PipelineProjectProps
- class aws_cdk.aws_codebuild.PipelineProjectProps(*, allow_all_outbound=None, badge=None, build_spec=None, cache=None, check_secrets_in_plain_text_env_variables=None, concurrent_build_limit=None, description=None, encryption_key=None, environment=None, environment_variables=None, file_system_locations=None, grant_report_group_permissions=None, logging=None, project_name=None, queued_timeout=None, role=None, security_groups=None, ssm_session_permissions=None, subnet_selection=None, timeout=None, visibility=None, vpc=None)
Bases:
CommonProjectProps
- Parameters:
allow_all_outbound (
Optional
[bool
]) – Whether to allow the CodeBuild to send all network traffic. If set to false, you must individually add traffic rules to allow the CodeBuild project to connect to network targets. Only used if ‘vpc’ is supplied. Default: truebadge (
Optional
[bool
]) – Indicates whether AWS CodeBuild generates a publicly accessible URL for your project’s build badge. For more information, see Build Badges Sample in the AWS CodeBuild User Guide. Default: falsebuild_spec (
Optional
[BuildSpec
]) – Filename or contents of buildspec in JSON format. Default: - Empty buildspec.cache (
Optional
[Cache
]) – Caching strategy to use. Default: Cache.nonecheck_secrets_in_plain_text_env_variables (
Optional
[bool
]) – Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT. Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console, the construct will throw an exception if it detects a secret was passed there. Pass this property as false if you want to skip this validation, and keep using a secret in a plain text environment variable. Default: trueconcurrent_build_limit (
Union
[int
,float
,None
]) – Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is setdescription (
Optional
[str
]) – A description of the project. Use the description to identify the purpose of the project. Default: - No description.encryption_key (
Optional
[IKey
]) – Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.environment (
Union
[BuildEnvironment
,Dict
[str
,Any
],None
]) – Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0environment_variables (
Optional
[Mapping
[str
,Union
[BuildEnvironmentVariable
,Dict
[str
,Any
]]]]) – Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.file_system_locations (
Optional
[Sequence
[IFileSystemLocation
]]) – An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locationsgrant_report_group_permissions (
Optional
[bool
]) – Add permissions to this project’s role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the ‘reports’ section of the buildspec of this project. This is usually harmless, but you can turn these off if you don’t plan on using test reports in this project. Default: truelogging (
Union
[LoggingOptions
,Dict
[str
,Any
],None
]) – Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both. Default: - no log configuration is setproject_name (
Optional
[str
]) – The physical, human-readable name of the CodeBuild Project. Default: - Name is automatically generated.queued_timeout (
Optional
[Duration
]) – The number of minutes after which AWS CodeBuild stops the build if it’s still in queue. For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide. Default: - no queue timeout is setrole (
Optional
[IRole
]) – Service Role to assume while running the build. Default: - A role will be created.security_groups (
Optional
[Sequence
[ISecurityGroup
]]) – What security group to associate with the codebuild project’s network interfaces. If no security group is identified, one will be created automatically. Only used if ‘vpc’ is supplied. Default: - Security group will be automatically created.ssm_session_permissions (
Optional
[bool
]) – Add the permissions necessary for debugging builds with SSM Session Manager. If the following prerequisites have been met: - The necessary permissions have been added by setting this flag to true. - The build image has the SSM agent installed (true for default CodeBuild images). - The build is started with debugSessionEnabled set to true. Then the build container can be paused and inspected using Session Manager by invoking thecodebuild-breakpoint
command somewhere during the build.codebuild-breakpoint
commands will be ignored if the build is not started withdebugSessionEnabled=true
. Default: falsesubnet_selection (
Union
[SubnetSelection
,Dict
[str
,Any
],None
]) – Where to place the network interfaces within the VPC. To access AWS services, your CodeBuild project needs to be in one of the following types of subnets: 1. Subnets with access to the internet (of type PRIVATE_WITH_EGRESS). 2. Private subnets unconnected to the internet, but with VPC endpoints for the necessary services. If you don’t specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist, then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn’t have PRIVATE_WITH_EGRESS subnets but you need AWS service access, add VPC Endpoints to your private subnets. Default: - private subnets if available else public subnetstimeout (
Optional
[Duration
]) – The number of minutes after which AWS CodeBuild stops the build if it’s not complete. For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide. Default: Duration.hours(1)visibility (
Optional
[ProjectVisibility
]) – Specifies the visibility of the project’s builds. Default: - no visibility is setvpc (
Optional
[IVpc
]) – VPC network to place codebuild network interfaces. Specify this if the codebuild project needs to access resources in a VPC. Default: - No VPC is specified.
- ExampleMetadata:
infused
Example:
# Create a Cloudfront Web Distribution import aws_cdk.aws_cloudfront as cloudfront # distribution: cloudfront.Distribution # Create the build project that will invalidate the cache invalidate_build_project = codebuild.PipelineProject(self, "InvalidateProject", build_spec=codebuild.BuildSpec.from_object({ "version": "0.2", "phases": { "build": { "commands": ["aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths "/*"" ] } } }), environment_variables={ "CLOUDFRONT_ID": codebuild.BuildEnvironmentVariable(value=distribution.distribution_id) } ) # Add Cloudfront invalidation permissions to the project distribution_arn = f"arn:aws:cloudfront::{this.account}:distribution/{distribution.distributionId}" invalidate_build_project.add_to_role_policy(iam.PolicyStatement( resources=[distribution_arn], actions=["cloudfront:CreateInvalidation" ] )) # Create the pipeline (here only the S3 deploy and Invalidate cache build) deploy_bucket = s3.Bucket(self, "DeployBucket") deploy_input = codepipeline.Artifact() codepipeline.Pipeline(self, "Pipeline", stages=[codepipeline.StageProps( stage_name="Deploy", actions=[ codepipeline_actions.S3DeployAction( action_name="S3Deploy", bucket=deploy_bucket, input=deploy_input, run_order=1 ), codepipeline_actions.CodeBuildAction( action_name="InvalidateCache", project=invalidate_build_project, input=deploy_input, run_order=2 ) ] ) ] )
Attributes
- allow_all_outbound
Whether to allow the CodeBuild to send all network traffic.
If set to false, you must individually add traffic rules to allow the CodeBuild project to connect to network targets.
Only used if ‘vpc’ is supplied.
- Default:
true
- badge
Indicates whether AWS CodeBuild generates a publicly accessible URL for your project’s build badge.
For more information, see Build Badges Sample in the AWS CodeBuild User Guide.
- Default:
false
- build_spec
Filename or contents of buildspec in JSON format.
- Default:
Empty buildspec.
- See:
- cache
Caching strategy to use.
- Default:
Cache.none
- check_secrets_in_plain_text_env_variables
Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT. Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console, the construct will throw an exception if it detects a secret was passed there. Pass this property as false if you want to skip this validation, and keep using a secret in a plain text environment variable.
- Default:
true
- concurrent_build_limit
Maximum number of concurrent builds.
Minimum value is 1 and maximum is account build limit.
- Default:
no explicit limit is set
- description
A description of the project.
Use the description to identify the purpose of the project.
- Default:
No description.
- encryption_key
Encryption key to use to read and write artifacts.
- Default:
The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
- environment
Build environment to use for the build.
- Default:
BuildEnvironment.LinuxBuildImage.STANDARD_7_0
- environment_variables
Additional environment variables to add to the build environment.
- Default:
No additional environment variables are specified.
- file_system_locations
An ProjectFileSystemLocation objects for a CodeBuild build project.
A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
- Default:
no file system locations
- grant_report_group_permissions
Add permissions to this project’s role to create and use test report groups with name starting with the name of this project.
That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the ‘reports’ section of the buildspec of this project. This is usually harmless, but you can turn these off if you don’t plan on using test reports in this project.
- logging
Information about logs for the build project.
A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.
- Default:
no log configuration is set
- project_name
The physical, human-readable name of the CodeBuild Project.
- Default:
Name is automatically generated.
- queued_timeout
The number of minutes after which AWS CodeBuild stops the build if it’s still in queue.
For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide.
- Default:
no queue timeout is set
- role
Service Role to assume while running the build.
- Default:
A role will be created.
- security_groups
What security group to associate with the codebuild project’s network interfaces.
If no security group is identified, one will be created automatically.
Only used if ‘vpc’ is supplied.
- Default:
Security group will be automatically created.
- ssm_session_permissions
Add the permissions necessary for debugging builds with SSM Session Manager.
If the following prerequisites have been met:
The necessary permissions have been added by setting this flag to true.
The build image has the SSM agent installed (true for default CodeBuild images).
The build is started with debugSessionEnabled set to true.
Then the build container can be paused and inspected using Session Manager by invoking the
codebuild-breakpoint
command somewhere during the build.codebuild-breakpoint
commands will be ignored if the build is not started withdebugSessionEnabled=true
.
- subnet_selection
Where to place the network interfaces within the VPC.
To access AWS services, your CodeBuild project needs to be in one of the following types of subnets:
Subnets with access to the internet (of type PRIVATE_WITH_EGRESS).
Private subnets unconnected to the internet, but with VPC endpoints for the necessary services.
If you don’t specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist, then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn’t have PRIVATE_WITH_EGRESS subnets but you need AWS service access, add VPC Endpoints to your private subnets.
- Default:
private subnets if available else public subnets
- See:
https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html
- timeout
The number of minutes after which AWS CodeBuild stops the build if it’s not complete.
For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide.
- Default:
Duration.hours(1)
- visibility
Specifies the visibility of the project’s builds.
- Default:
no visibility is set
- vpc
VPC network to place codebuild network interfaces.
Specify this if the codebuild project needs to access resources in a VPC.
- Default:
No VPC is specified.