache]"],"labels":["@aws-cdk/aws-elasticache"],"assignees":["iliapolo"]},
            {"keywords":["[@aws-cdk/aws-elasticbeanstalk]","[aws-elasticbeanstalk]","[elasticbeanstalk]","[elastic beanstalk]","[elastic-beanstalk]"],"labels":["@aws-cdk/aws-elasticbeanstalk"],"assignees":["skinny85"]},
            {"keywords":["[@aws-cdk/aws-elasticloadbalancing]","[aws-elasticloadbalancing]","[elasticloadbalancing]","[elastic loadbalancing]","[elastic-loadbalancing]","[elb]"],"labels":["@aws-cdk/aws-elasticloadbalancing"],"assignees":["rix0rrr"]},
diff --git a/packages/@aws-cdk/aws-codepipeline-actions/README.md b/packages/@aws-cdk/aws-codepipeline-actions/README.md
index 7edd0244bcbcb..3a4497529b38d 100644
--- a/packages/@aws-cdk/aws-codepipeline-actions/README.md
+++ b/packages/@aws-cdk/aws-codepipeline-actions/README.md
@@ -66,7 +66,8 @@ new codepipeline_actions.CodeBuildAction({
 
 If you want to use a GitHub repository as the source, you must create:
 
-* A [GitHub Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)
+* A [GitHub Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line),
+  with scopes **repo** and **admin:repo_hook**.
 * A [Secrets Manager PlainText Secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html)
   with the value of the **GitHub Access Token**. Pick whatever name you want
   (for example `my-github-token`) and pass it as the argument of `oauthToken`.
@@ -83,7 +84,6 @@ const sourceAction = new codepipeline_actions.GitHubSourceAction({
   oauthToken: cdk.SecretValue.secretsManager('my-github-token'),
   output: sourceOutput,
   branch: 'develop', // default: 'master'
-  trigger: codepipeline_actions.GitHubTrigger.POLL // default: 'WEBHOOK', 'NONE' is also possible for no Source trigger
 });
 pipeline.addStage({
   stageName: 'Source',
@@ -694,7 +694,7 @@ new codepipeline_actions.AlexaSkillDeployAction({
 });
 ```
 
-### AWS Service Catalog 
+### AWS Service Catalog
 
 You can deploy a CloudFormation template to an existing Service Catalog product with the following action:
 
@@ -713,7 +713,7 @@ new codepipeline.Pipeline(this, 'Pipeline', {
                 productId: "prod-XXXXXXXX",
             }),
           },
-        ],     
+        ],
 });
 ```
 
diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts
index 4283b7617f010..75d14cf0fbbe9 100644
--- a/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts
+++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts
@@ -65,6 +65,13 @@ export interface GitHubSourceActionProps extends codepipeline.CommonActionProps
    *
    *   const oauth = cdk.SecretValue.secretsManager('my-github-token');
    *   new GitHubSource(this, 'GitHubAction', { oauthToken: oauth, ... });
+   *
+   * The GitHub Personal Access Token should have these scopes:
+   *
+   * * **repo** - to read the repository
+   * * **admin:repo_hook** - if you plan to use webhooks (true by default)
+   *
+   * @see https://docs.aws.amazon.com/codepipeline/latest/userguide/GitHub-create-personal-token-CLI.html
    */
   readonly oauthToken: SecretValue;
 
@@ -75,6 +82,9 @@ export interface GitHubSourceActionProps extends codepipeline.CommonActionProps
    * With "POLL", CodePipeline periodically checks the source for changes
    * With "None", the action is not triggered through changes in the source
    *
+   * To use `WEBHOOK`, your GitHub Personal Access Token should have
+   * **admin:repo_hook** scope (in addition to the regular **repo** scope).
+   *
    * @default GitHubTrigger.WEBHOOK
    */
   readonly trigger?: GitHubTrigger;
diff --git a/packages/@aws-cdk/pipelines/README.md b/packages/@aws-cdk/pipelines/README.md
index ff92b365d56e0..431016a0d39c3 100644
--- a/packages/@aws-cdk/pipelines/README.md
+++ b/packages/@aws-cdk/pipelines/README.md
@@ -126,7 +126,6 @@ class MyPipelineStack extends Stack {
         actionName: 'GitHub',
         output: sourceArtifact,
         oauthToken: SecretValue.secretsManager('GITHUB_TOKEN_NAME'),
-        trigger: codepipeline_actions.GitHubTrigger.POLL,
         // Replace these with your actual GitHub project name
         owner: 'OWNER',
         repo: 'REPO',