# Builds in AWS CodeBuild
-a
```
To run an ARM build, run the following command:
```
$ ./codebuild_build.sh -i -a -l public.ecr.aws/codebuild/local-builds:aarch64
```
Replace ** with the name of the container image, such as `aws/codebuild/standard:5.0` or `public.ecr.aws/codebuild/amazonlinux-x86_64-standard:4.0`.
The script launches the build image and runs the build on the project in the current directory. To specify the location of the build project, add the `-s ` option to the script command.
## Receive notifications for new CodeBuild agent versions
```
Use this if you want to run a build that uses the latest version of the build input artifact and the build project's existing settings.
```
aws codebuild start-build --generate-cli-skeleton
```
Use this if you want to run a build with an earlier version of the build input artifact or if you want to override the settings for the build output artifacts, environment variables, buildspec, or default build timeout period.
1. If you run the **start-build** command with the `--project-name` option, replace ** with the name of the build project, and then skip to step 6 of this procedure. To get a list of build projects, see [View build project names](view-project-list.md).
1. If you run the **start-build** command with the `--idempotency-token` option, a unique case-sensitive identifier or token, is included with the `start-build` request. The token is valid for 5 minutes after the request. If you repeat the `start-build` request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
1. If you run the **start-build** command with the `--generate-cli-skeleton` option, JSON-formatted data appears in the output. Copy the data to a file (for example, `start-build.json`) in a location on the local computer or instance where the AWS CLI is installed. Modify the copied data to match the following format, and save your results:
```
{
"projectName": "projectName",
"sourceVersion": "sourceVersion",
"artifactsOverride": {
"type": "type",
"location": "location",
"path": "path",
"namespaceType": "namespaceType",
"name": "artifactsOverride-name",
"packaging": "packaging"
},
"buildspecOverride": "buildspecOverride",
"cacheOverride": {
"location": "cacheOverride-location",
"type": "cacheOverride-type"
},
"certificateOverride": "certificateOverride",
"computeTypeOverride": "computeTypeOverride",
"environmentTypeOverride": "environmentTypeOverride",
"environmentVariablesOverride": {
"name": "environmentVariablesOverride-name",
"value": "environmentVariablesValue",
"type": "environmentVariablesOverride-type"
},
"gitCloneDepthOverride": "gitCloneDepthOverride",
"imageOverride": "imageOverride",
"idempotencyToken": "idempotencyToken",
"insecureSslOverride": "insecureSslOverride",
"privilegedModeOverride": "privilegedModeOverride",
"queuedTimeoutInMinutesOverride": "queuedTimeoutInMinutesOverride",
"reportBuildStatusOverride": "reportBuildStatusOverride",
"timeoutInMinutesOverride": "timeoutInMinutesOverride",
"sourceAuthOverride": "sourceAuthOverride",
"sourceLocationOverride": "sourceLocationOverride",
"serviceRoleOverride": "serviceRoleOverride",
"sourceTypeOverride": "sourceTypeOverride"
}
```
Replace the following placeholders:
+ *projectName*: Required string. The name of the build project to use for this build.
+ *sourceVersion*: Optional string. A version of the source code to be built, as follows:
+ For Amazon S3, the version ID that corresponds to the version of the input ZIP file you want to build. If *sourceVersion* is not specified, then the latest version is used.
+ For CodeCommit, the commit ID that corresponds to the version of the source code you want to build. If *sourceVersion* is not specified, the default branch's HEAD commit ID is used. (You cannot specify a tag name for *sourceVersion*, but you can specify the tag's commit ID.)
+ For GitHub, the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format `pr/pull-request-ID` (for example, `pr/25`). If a branch name is specified, the branch's HEAD commit ID is used. If *sourceVersion* is not specified, the default branch's HEAD commit ID is used.
+ For Bitbucket, the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If *sourceVersion* is not specified, the default branch's HEAD commit ID is used.
+ The following placeholders are for `artifactsOverride`.
+ *type*: Optional. The build output artifact type that overrides for this build the one defined in the build project.
+ *location*: Optional. The build output artifact location that overrides for this build the one defined in the build project.
+ *path*: Optional. The build output artifact path that overrides for this build the one defined in the build project.
+ *namespaceType*: Optional. The build output artifact path type that overrides for this build the one defined in the build project.
+ *name*: Optional. The build output artifact name that overrides for this build the one defined in the build project.
+ *packaging*: Optional. The build output artifact packaging type that overrides for this build the one defined in the build project.
+ *buildspecOverride*: Optional. A buildspec declaration that overrides for this build the one defined in the build project. If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in `CODEBUILD_SRC_DIR` environment variable, or the path to an S3 bucket. The S3 bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, `arn:aws:s3:::/buildspec.yml`). If this value is not provided or is set to an empty string, the source code must contain a `buildspec.yml` file in its root directory. For more information, see [Buildspec file name and storage location](build-spec-ref.md#build-spec-ref-name-storage).
+ The following placeholders are for `cacheOverride`.
+ *cacheOverride-location*: Optional. The location of a `ProjectCache` object for this build that overrides the `ProjectCache` object specified in the build project. `cacheOverride` is optional and takes a `ProjectCache` object. `location` is required in a `ProjectCache` object.
+ *cacheOverride-type*: Optional. The type of a `ProjectCache` object for this build that overrides the `ProjectCache` object specified in the build project. `cacheOverride` is optional and takes a `ProjectCache` object. `type` is required in a `ProjectCache` object.
+ *certificateOverride*: Optional. The name of a certificate for this build that overrides the one specified in the build project.
+ *environmentTypeOverride*: Optional. A container type for this build that overrides the one specified in the build project. The current valid string is `LINUX_CONTAINER`.
+ The following placeholders are for `environmentVariablesOverride`.
+ *environmentVariablesOverride-name*: Optional. The name of an environment variable in the build project whose value you want to override for this build.
+ *environmentVariablesOverride-type*: Optional. The type of environment variable in the build project whose value you want to override for this build.
+ *environmentVariablesValue*: Optional. The value of the environment variable defined in the build project that you want to override for this build.
+ *gitCloneDepthOverride*: Optional. The value of the **Git clone depth** in the build project whose value you want to override for this build. If your source type is Amazon S3, this value is not supported.
+ *imageOverride*: Optional. The name of an image for this build that overrides the one specified in the build project.
+ *idempotencyToken*: Optional. A string that serves as a token to specify that the build request is idempotent. You can choose any string that is 64 characters or less. The token is valid for 5 minutes after the start-build request. If you repeat the start-build request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
+ *insecureSslOverride*: Optional boolean that specifies whether to override the insecure TLS setting specified in the build project. The insecure TLS setting determines whether to ignore TLS warnings while connecting to the project source code. This override applies only if the build's source is GitHub Enterprise Server.
+ *privilegedModeOverride*: Optional boolean. If set to true, the build overrides privileged mode in the build project.
+ *queuedTimeoutInMinutesOverride*: Optional integer that specifies the number of minutes a build is allowed to be queued before it times out. Its minimum value is five minutes and its maximum value is 480 minutes (eight hours).
+ *reportBuildStatusOverride*: Optional boolean that specifies whether to send your source provider the status of a build's start and completion. If you set this with a source provider other than GitHub, GitHub Enterprise Server, or Bitbucket, an invalidInputException is thrown.
+ *sourceAuthOverride*: Optional string. An authorization type for this build that overrides the one defined in the build project. This override applies only if the build project's source is Bitbucket or GitHub.
+ *sourceLocationOverride*: Optional string. A location that overrides for this build the source location for the one defined in the build project.
+ *serviceRoleOverride*: Optional string. The name of a service role for this build that overrides the one specified in the build project.
+ *sourceTypeOverride*: Optional string. A source input type for this build that overrides the source input defined in the build project. Valid strings are `NO_SOURCE`, `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `S3`, `BITBUCKET`, and `GITHUB_ENTERPRISE`.
+ *timeoutInMinutesOverride*: Optional number. The number of build timeout minutes that overrides for this build the one defined in the build project.
We recommend that you store an environment variable with a sensitive value, such as an AWS access key ID, an AWS secret access key, or a password as a parameter in Amazon EC2 Systems Manager Parameter Store. CodeBuild can use a parameter stored in Amazon EC2 Systems Manager Parameter Store only if that parameter's name starts with `/CodeBuild/` (for example, `/CodeBuild/dockerLoginPassword`). You can use the CodeBuild console to create a parameter in Amazon EC2 Systems Manager. Choose **Create a parameter**, and then follow the instructions. (In that dialog box, for **KMS key**, you can optionally specify the ARN of an AWS KMS key in your account. Amazon EC2 Systems Manager uses this key to encrypt the parameter's value during storage and decrypt during retrieval.) If you use the CodeBuild console to create a parameter, the console starts the parameter with `/CodeBuild/` as it is being stored. However, if you use the Amazon EC2 Systems Manager Parameter Store console to create a parameter, you must start the parameter's name with `/CodeBuild/`, and you must set **Type** to **Secure String**. For more information, see [AWS Systems Manager parameter store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) and [Walkthrough: Create and test a String parameter (console)](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-console.html) in the *Amazon EC2 Systems Manager User Guide*.
If your build project refers to parameters stored in Amazon EC2 Systems Manager Parameter Store, the build project's service role must allow the `ssm:GetParameters` action. If you chose **Create a new service role in your account** earlier, then CodeBuild includes this action in the default service role for your build project automatically. However, if you chose **Choose an existing service role from your account**, then you must include this action in your service role separately.
Environment variables you set replace existing environment variables. For example, if the Docker image already contains an environment variable named `MY_VAR` with a value of `my_value`, and you set an environment variable named `MY_VAR` with a value of `other_value`, then `my_value` is replaced by `other_value`. Similarly, if the Docker image already contains an environment variable named `PATH` with a value of `/usr/local/sbin:/usr/local/bin`, and you set an environment variable named `PATH` with a value of `$PATH:/usr/share/ant/bin`, then `/usr/local/sbin:/usr/local/bin` is replaced by the literal value `$PATH:/usr/share/ant/bin`.
Do not set any environment variable with a name that begins with `CODEBUILD_`. This prefix is reserved for internal use.
If an environment variable with the same name is defined in multiple places, the environment variable's value is determined as follows:
+ The value in the start build operation call takes highest precedence.
+ The value in the build project definition takes next precedence.
+ The value in the buildspec file declaration takes lowest precedence.
For information about valid values for these placeholders, see [Create a build project (AWS CLI)](create-project.md#create-project-cli). For a list of the latest settings for a build project, see [View build project details](view-project-details.md).
1. Switch to the directory that contains the file you just saved, and run the `start-build` command again.
```
aws codebuild start-build --cli-input-json file://start-build.json
```
1. If successful, data similar to that described in the [To run the build](getting-started-overview.md#getting-started-run-build-cli) procedure appears in the output.
To work with detailed information about this build, make a note of the `id` value in the output, and then see [View build details (AWS CLI)](view-build-details.md#view-build-details-cli).
# Run a batch build (AWS CLI)
```
Use this if you want to run a build that uses the latest version of the build input artifact and the build project's existing settings.
```
aws codebuild start-build-batch --generate-cli-skeleton >
```
Use this if you want to run a build with an earlier version of the build input artifact or if you want to override the settings for the build output artifacts, environment variables, buildspec, or default build timeout period.
1. If you run the **start-build-batch** command with the `--project-name` option, replace ** with the name of the build project, and then skip to step 6 of this procedure. To get a list of build projects, see [View build project names](view-project-list.md).
1. If you run the **start-build-batch** command with the `--idempotency-token` option, a unique case-sensitive identifier, or token, is included with the `start-build-batch` request. The token is valid for 5 minutes after the request. If you repeat the `start-build-batch` request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
1. If you run the **start-build-batch** command with the `--generate-cli-skeleton` option, JSON-formatted data is output to the ** file. This file is similar to the skelton produced by the **start-build** command, with the addition of the following object. For more information about the common objects, see [Run a build (AWS CLI)](run-build-cli.md).
Modify this file to add any build overrides, and save your results.
```
"buildBatchConfigOverride": {
"combineArtifacts": combineArtifacts,
"restrictions": {
"computeTypesAllowed": [
allowedComputeTypes
],
"maximumBuildsAllowed": maximumBuildsAllowed
},
"serviceRole": "batchServiceRole",
"timeoutInMins": batchTimeout
}
```
The `buildBatchConfigOverride` object is a [ProjectBuildBatchConfig](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectBuildBatchConfig.html) structure that contains the batch build configuration overides for this build.
*combineArtifacts*
A boolean that specifies if the build artifacts for the batch build should be combined into a single artifact location.
*allowedComputeTypes*
An array of strings that specify the compute types that are allowed for the batch build. See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html) for these values.
*maximumBuildsAllowed*
Specifies the maximum number of builds allowed.
*batchServiceRole*
Specifies the service role ARN for the batch build project.
*batchTimeout*
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
1. Switch to the directory that contains the file you just saved, and run the `start-build-batch` command again.
```
aws codebuild start-build-batch --cli-input-json file://start-build.json
```
1. If successful, the JSON representation of a [BuildBatch](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_BuildBatch.html) object appears in the console output. See the [StartBuildBatch Response Syntax](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_StartBuildBatch.html#API_StartBuildBatch_ResponseSyntax) for an example of this data.
# Start running builds automatically (AWS CLI)
```
** is the name of the build project that contains the source code to be rebuilt.
For GitHub, information similar to the following appears in the output:
```
{
"webhook": {
"url": ""
}
}
```
** is the URL to the GitHub webhook.
For GitHub Enterprise Server, information similar to the following appears in the output:
![\[Sample output information.\]](http://docs.aws.amazon.com/codebuild/latest/userguide/images/create-webhook-ghe.png)
1. Copy the secret key and payload URL from the output. You need them to add a webhook in GitHub Enterprise Server.
1. In GitHub Enterprise Server, choose the repository where your CodeBuild project is stored. Choose **Settings**, choose **Hooks & services**, and then choose **Add webhook**.
1. Enter the payload URL and secret key, accept the defaults for the other fields, and then choose **Add webhook**.
# Stop running builds automatically (AWS CLI)
```
+ where ** is the name of the build project that contains the source code to be rebuilt.
If this command is successful, no information and no errors appear in the output.
**Note**
This deletes the webhook from your CodeBuild project only. You should also delete the webhook from your GitHub or GitHub Enterprise Server repository.
# Run a build (AWS SDKs)
```
1. Upload the AWS SAM project folder to a supported source repository. For a list of supported source types, see [ProjectSource](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSource.html).
## Create a CodeBuild Lambda Java project
` to create a simple React app.
1. Upload the React app project folder to a supported source repository. For a list of supported source types, see [ProjectSource](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSource.html).
## Create a CodeBuild Lambda Node.js project
"
LAMBDA_ENV_VARIABLE: "FEATURE_ENABLED"
LAMBDA_ENV_VARIABLE_VALUE: "true"
phases:
install:
commands:
- pip3 install boto3
build:
commands:
- python3 update_lambda_environment_variables.py
```
1. Choose **Update buildspec**.
## Update your Lambda configuration
[ ...]
```
+ ``, ``, etc.: One or more glob patterns to match against the files in your working directory.
+ `*`: Matches any sequence of characters (excluding path separators).
+ `**`: Matches any sequence of characters (including path separators).
**Note**
Ensure that the glob string has quotes. To check the results of pattern-matching, use the `echo` command.
```
version: 0.2
phases:
build:
commands:
- echo $(codebuild-glob-search '**/__tests__/*.js')
- codebuild-glob-search '**/__tests__/*.js' | xargs -n 1 echo
```
## Output
`, where the `shard_number` represents the number of the shard in which the report group is created. This organization allows you to track and analyze trends at both the consolidated and individual build levels, providing flexibility in how you monitor and evaluate their build processes.
The batch-build report follows the same structure as [individual build reports](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_Report.html). The following key fields in the **Report** tab are specific to batch-build reports:
**Batch build report status**
The status of batch build reports follows specific rules depending on the report type:
+ Test reports:
+ Succeeded: Status is set to succeeded when all individual build reports have succeeded.
+ Failed: Status is set to failed if any individual build report has failed.
+ Incomplete: Status is marked as incomplete if any individual build report is missing or has an incomplete status.
+ Code coverage reports:
+ Complete: Status is set to complete when all individual build reports are complete.
+ Failed: Status is set to failed if any individual build report has failed.
+ Incomplete: Status is marked as incomplete if any individual build report is missing or has an incomplete status.
**Test summary**
The merged test report consolidates the following fields from all individual build reports:
+ duration-in-nano-seconds: Maximum test duration time in nanoseconds among all individual build reports.
+ total: The combined count of all test cases, summing the total number of tests from each build.
+ status-counts: Provides a consolidated view of test statuses such as passed, failed, or skipped, calculated by aggregating the count of each status type across all individual builds.
**Code coverage summary**
The merged code coverage report combines fields from all individual builds using the following calculations:
+ branches-covered: Sum of all covered branches from individual reports.
+ branches-missed: Sum of all missed branches from individual reports.
+ branch-coverage-percentage: `(Total covered branches / Total branches) * 100`
+ lines-covered: Sum of all covered lines from individual reports.
+ lines-missed: Sum of all missed lines from individual reports.
+ lines-coverage-percentage: `(Total covered lines / Total lines) * 100`
**Execution ID**
The batch build ARN.
**Test cases**
The merged report contains a consolidated list of all test cases from individual builds, accessible through both the [DescribeTestCases](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_DescribeTestCases.html) API and the batch build report in the console.
**Code coverages**
The merged code coverage report provides consolidated line and branch coverage information for each file across all individual builds, accessible through both the [DescribeCodeCoverages](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_DescribeCodeCoverages.html) API and the batch build report in the console. Note: For files covered by multiple test files distributed across different shards, the merged report uses the following selection criteria:
1. Primary selection is based on the highest line coverage among shards.
1. If line coverage is equal across multiple shards, the shard with the highest branch coverage is selected.
# Parallel test execution for various test frameworks sample
...
```
Here are some examples using `codebuild-hash-files`:
```
codebuild-hash-files package-lock.json
codebuild-hash-files '**/*.md'
```
## Cache version
Artifacts:
Type: S3
Location:
Name: myArtifact
EncryptionDisabled: true
OverrideArtifactName: true
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:5.0
Certificate:
# PrivilegedMode must be true if you specify LOCAL_DOCKER_LAYER_CACHE
PrivilegedMode: true
Source:
Type: GITHUB
Location:
InsecureSsl: true
GitCloneDepth: 1
ReportBuildStatus: false
TimeoutInMinutes: 10
Cache:
Type: LOCAL
Modes: # You can specify one or more cache mode,
- LOCAL_CUSTOM_CACHE
- LOCAL_DOCKER_LAYER_CACHE
- LOCAL_SOURCE_CACHE
```
**Note**
By default, Docker daemon is enabled for non-VPC builds. If you would like to use Docker containers for VPC builds, see [Runtime Privilege and Linux Capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) on the Docker Docs website and enable privileged mode. Also, Windows does not support privileged mode.
For more information, see [Create a build project (CloudFormation)](create-project.md#create-project-cloud-formation).
# Debug builds in AWS CodeBuild
:`
For example, `project-name:d25be134-05cb-404a-85da-ac5f85d2d72c`.
+ Sandbox ARN: arn:aws:codebuild:**:**:sandbox/**:**
For example, `arn:aws:codebuild:us-west-2:962803963624:sandbox/project-name:d25be134-05cb-404a-85da-ac5f85d2d72c`.
------
#### [ Sample response ]
```
{
"sandboxes": [{
"id": "project-name",
"arn": "arn:aws:codebuild:us-west-2:962803963624:sandbox/project-name",
"projectName": "project-name",
"requestTime": "2025-02-06T11:24:15.560000-08:00",
"endTime": "2025-02-06T11:39:21.587000-08:00",
"status": "STOPPED",
"source": {
"type": "S3",
"location": "arn:aws:s3:::cofa-e2e-test-1-us-west-2-beta-default-build-sources/eb-sample-jetty-v4.zip",
"insecureSsl": false
},
"environment": {
"type": "LINUX_CONTAINER",
"image": "aws/codebuild/standard:6.0",
"computeType": "BUILD_GENERAL1_SMALL",
"environmentVariables": [{
"name": "foo",
"value": "bar",
"type": "PLAINTEXT"
},
{
"name": "bar",
"value": "baz",
"type": "PLAINTEXT"
}
],
"privilegedMode": false,
"imagePullCredentialsType": "CODEBUILD"
},
"timeoutInMinutes": 10,
"queuedTimeoutInMinutes": 480,
"logConfig": {
"cloudWatchLogs": {
"status": "ENABLED",
"groupName": "group",
"streamName": "stream"
},
"s3Logs": {
"status": "ENABLED",
"location": "codefactory-test-pool-1-us-west-2-beta-default-build-logs",
"encryptionDisabled": false
}
},
"encryptionKey": "arn:aws:kms:us-west-2:962803963624:alias/SampleEncryptionKey",
"serviceRole": "arn:aws:iam::962803963624:role/BuildExecutionServiceRole",
"currentSession": {
"id": "0103e0e7-52aa-4a3d-81dd-bfc27226fa54",
"currentPhase": "COMPLETED",
"status": "STOPPED",
"startTime": "2025-02-06T11:24:15.626000-08:00",
"endTime": "2025-02-06T11:39:21.600000-08:00",
"phases": [{
"phaseType": "SUBMITTED",
"phaseStatus": "SUCCEEDED",
"startTime": "2025-02-06T11:24:15.577000-08:00",
"endTime": "2025-02-06T11:24:15.606000-08:00",
"durationInSeconds": 0
},
{
"phaseType": "QUEUED",
"phaseStatus": "SUCCEEDED",
"startTime": "2025-02-06T11:24:15.606000-08:00",
"endTime": "2025-02-06T11:24:16.067000-08:00",
"durationInSeconds": 0
},
{
"phaseType": "PROVISIONING",
"phaseStatus": "SUCCEEDED",
"startTime": "2025-02-06T11:24:16.067000-08:00",
"endTime": "2025-02-06T11:24:20.519000-08:00",
"durationInSeconds": 4,
"contexts": [{
"statusCode": "",
"message": ""
}]
},
{
"phaseType": "DOWNLOAD_SOURCE",
"phaseStatus": "SUCCEEDED",
"startTime": "2025-02-06T11:24:20.519000-08:00",
"endTime": "2025-02-06T11:24:22.238000-08:00",
"durationInSeconds": 1,
"contexts": [{
"statusCode": "",
"message": ""
}]
},
{
"phaseType": "RUNNING_SANDBOX",
"phaseStatus": "TIMED_OUT",
"startTime": "2025-02-06T11:24:22.238000-08:00",
"endTime": "2025-02-06T11:39:21.560000-08:00",
"durationInSeconds": 899,
"contexts": [{
"statusCode": "BUILD_TIMED_OUT",
"message": "Build has timed out. "
}]
},
{
"phaseType": "COMPLETED",
"startTime": "2025-02-06T11:39:21.560000-08:00"
}
],
"logs": {
"groupName": "group",
"streamName": "stream/0103e0e7-52aa-4a3d-81dd-bfc27226fa54",
"deepLink": "https://console.aws.amazon.com/cloudwatch/home?region=us-west-2#logsV2:log-groups/log-group/group/log-events/stream$252F0103e0e7-52aa-4a3d-81dd-bfc27226fa54",
"s3DeepLink": "https://s3.console.aws.amazon.com/s3/object/codefactory-test-pool-1-us-west-2-beta-default-build-logs/0103e0e7-52aa-4a3d-81dd-bfc27226fa54.gz?region=us-west-2",
"cloudWatchLogsArn": "arn:aws:logs:us-west-2:962803963624:log-group:group:log-stream:stream/0103e0e7-52aa-4a3d-81dd-bfc27226fa54",
"s3LogsArn": "arn:aws:s3:::codefactory-test-pool-1-us-west-2-beta-default-build-logs/0103e0e7-52aa-4a3d-81dd-bfc27226fa54.gz",
"cloudWatchLogs": {
"status": "ENABLED",
"groupName": "group",
"streamName": "stream"
},
"s3Logs": {
"status": "ENABLED",
"location": "codefactory-test-pool-1-us-west-2-beta-default-build-logs",
"encryptionDisabled": false
}
}
}
}],
"sandboxesNotFound": []
}
```
------
### Stop a sandbox (AWS CLI)
:sandbox/
```
**Note**
To troubleshoot connection failures, use the `-v` flag to enable verbose output. For example, `ssh -v codebuild-sandbox-ssh=arn:aws:codebuild:us-east-1::sandbox/`.
For additional troubleshooting guidance, see [Troubleshooting AWS CodeBuild sandbox SSH connection issues](sandbox-troubleshooting.md).
## Step 4: Review your results
`, you may encounter an `InvalidInputException` error such as:
```
An error occurred (InvalidInputException) when calling the StartSandboxConnection
operation: Failed to start SSM session for {sandbox-arn}
User: arn:aws:sts:::assumed-role//AWSCodeBuild-
is not authorized to perform: ssm:StartSession on resource.
```
```
An error occurred (InvalidInputException) when calling the StartSandboxConnection
operation: Failed to start SSM session for
sandbox : codebuild: is not connected.
```
**Possible cause:**
+ Missing Amazon EC2 Systems Manager Agent: The build image does not have the SSM agent properly installed or configured.
+ Insufficient Permissions: The CodeBuild project service role lacks the required SSM permissions.
**Recommended solution:** If you are using a custom image for your build, do the following.
1. Install the SSM Agent. For more information, see [ Manually installing and uninstalling SSM Agent on Amazon EC2 instances for Linux](https://docs.aws.amazon.com/systems-manager/latest/userguide/manually-install-ssm-agent-linux.html) in the **. The SSM Agent version must be `3.0.1295.0` or later.
1. Copy the file, [ https://github.com/aws/aws-codebuild-docker-images/blob/master/ubuntu/standard/7.0/amazon-ssm-agent.json](https://github.com/aws/aws-codebuild-docker-images/blob/master/ubuntu/standard/7.0/amazon-ssm-agent.json) to the `/etc/amazon/ssm/` directory in your image. This enables **Container Mode** in the SSM agent.
1. Ensure your CodeBuild project's service role has the following permissions, then restart the sandbox environment:
```
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:codebuild:region:account-id:build/*",
"arn:aws:ssm:region::document/AWS-StartSSHSession"
]
}
```
## Error: "Unable to locate credentials" when SSH into CodeBuild sandbox environment
`, you may encounter the following credentials error:
```
Unable to locate credentials. You can configure credentials by running
"aws configure".
```
**Possible cause:** AWS credentials have not been properly configured in your local environment.
**Recommended solution:** Configure your AWS CLI credentials by following the official documentation: [ Configuring settings for the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) in the *AWS Command Line Interface User Guide for Version 2*.
## `StartSandboxConnection` `AccessDeniedException` error when SSH into CodeBuild sandbox environment
`, you may encounter the following permission error:
```
An error occurred (AccessDeniedException) when calling the StartSandboxConnection
operation:
User: arn:aws:sts::account-id:assumed-role/role-name
is not authorized to perform: codebuild:StartSandboxConnection on resource:
sandbox-arn
because no identity-based policy allows the codebuild:StartSandboxConnection action
```
**Possible cause:** Your AWS credentials lack the necessary CodeBuild permissions to perform this operation.
**Recommended solution:** Ensure that the IAM user or role associated with your AWS CLI credentials has the following permissions:
```
{
"Effect": "Allow",
"Action": [
"codebuild:StartSandboxConnection"
],
"Resource": [
"arn:aws:codebuild:region:account-id:sandbox/*"
]
}
```
## Error: "ssh: Could not resolve hostname" when SSH into CodeBuild sandbox environment
`, you encounter the following hostname resolution error:
```
ssh: Could not resolve hostname
```
**Possible cause:** This error typically occurs when the required CodeBuild sandbox connection script has not been properly executed in your local environment.
**Recommended solution:**
1. Download the CodeBuild sandbox connection script.
1. Execute the script in your terminal to establish the necessary SSH configuration.
1. Retry your SSH connection to the sandbox environment.
# Debug builds with Session Manager
",
"arn:aws:s3:::/*"
]
}
]
}
```
For more information, see [Auditing and logging session activity](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging-auditing.html) in the *AWS Systems Manager User Guide*.
## Pause the build
--region --output json
```
1. Copy the `sessionTarget` property value. The `sessionTarget` property name can vary depending on the output type of the `aws` command. This is why `--output json` is added to the command in the previous step.
1. Use the following command to connect to the build container.
```
aws ssm start-session --target --region
```
For this example, verify that the `/tmp/hello-world` file exists and contains the text `Hello World`.
## Resume the build
--idempotency-token
```
In the preceding command, replace the following placeholder:
+ **: Required string. The ID of the build or batch build to retry. To get a list of build IDs, see the following topics:
+ [View a list of build IDs (AWS CLI)](view-build-list.md#view-build-list-cli)
+ [View a list of batch build IDs (AWS CLI)](view-build-list.md#view-batch-build-list-cli)
+ [View a list of build IDs for a build project (AWS CLI)](view-builds-for-project.md#view-builds-for-project-cli)
+ [View a list of batch build IDs for a build project (AWS CLI)](view-builds-for-project.md#view-batch-builds-for-project-cli)
+ `--idempotency-token`: Optional. If you run the **retry-build** command with the option, a unique case-sensitive identifier, or token, is included with the `retry-build` request. The token is valid for 5 minutes after the request. If you repeat the `retry-build` request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
## Retry a build manually (AWS SDKs)
" \
--auto-retry-limit \
--source "" \
--artifacts {} \
--environment "{\"type\": \"environment-type>\",\"image\": \"image-type>\",\"computeType\": \"compute-type>\"}" \
--service-role "service-role>"
```
In the preceding command, replace the following placeholders:
+ **: Set the auto-retry limit to the maximum number of auto-retries desired after a failed build.
+ **, **, **, *environment-type>*, *image-type>*, *compute-type>*, and *service-role>*: Set your desired project configuration settings.
## Automatically retry a build (AWS SDKs)
```
In the preceding command, replace the following placeholder:
+ **: Required string. The identifier of the batch build to stop. To get a list of batch build identifiers, see the following topics:
+ [View a list of batch build IDs (AWS CLI)](view-build-list.md#view-batch-build-list-cli)
+ [View a list of batch build IDs for a build project (AWS CLI)](view-builds-for-project.md#view-batch-builds-for-project-cli)
## Stop a batch build (AWS SDKs)