AWS::CodeBuild::Project - AWS CloudFormation (original) (raw)
The AWS::CodeBuild::Project resource configures how AWS CodeBuild builds your source code. For example, it tells CodeBuild where to get the source code and which build environment to use.
Note
To unset or remove a project value via CFN, explicitly provide the attribute with value as empty input.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::CodeBuild::Project",
"Properties" : {
"Artifacts" : Artifacts,
"BadgeEnabled" : Boolean,
"BuildBatchConfig" : ProjectBuildBatchConfig,
"Cache" : ProjectCache,
"ConcurrentBuildLimit" : Integer,
"Description" : String,
"EncryptionKey" : String,
"Environment" : Environment,
"FileSystemLocations" : [ ProjectFileSystemLocation, ... ],
"LogsConfig" : LogsConfig,
"Name" : String,
"QueuedTimeoutInMinutes" : Integer,
"ResourceAccessRole" : String,
"SecondaryArtifacts" : [ Artifacts, ... ],
"SecondarySources" : [ Source, ... ],
"SecondarySourceVersions" : [ ProjectSourceVersion, ... ],
"ServiceRole" : String,
"Source" : Source,
"SourceVersion" : String,
"Tags" : [ Tag, ... ],
"TimeoutInMinutes" : Integer,
"Triggers" : ProjectTriggers,
"Visibility" : String,
"VpcConfig" : VpcConfig
}
}
Properties
Artifacts
Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.
Required: Yes
Type: Artifacts
Update requires: No interruption
BadgeEnabled
Indicates whether AWS CodeBuild generates a publicly accessible URL for your project's build badge. For more information, see Build Badges Sample in the AWS CodeBuild User Guide.
Note
Including build badges with your project is currently not supported if the source type is CodePipeline. If you specify CODEPIPELINE for the Source property, do not specify the BadgeEnabled property.
Required: No
Type: Boolean
Update requires: No interruption
BuildBatchConfig
AProjectBuildBatchConfig object that defines the batch build options for the project.
Required: No
Type: ProjectBuildBatchConfig
Update requires: No interruption
Cache
Settings that AWS CodeBuild uses to store and reuse build dependencies.
Required: No
Type: ProjectCache
Update requires: No interruption
ConcurrentBuildLimit
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
Required: No
Type: Integer
Update requires: No interruption
Description
A description that makes the build project easy to identify.
Required: No
Type: String
Minimum: 0
Maximum: 255
Update requires: No interruption
EncryptionKey
The AWS Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name>). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).
Required: No
Type: String
Minimum: 1
Update requires: No interruption
Environment
The build environment settings for the project, such as the environment type or the environment variables to use for the build environment.
Required: Yes
Type: Environment
Update requires: No interruption
FileSystemLocations
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
Required: No
Type: Array of ProjectFileSystemLocation
Update requires: No interruption
LogsConfig
Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.
Required: No
Type: LogsConfig
Update requires: No interruption
Name
The name of the build project. The name must be unique across all of the projects in your AWS account.
Required: No
Type: String
Pattern: [A-Za-z0-9][A-Za-z0-9\-_]{1,149}
Minimum: 2
Maximum: 150
Update requires: Replacement
QueuedTimeoutInMinutes
The number of minutes a build is allowed to be queued before it times out.
Required: No
Type: Integer
Minimum: 5
Maximum: 480
Update requires: No interruption
ResourceAccessRole
The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.
Required: No
Type: String
Minimum: 1
Update requires: No interruption
SecondaryArtifacts
A list of Artifacts objects. Each artifacts object specifies output settings that the project generates during a build.
Required: No
Type: Array of Artifacts
Minimum: 0
Maximum: 12
Update requires: No interruption
SecondarySources
An array of ProjectSource objects.
Required: No
Type: Array of Source
Minimum: 0
Maximum: 12
Update requires: No interruption
SecondarySourceVersions
An array of ProjectSourceVersion objects. IfsecondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
Required: No
Type: Array of ProjectSourceVersion
Minimum: 0
Maximum: 12
Update requires: No interruption
ServiceRole
The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
Required: Yes
Type: String
Minimum: 1
Update requires: No interruption
Source
The source code settings for the project, such as the source code's repository type and location.
Required: Yes
Type: Source
Update requires: No interruption
SourceVersion
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
- For CodeCommit: the commit ID, branch, or Git tag to use.
- For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format
pr/pull-request-ID(for examplepr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used. - For GitLab: the commit ID, branch, or Git tag to use.
- For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
- For Amazon S3: the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
Required: No
Type: String
Update requires: No interruption
Tags
An arbitrary set of tags (key-value pairs) for the AWS CodeBuild project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
Required: No
Type: Array of Tag
Minimum: 0
Maximum: 50
Update requires: No interruption
TimeoutInMinutes
How long, in minutes, from 5 to 2160 (36 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
Required: No
Type: Integer
Minimum: 5
Maximum: 2160
Update requires: No interruption
Triggers
For an existing AWS CodeBuild build project that has its source code stored in a GitHub repository, enables AWS CodeBuild to begin automatically rebuilding the source code every time a code change is pushed to the repository.
Required: No
Type: ProjectTriggers
Update requires: No interruption
Visibility
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
Required: No
Type: String
Update requires: No interruption
VpcConfig
VpcConfig specifies settings that enable AWS CodeBuild to access resources in an Amazon VPC. For more information, see Use AWS CodeBuild with Amazon Virtual Private Cloud in the AWS CodeBuild User Guide.
Required: No
Type: VpcConfig
Update requires: No interruption
Return values
Ref
When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the name of the AWS CodeBuild project, such as myProjectName.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using Fn::GetAtt, see Fn::GetAtt.
Arn
The ARN of the AWS CodeBuild project, such as arn:aws:codebuild:us-west-2:123456789012:project/myProjectName.
Examples
- Create a project
- Create a project with two filter groups.
- Create a project using Amazon S3 and Amazon VPC
Create a project
The following example creates an AWS CodeBuild project.
JSON
{
"Project": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Name": "myProjectName",
"Description": "A description about my project",
"ServiceRole": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] },
"Artifacts": {
"Type": "no_artifacts"
},
"Environment": {
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/java:openjdk-8",
"EnvironmentVariables": [
{
"Name": "varName",
"Type": "varType",
"Value": "varValue"
}
]
},
"Source": {
"Location": "codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c",
"Type": "S3"
},
"TimeoutInMinutes": 10,
"Tags": [
{
"Key": "Key1",
"Value": "Value1"
},
{
"Key": "Key2",
"Value": "Value2"
}
]
}
}
}YAML
Project:
Type: AWS::CodeBuild::Project
Properties:
Name: myProjectName
Description: A description about my project
ServiceRole: !GetAtt ServiceRole.Arn
Artifacts:
Type: no_artifacts
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/java:openjdk-8
EnvironmentVariables:
- Name: varName
Type: varType
Value: varValue
Source:
Location: codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c
Type: S3
TimeoutInMinutes: 10
Tags:
- Key: Key1
Value: Value1
- Key: Key2
Value: Value2Create a project with two filter groups.
The following example creates a project with two filter groups. Together, they trigger a build when one or both evaluate to true:
- The first filter group specifies pull requests are created or updated on branches with Git reference names that match the regular expression
^refs/heads/master$by a GitHub user that does not have account ID12345. - The second filter group specifies push requests are created on files with names that match the regular expression
READ_MEin branches with Git reference names that match the regular expression^refs/heads/.*.
For this example, the name of the service role is my-example-service-role. The name of the source location is my-example-source-location.
YAML
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: MyProject
ServiceRole: my-example-service-role
Artifacts:
Type: NO_ARTIFACTS
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:1.0
Source:
Type: GITHUB
Location: my-example-source-location
Triggers:
Webhook: true
FilterGroups:
- - Type: EVENT
Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED
- Type: BASE_REF
Pattern: ^refs/heads/master$
ExcludeMatchedPattern: false
- Type: ACTOR_ACCOUNT_ID
Pattern: 12345
ExcludeMatchedPattern: true
- - Type: EVENT
Pattern: PUSH
- Type: HEAD_REF
Pattern: ^refs/heads/.*
- Type: FILE_PATH
Pattern: READ_ME
ExcludeMatchedPattern: trueJSON
{
"CodeBuildProject": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Name": "MyProject",
"ServiceRole": "my-example-service-role",
"Artifacts": {
"Type": "NO_ARTIFACTS"
},
"Environment": {
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/standard:1.0"
},
"Source": {
"Type": "GITHUB",
"Location": "my-example-source-location"
},
"Triggers": {
"Webhook": true,
"FilterGroups": [
[
{
"Type": "EVENT",
"Pattern": "PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED"
},
{
"Type": "BASE_REF",
"Pattern": "^refs/heads/master$",
"ExcludeMatchedPattern": false
},
{
"Type": "ACTOR_ACCOUNT_ID",
"Pattern": 12345,
"ExcludeMatchedPattern": true
}
],
[
{
"Type": "EVENT",
"Pattern": "PUSH"
},
{
"Type": "HEAD_REF",
"Pattern": "^refs/heads/.*"
},
{
"Type": "FILE_PATH",
"Pattern": "READ_ME",
"ExcludeMatchedPattern": true
}
]
]
}
}
}
}Create a project using Amazon S3 and Amazon VPC
The following example creates a project that caches build dependencies in Amazon S3 and uses resources in an Amazon VPC.
YAML
Resources:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
ServiceRole: !GetAtt CodeBuildRole.Arn
Artifacts:
Type: CODEPIPELINE
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/ubuntu-base:14.04
EnvironmentVariables:
- Name: varName1
Value: varValue1
- Name: varName2
Value: varValue2
Type: PLAINTEXT
- Name: varName3
Value: /CodeBuild/testParameter
Type: PARAMETER_STORE
Source:
Type: CODEPIPELINE
TimeoutInMinutes: 10
VpcConfig:
VpcId: !Ref CodeBuildVPC
Subnets: [!Ref CodeBuildSubnet]
SecurityGroupIds: [!Ref CodeBuildSecurityGroup]
Cache:
Type: S3
Location: <mybucket/prefix>
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codebuild.amazonaws.com]
Version: '2012-10-17'
Path: /
Policies:
- PolicyName: CodeBuildAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'logs:*'
- 'ec2:CreateNetworkInterface'
- 'ec2:DescribeNetworkInterfaces'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DescribeSubnets'
- 'ec2:DescribeSecurityGroups'
- 'ec2:DescribeDhcpOptions'
- 'ec2:DescribeVpcs'
- 'ec2:CreateNetworkInterfacePermission'
Effect: Allow
Resource: '*'
CodeBuildVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: name
Value: codebuild
CodeBuildSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: CodeBuildVPC
CidrBlock: 10.0.1.0/24
CodeBuildSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: Codebuild Internet Group
GroupDescription: 'CodeBuild SecurityGroup'
VpcId: !Ref CodeBuildVPCJSON
{
"Resources": {
"CodeBuildProject": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"ServiceRole": {
"Fn::GetAtt": [
"CodeBuildRole",
"Arn"
]
},
"Artifacts": {
"Type": "CODEPIPELINE"
},
"Environment": {
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/ubuntu-base:14.04",
"EnvironmentVariables": [
{
"Name": "varName1",
"Value": "varValue1"
},
{
"Name": "varName2",
"Value": "varValue2",
"Type": "PLAINTEXT"
},
{
"Name": "varName3",
"Value": "/CodeBuild/testParameter",
"Type": "PARAMETER_STORE"
}
]
},
"Source": {
"Type": "CODEPIPELINE"
},
"TimeoutInMinutes": 10,
"VpcConfig": {
"VpcId": {
"Ref": "CodeBuildVPC"
},
"Subnets": [
{
"Ref": "CodeBuildSubnet"
}
],
"SecurityGroupIds": [
{
"Ref": "CodeBuildSecurityGroup"
}
]
},
"Cache": {
"Type": "S3",
"Location": "<mybucket/prefix>"
}
}
},
"CodeBuildRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
}
}
],
"Version": "2012-10-17"
},
"Path": "/",
"Policies": [
{
"PolicyName": "CodeBuildAccess",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:*",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeDhcpOptions",
"ec2:DescribeVpcs",
"ec2:CreateNetworkInterfacePermission"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
}
]
}
},
"CodeBuildVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [
{
"Key": "name",
"Value": "codebuild"
}
]
}
},
"CodeBuildSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "CodeBuildVPC"
},
"CidrBlock": "10.0.1.0/24"
}
},
"CodeBuildSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "Codebuild Internet Group",
"GroupDescription": "CodeBuild SecurityGroup",
"VpcId": {
"Ref": "CodeBuildVPC"
}
}
}
}
}See also
- CreateProject in the AWS CodeBuild API Reference