Getting started with CodeBuild
In the following tutorials, you use AWS CodeBuild to build a collection of sample source code input files into a deployable version of the source code.
Both tutorials have the same input and results, but one uses the AWS CodeBuild console and the other uses the AWS CLI.
Important
We do not recommend that you use your AWS root account to complete this tutorial.
Topics
Getting started with AWS CodeBuild using the console
In this tutorial, you use AWS CodeBuild to build a collection of sample source code input files (build input artifacts or build input) into a deployable version of the source code (build output artifact or build output). Specifically, you instruct CodeBuild to use Apache Maven, a common build tool, to build a set of Java class files into a Java Archive (JAR) file. You do not need to be familiar with Apache Maven or Java to complete this tutorial.
You can work with CodeBuild through the CodeBuild console, AWS CodePipeline, the AWS CLI, or the AWS SDKs. This tutorial demonstrates how to use the CodeBuild console. For information about using CodePipeline, see Use CodeBuild with CodePipeline.
Important
The steps in this tutorial require you to create resources (for example, an S3 bucket)
that might result in charges to your AWS account. These include possible charges for
CodeBuild and for AWS resources and actions related to Amazon S3, AWS KMS, and CloudWatch Logs. For more
information, see AWS CodeBuild
pricing
Topics
- Step 1: Create the source code
- Step 2: Create the buildspec file
- Step 3: Create two S3 buckets
- Step 4: Upload the source code and the buildspec file
- Step 5: Create the build project
- Step 6: Run the build
- Step 7: View summarized build information
- Step 8: View detailed build information
- Step 9: Get the build output artifact
- Step 10: Delete the S3 buckets
- Wrapping up
Step 1: Create the source code
(Part of: Getting started with AWS CodeBuild using the console)
In this step, you create the source code that you want CodeBuild to build to the output bucket. This source code consists of two Java class files and an Apache Maven Project Object Model (POM) file.
-
In an empty directory on your local computer or instance, create this directory structure.
(root directory name)
`-- src |-- main | `-- java `-- test `-- java -
Using a text editor of your choice, create this file, name it
MessageUtil.java
, and then save it in thesrc/main/java
directory.public class MessageUtil { private String message; public MessageUtil(String message) { this.message = message; } public String printMessage() { System.out.println(message); return message; } public String salutationMessage() { message = "Hi!" + message; System.out.println(message); return message; } }
This class file creates as output the string of characters passed into it. The
MessageUtil
constructor sets the string of characters. TheprintMessage
method creates the output. ThesalutationMessage
method outputsHi!
followed by the string of characters. -
Create this file, name it
TestMessageUtil.java
, and then save it in the/src/test/java
directory.import org.junit.Test; import org.junit.Ignore; import static org.junit.Assert.assertEquals; public class TestMessageUtil { String message = "Robert"; MessageUtil messageUtil = new MessageUtil(message); @Test public void testPrintMessage() { System.out.println("Inside testPrintMessage()"); assertEquals(message,messageUtil.printMessage()); } @Test public void testSalutationMessage() { System.out.println("Inside testSalutationMessage()"); message = "Hi!" + "Robert"; assertEquals(message,messageUtil.salutationMessage()); } }
This class file sets the
message
variable in theMessageUtil
class toRobert
. It then tests to see if themessage
variable was successfully set by checking whether the stringsRobert
andHi!Robert
appear in the output. -
Create this file, name it
pom.xml
, and then save it in the root (top level) directory.<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.example</groupId> <artifactId>messageUtil</artifactId> <version>1.0</version> <packaging>jar</packaging> <name>Message Utility Java Sample App</name> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.8.0</version> </plugin> </plugins> </build> </project>
Apache Maven uses the instructions in this file to convert the
MessageUtil.java
andTestMessageUtil.java
files into a file namedmessageUtil-1.0.jar
and then run the specified tests.
At this point, your directory structure should look like this.
(root directory name)
|-- pom.xml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Step 2: Create the buildspec file
(Previous step: Step 1: Create the source code)
In this step, you create a build specification (build spec) file. A buildspec is a collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build. Without a build spec, CodeBuild cannot successfully convert your build input into build output or locate the build output artifact in the build environment to upload to your output bucket.
Create this file, name it buildspec.yml
, and then save it in the
root (top level) directory.
version: 0.2 phases: install: runtime-versions: java: corretto11 pre_build: commands: - echo Nothing to do in the pre_build phase... build: commands: - echo Build started on `date` - mvn install post_build: commands: - echo Build completed on `date` artifacts: files: - target/messageUtil-1.0.jar
Important
Because a build spec declaration must be valid YAML, the spacing in a build spec declaration is important. If the number of spaces in your build spec declaration does not match this one, the build might fail immediately. You can use a YAML validator to test whether your build spec declaration is valid YAML.
Note
Instead of including a build spec file in your source code, you can declare build commands separately when you create a build project. This is helpful if you want to build your source code with different build commands without updating your source code's repository each time. For more information, see Buildspec syntax.
In this build spec declaration:
-
version
represents the version of the build spec standard being used. This build spec declaration uses the latest version,0.2
. -
phases
represents the build phases during which you can instruct CodeBuild to run commands. These build phases are listed here asinstall
,pre_build
,build
, andpost_build
. You cannot change the spelling of these build phase names, and you cannot create more build phase names.In this example, during the
build
phase, CodeBuild runs themvn install
command. This command instructs Apache Maven to compile, test, and package the compiled Java class files into a build output artifact. For completeness, a fewecho
commands are placed in each build phase in this example. When you view detailed build information later in this tutorial, the output of theseecho
commands can help you better understand how CodeBuild runs commands and in which order. (Although all build phases are included in this example, you are not required to include a build phase if you do not plan to run any commands during that phase.) For each build phase, CodeBuild runs each specified command, one at a time, in the order listed, from beginning to end. -
artifacts
represents the set of build output artifacts that CodeBuild uploads to the output bucket.files
represents the files to include in the build output. CodeBuild uploads the singlemessageUtil-1.0.jar
file found in thetarget
relative directory in the build environment. The file namemessageUtil-1.0.jar
and the directory nametarget
are based on the way Apache Maven creates and stores build output artifacts for this example only. In your own builds, these file names and directories are different.
For more information, see the Buildspec reference.
At this point, your directory structure should look like this.
(root directory name)
|-- pom.xml |-- buildspec.yml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Step 3: Create two S3 buckets
(Previous step: Step 2: Create the buildspec file)
Although you can use a single bucket for this tutorial, two buckets makes it easier to see where the build input is coming from and where the build output is going.
-
One of these buckets (the input bucket) stores the build input. In this tutorial, the name of this input bucket is
codebuild-
, whereregion-ID
-account-ID
-input-bucketregion-ID
is the AWS Region of the bucket andaccount-ID
is your AWS account ID. -
The other bucket (the output bucket) stores the build output. In this tutorial, the name of this output bucket is
codebuild-
.region-ID
-account-ID
-output-bucket
If you chose different names for these buckets, be sure to use them throughout this tutorial.
These two buckets must be in the same AWS Region as your builds. For example, if you instruct CodeBuild to run a build in the US East (Ohio) Region, these buckets must also be in the US East (Ohio) Region.
For more information, see Creating a Bucket in the Amazon Simple Storage Service User Guide.
Note
Although CodeBuild also supports build input stored in CodeCommit, GitHub, and Bitbucket repositories, this tutorial does not show you how to use them. For more information, see Plan a build.
Step 4: Upload the source code and the buildspec file
(Previous step: Step 3: Create two S3 buckets)
In this step, you add the source code and build spec file to the input bucket.
Using your operating system's zip utility, create a file named
MessageUtil.zip
that includes
MessageUtil.java
, TestMessageUtil.java
,
pom.xml
, and buildspec.yml
.
The MessageUtil.zip
file's directory structure must look like
this.
MessageUtil.zip |-- pom.xml |-- buildspec.yml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Important
Do not include the
directory, only the directories and files in the
(root directory name)
directory.(root directory name)
Upload the MessageUtil.zip
file to the input bucket named
codebuild-
. region-ID
-account-ID
-input-bucket
Important
For CodeCommit, GitHub, and Bitbucket repositories, by convention, you must store a
build spec file named buildspec.yml
in the root (top level) of
each repository or include the build spec declaration as part of the build project
definition. Do not create a ZIP file that contains the repository's source code and
build spec file.
For build input stored in S3 buckets only, you must create a ZIP file that
contains the source code and, by convention, a build spec file named
buildspec.yml
at the root (top level) or include the build
spec declaration as part of the build project definition.
If you want to use a different name for your build spec file, or you want to reference a build spec in a location other than the root, you can specify a build spec override as part of the build project definition. For more information, see Buildspec file name and storage location.
Step 5: Create the build project
(Previous step: Step 4: Upload the source code and the buildspec file)
In this step, you create a build project that AWS CodeBuild uses to run the build.
A build project includes information about how to run a build, including where to get the source code, which build environment to use, which build commands to run, and where to store the build output. A build environment represents a combination of operating system, programming language runtime, and tools that CodeBuild uses to run a build. The build environment is expressed as a
Docker image. For more information, see Docker overview
For this build environment, you instruct CodeBuild to use a Docker image that contains a version of the Java Development Kit (JDK) and Apache Maven.
To create the build project
Sign in to the AWS Management Console and open the AWS CodeBuild console at https://console.aws.amazon.com/codesuite/codebuild/home
. -
Use the AWS region selector to choose an AWS Region where CodeBuild is supported. For more information, see AWS CodeBuild endpoints and quotas in the Amazon Web Services General Reference.
If a CodeBuild information page is displayed, choose Create build project. Otherwise, on the navigation pane, expand Build, choose Build projects, and then choose Create build project.
-
On the Create build project page, in Project configuration, for Project name, enter a name for this build project (in this example,
codebuild-demo-project
). Build project names must be unique across each AWS account. If you use a different name, be sure to use it throughout this tutorial.Note
On the Create build project page, you might see an error message similar to the following: You are not authorized to perform this operation.. This is most likely because you signed in to the AWS Management Console as an user who does not have permissions to create a build project.. To fix this, sign out of the AWS Management Console, and then sign back in with credentials belonging to one of the following IAM entities:
-
An administrator user in your AWS account. For more information, see Creating your first AWS account root user and group in the user Guide.
-
An user in your AWS account with the
AWSCodeBuildAdminAccess
,AmazonS3ReadOnlyAccess
, andIAMFullAccess
managed policies attached to that user or to an IAM group that the user belongs to. If you do not have an user or group in your AWS account with these permissions, and you cannot add these permissions to your user or group, contact your AWS account administrator for assistance. For more information, see AWS managed (predefined) policies for AWS CodeBuild.
Both options include administrator permissions that allow you to create a build project so you can complete this tutorial. We recommend that you always use the minimum permissions required to accomplish your task. For more information, see AWS CodeBuild permissions reference.
-
-
In Source, for Source provider, choose Amazon S3.
-
For Bucket, choose codebuild-
region-ID
-account-ID
-input-bucket. -
For S3 object key, enter
MessageUtil.zip
. -
In Environment, for Environment image, leave Managed image selected.
-
For Operating system, choose Amazon Linux.
-
For Runtime(s), choose Standard.
-
For Image, choose aws/codebuild/amazonlinux-x86_64-standard:corretto11.
-
In Service role, leave New service role selected, and leave Role name unchanged.
-
For Buildspec, leave Use a buildspec file selected.
-
In Artifacts, for Type, choose Amazon S3.
-
For Bucket name, choose codebuild-
region-ID
-account-ID
-output-bucket. -
Leave Name and Path blank.
-
Choose Create build project.
Step 6: Run the build
(Previous step: Step 5: Create the build project)
In this step, you instruct AWS CodeBuild to run the build with the settings in the build project.
To run the build
Open the AWS CodeBuild console at https://console.aws.amazon.com/codesuite/codebuild/home
. -
In the navigation pane, choose Build projects.
-
In the list of build projects, choose codebuild-demo-project, and then choose Start build. The build starts immediately.
Step 7: View summarized build information
(Previous step: Step 6: Run the build)
In this step, you view summarized information about the status of your build.
To view summarized build information
-
If the codebuild-demo-project:
<build-ID>
page is not displayed, in the navigation bar, choose Build history. Next, in the list of build projects, for Project, choose the Build run link for codebuild-demo-project. There should be only one matching link. (If you have completed this tutorial before, choose the link with the most recent value in the Completed column.) -
On the Build status page, in Phase details, the following build phases should be displayed, with Succeeded in the Status column:
-
SUBMITTED
-
QUEUED
-
PROVISIONING
-
DOWNLOAD_SOURCE
-
INSTALL
-
PRE_BUILD
-
BUILD
-
POST_BUILD
-
UPLOAD_ARTIFACTS
-
FINALIZING
-
COMPLETED
In Build Status, Succeeded should be displayed.
If you see In Progress instead, choose the refresh button.
-
-
Next to each build phase, the Duration value indicates how long the build phase lasted. The End time value indicates when that build phase ended.
Step 8: View detailed build information
(Previous step: Step 7: View summarized build information)
In this step, you view detailed information about your build in CloudWatch Logs.
Note
To protect sensitive information, the following are hidden in CodeBuild logs:
-
AWS access key IDs. For more information, see Managing Access Keys for IAM Users in the AWS Identity and Access Management User Guide.
-
Strings specified using the Parameter Store. For more information, see Systems Manager Parameter Store and Systems Manager Parameter Store Console Walkthrough in the Amazon EC2 Systems Manager User Guide.
-
Strings specified using AWS Secrets Manager. For more information, see Key management.
To view detailed build information
-
With the build details page still displayed from the previous step, the last 10,000 lines of the build log are displayed in Build logs. To see the entire build log in CloudWatch Logs, choose the View entire log link.
-
In the CloudWatch Logs log stream, you can browse the log events. By default, only the last set of log events is displayed. To see earlier log events, scroll to the beginning of the list.
-
In this tutorial, most of the log events contain verbose information about CodeBuild downloading and installing build dependency files into its build environment, which you probably don't care about. You can use the Filter events box to reduce the information displayed. For example, if you enter
"[INFO]"
in Filter events, only those events that contain[INFO]
are displayed. For more information, see Filter and pattern syntax in the Amazon CloudWatch User Guide.
Step 9: Get the build output artifact
(Previous step: Step 8: View detailed build information)
In this step, you get the messageUtil-1.0.jar
file that CodeBuild built and uploaded to the output bucket.
You can use the CodeBuild console or the Amazon S3 console to complete this step.
To get the build output artifact (AWS CodeBuild console)
-
With the CodeBuild console still open and the build details page still displayed from the previous step, choose the Build details tab and scroll down to the Artifacts section.
Note
If the build details page is not displayed, in the navigation bar, choose Build history, and then choose the Build run link.
-
The link to the Amazon S3 folder is under the Artifacts upload location. This link opens the folder in Amazon S3 where you find the
messageUtil-1.0.jar
build output artifact file.
To get the build output artifact (Amazon S3 console)
Open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
Open
codebuild-
.region-ID
-account-ID
-output-bucket -
Open the
codebuild-demo-project
folder. -
Open the
target
folder, where you find themessageUtil-1.0.jar
build output artifact file.
Step 10: Delete the S3 buckets
(Previous step: Step 9: Get the build output artifact)
To prevent ongoing charges to your AWS account, you can delete the input and output buckets used in this tutorial. For instructions, see Deleting or Emptying a Bucket in the Amazon Simple Storage Service User Guide.
If you are using the IAM user or an administrator IAM user to delete these buckets, the
user must have more access permissions. Add the following statement between the markers
(### BEGIN ADDING STATEMENT HERE ###
and ### END
ADDING STATEMENTS HERE ###
) to an existing access policy for the user.
The ellipses (...) in this statement are used for brevity. Do not remove any statements in the existing access policy. Do not enter these ellipses into the policy.
{ "Version": "2012-10-17", "Id": "...", "Statement": [
### BEGIN ADDING STATEMENT HERE ###
{ "Effect": "Allow", "Action": [ "s3:DeleteBucket", "s3:DeleteObject" ], "Resource": "*" }### END ADDING STATEMENT HERE ###
] }
Wrapping up
In this tutorial, you used AWS CodeBuild to build a set of Java class files into a JAR file. You then viewed the build's results.
You can now try using CodeBuild in your own scenarios. Follow the instructions in Plan a build. If you don't feel ready yet, you might want to try building some of the samples. For more information, see Use case-based samples for CodeBuild.
Getting started with AWS CodeBuild using the AWS CLI
In this tutorial, you use AWS CodeBuild to build a collection of sample source code input files (called build input artifacts or build input) into a deployable version of the source code (called build output artifact or build output). Specifically, you instruct CodeBuild to use Apache Maven, a common build tool, to build a set of Java class files into a Java Archive (JAR) file. You do not need to be familiar with Apache Maven or Java to complete this tutorial.
You can work with CodeBuild through the CodeBuild console, AWS CodePipeline, the AWS CLI, or the AWS SDKs. This tutorial demonstrates how to use CodeBuild with the AWS CLI. For information about using CodePipeline, see Use CodeBuild with CodePipeline.
Important
The steps in this tutorial require you to create resources (for example, an S3 bucket)
that might result in charges to your AWS account. These include possible charges for
CodeBuild and for AWS resources and actions related to Amazon S3, AWS KMS, and CloudWatch Logs. For more
information, see CodeBuild
pricing
Topics
- Step 1: Create the source code
- Step 2: Create the buildspec file
- Step 3: Create two S3 buckets
- Step 4: Upload the source code and the buildspec file
- Step 5: Create the build project
- Step 6: Run the build
- Step 7: View summarized build information
- Step 8: View detailed build information
- Step 9: Get the build output artifact
- Step 10: Delete the S3 buckets
- Wrapping up
Step 1: Create the source code
(Part of: Getting started with AWS CodeBuild using the AWS CLI)
In this step, you create the source code that you want CodeBuild to build to the output bucket. This source code consists of two Java class files and an Apache Maven Project Object Model (POM) file.
-
In an empty directory on your local computer or instance, create this directory structure.
(root directory name)
`-- src |-- main | `-- java `-- test `-- java -
Using a text editor of your choice, create this file, name it
MessageUtil.java
, and then save it in thesrc/main/java
directory.public class MessageUtil { private String message; public MessageUtil(String message) { this.message = message; } public String printMessage() { System.out.println(message); return message; } public String salutationMessage() { message = "Hi!" + message; System.out.println(message); return message; } }
This class file creates as output the string of characters passed into it. The
MessageUtil
constructor sets the string of characters. TheprintMessage
method creates the output. ThesalutationMessage
method outputsHi!
followed by the string of characters. -
Create this file, name it
TestMessageUtil.java
, and then save it in the/src/test/java
directory.import org.junit.Test; import org.junit.Ignore; import static org.junit.Assert.assertEquals; public class TestMessageUtil { String message = "Robert"; MessageUtil messageUtil = new MessageUtil(message); @Test public void testPrintMessage() { System.out.println("Inside testPrintMessage()"); assertEquals(message,messageUtil.printMessage()); } @Test public void testSalutationMessage() { System.out.println("Inside testSalutationMessage()"); message = "Hi!" + "Robert"; assertEquals(message,messageUtil.salutationMessage()); } }
This class file sets the
message
variable in theMessageUtil
class toRobert
. It then tests to see if themessage
variable was successfully set by checking whether the stringsRobert
andHi!Robert
appear in the output. -
Create this file, name it
pom.xml
, and then save it in the root (top level) directory.<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.example</groupId> <artifactId>messageUtil</artifactId> <version>1.0</version> <packaging>jar</packaging> <name>Message Utility Java Sample App</name> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.8.0</version> </plugin> </plugins> </build> </project>
Apache Maven uses the instructions in this file to convert the
MessageUtil.java
andTestMessageUtil.java
files into a file namedmessageUtil-1.0.jar
and then run the specified tests.
At this point, your directory structure should look like this.
(root directory name)
|-- pom.xml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Step 2: Create the buildspec file
(Previous step: Step 1: Create the source code)
In this step, you create a build specification (build spec) file. A buildspec is a collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build. Without a build spec, CodeBuild cannot successfully convert your build input into build output or locate the build output artifact in the build environment to upload to your output bucket.
Create this file, name it buildspec.yml
, and then save it in the
root (top level) directory.
version: 0.2 phases: install: runtime-versions: java: corretto11 pre_build: commands: - echo Nothing to do in the pre_build phase... build: commands: - echo Build started on `date` - mvn install post_build: commands: - echo Build completed on `date` artifacts: files: - target/messageUtil-1.0.jar
Important
Because a build spec declaration must be valid YAML, the spacing in a build spec declaration is important. If the number of spaces in your build spec declaration does not match this one, the build might fail immediately. You can use a YAML validator to test whether your build spec declaration is valid YAML.
Note
Instead of including a build spec file in your source code, you can declare build commands separately when you create a build project. This is helpful if you want to build your source code with different build commands without updating your source code's repository each time. For more information, see Buildspec syntax.
In this build spec declaration:
-
version
represents the version of the build spec standard being used. This build spec declaration uses the latest version,0.2
. -
phases
represents the build phases during which you can instruct CodeBuild to run commands. These build phases are listed here asinstall
,pre_build
,build
, andpost_build
. You cannot change the spelling of these build phase names, and you cannot create more build phase names.In this example, during the
build
phase, CodeBuild runs themvn install
command. This command instructs Apache Maven to compile, test, and package the compiled Java class files into a build output artifact. For completeness, a fewecho
commands are placed in each build phase in this example. When you view detailed build information later in this tutorial, the output of theseecho
commands can help you better understand how CodeBuild runs commands and in which order. (Although all build phases are included in this example, you are not required to include a build phase if you do not plan to run any commands during that phase.) For each build phase, CodeBuild runs each specified command, one at a time, in the order listed, from beginning to end. -
artifacts
represents the set of build output artifacts that CodeBuild uploads to the output bucket.files
represents the files to include in the build output. CodeBuild uploads the singlemessageUtil-1.0.jar
file found in thetarget
relative directory in the build environment. The file namemessageUtil-1.0.jar
and the directory nametarget
are based on the way Apache Maven creates and stores build output artifacts for this example only. In your own builds, these file names and directories are different.
For more information, see the Buildspec reference.
At this point, your directory structure should look like this.
(root directory name)
|-- pom.xml |-- buildspec.yml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Step 3: Create two S3 buckets
(Previous step: Step 2: Create the buildspec file)
Although you can use a single bucket for this tutorial, two buckets makes it easier to see where the build input is coming from and where the build output is going.
-
One of these buckets (the input bucket) stores the build input. In this tutorial, the name of this input bucket is
codebuild-
, whereregion-ID
-account-ID
-input-bucketregion-ID
is the AWS Region of the bucket andaccount-ID
is your AWS account ID. -
The other bucket (the output bucket) stores the build output. In this tutorial, the name of this output bucket is
codebuild-
.region-ID
-account-ID
-output-bucket
If you chose different names for these buckets, be sure to use them throughout this tutorial.
These two buckets must be in the same AWS Region as your builds. For example, if you instruct CodeBuild to run a build in the US East (Ohio) Region, these buckets must also be in the US East (Ohio) Region.
For more information, see Creating a Bucket in the Amazon Simple Storage Service User Guide.
Note
Although CodeBuild also supports build input stored in CodeCommit, GitHub, and Bitbucket repositories, this tutorial does not show you how to use them. For more information, see Plan a build.
Step 4: Upload the source code and the buildspec file
(Previous step: Step 3: Create two S3 buckets)
In this step, you add the source code and build spec file to the input bucket.
Using your operating system's zip utility, create a file named
MessageUtil.zip
that includes
MessageUtil.java
, TestMessageUtil.java
,
pom.xml
, and buildspec.yml
.
The MessageUtil.zip
file's directory structure must look like
this.
MessageUtil.zip |-- pom.xml |-- buildspec.yml `-- src |-- main | `-- java | `-- MessageUtil.java `-- test `-- java `-- TestMessageUtil.java
Important
Do not include the
directory, only the directories and files in the
(root directory name)
directory.(root directory name)
Upload the MessageUtil.zip
file to the input bucket named
codebuild-
. region-ID
-account-ID
-input-bucket
Important
For CodeCommit, GitHub, and Bitbucket repositories, by convention, you must store a
build spec file named buildspec.yml
in the root (top level) of
each repository or include the build spec declaration as part of the build project
definition. Do not create a ZIP file that contains the repository's source code and
build spec file.
For build input stored in S3 buckets only, you must create a ZIP file that
contains the source code and, by convention, a build spec file named
buildspec.yml
at the root (top level) or include the build
spec declaration as part of the build project definition.
If you want to use a different name for your build spec file, or you want to reference a build spec in a location other than the root, you can specify a build spec override as part of the build project definition. For more information, see Buildspec file name and storage location.
Step 5: Create the build project
(Previous step: Step 4: Upload the source code and the buildspec file)
In this step, you create a build project that AWS CodeBuild uses to run the build.
A build project includes information about how to run a build, including where to get the source code, which build environment to use, which build commands to run, and where to store the build output. A build environment represents a combination of operating system, programming language runtime, and tools that CodeBuild uses to run a build. The build environment is expressed as a
Docker image. For more information, see Docker overview
For this build environment, you instruct CodeBuild to use a Docker image that contains a version of the Java Development Kit (JDK) and Apache Maven.
To create the build project
-
Use the AWS CLI to run the create-project command:
aws codebuild create-project --generate-cli-skeleton
JSON-formatted data appears in the output. Copy the data to a file named
create-project.json
in a location on the local computer or instance where the AWS CLI is installed. If you choose to use a different file name, be sure to use it throughout this tutorial.Modify the copied data to follow this format, and then save your results:
{ "name": "codebuild-demo-project", "source": { "type": "S3", "location": "codebuild-
region-ID
-account-ID
-input-bucket/MessageUtil.zip" }, "artifacts": { "type": "S3", "location": "codebuild-region-ID
-account-ID
-output-bucket" }, "environment": { "type": "LINUX_CONTAINER", "image": "aws/codebuild/standard:5.0", "computeType": "BUILD_GENERAL1_SMALL" }, "serviceRole": "serviceIAMRole
" }Replace
serviceIAMRole
with the Amazon Resource Name (ARN) of a CodeBuild service role (for example,arn:aws:iam::
). To create one, see Allow CodeBuild to interact with other AWS services.account-ID
:role/role-name
In this data:
-
name
represents a required identifier for this build project (in this example,codebuild-demo-project
). Build project names must be unique across all build projects in your account. -
For
source
,type
is a required value that represents the source code's repository type (in this example,S3
for an Amazon S3 bucket). -
For
source
,location
represents the path to the source code (in this example, the input bucket name followed by the ZIP file name). -
For
artifacts
,type
is a required value that represents the build output artifact's repository type (in this example,S3
for an Amazon S3 bucket). -
For
artifacts
,location
represents the name of the output bucket you created or identified earlier (in this example,codebuild-
).region-ID
-account-ID
-output-bucket -
For
environment
,type
is a required value that represents the type of build environment (in this example,LINUX_CONTAINER
). -
For
environment
,image
is a required value that represents the Docker image name and tag combination this build project uses, as specified by the Docker image repository type (in this example,aws/codebuild/standard:5.0
for a Docker image in the CodeBuild Docker images repository).aws/codebuild/standard
is the name of the Docker image.5.0
is the tag of the Docker image.To find more Docker images you can use in your scenarios, see the Build environment reference.
-
For
environment
,computeType
is a required value that represents the computing resources CodeBuild uses (in this example,BUILD_GENERAL1_SMALL
).
Note
Other available values in the original JSON-formatted data, such as
description
,buildspec
,auth
(includingtype
andresource
),path
,namespaceType
,name
(forartifacts
),packaging
,environmentVariables
(includingname
andvalue
),timeoutInMinutes
,encryptionKey
, andtags
(includingkey
andvalue
) are optional. They are not used in this tutorial, so they are not shown here. For more information, see Create a build project (AWS CLI). -
-
Switch to the directory that contains the file you just saved, and then run the create-project command again.
aws codebuild create-project --cli-input-json file://create-project.json
If successful, data similar to this appears in the output.
{ "project": { "name": "codebuild-demo-project", "serviceRole": "
serviceIAMRole
", "tags": [], "artifacts": { "packaging": "NONE", "type": "S3", "location": "codebuild-region-ID
-account-ID
-output-bucket", "name": "message-util.zip" }, "lastModified": 1472661575.244, "timeoutInMinutes": 60, "created": 1472661575.244, "environment": { "computeType": "BUILD_GENERAL1_SMALL", "image": "aws/codebuild/standard:5.0", "type": "LINUX_CONTAINER", "environmentVariables": [] }, "source": { "type": "S3", "location": "codebuild-region-ID
-account-ID
-input-bucket/MessageUtil.zip" }, "encryptionKey": "arn:aws:kms:region-ID
:account-ID
:alias/aws/s3", "arn": "arn:aws:codebuild:region-ID
:account-ID
:project/codebuild-demo-project" } }-
project
represents information about this build project.-
tags
represents any tags that were declared. -
packaging
represents how the build output artifact is stored in the output bucket.NONE
means that a folder is created in the output bucket. The build output artifact is stored in that folder. -
lastModified
represents the time, in Unix time format, when information about the build project was last changed. -
timeoutInMinutes
represents the number of minutes after which CodeBuild stops the build if the build has not been completed. (The default is 60 minutes.) -
created
represents the time, in Unix time format, when the build project was created. -
environmentVariables
represents any environment variables that were declared and are available for CodeBuild to use during the build. -
encryptionKey
represents the ARN of the customer managed key that CodeBuild used to encrypt the build output artifact. -
arn
represents the ARN of the build project.
-
-
Note
After you run the create-project command, an error
message similar to the following might be output: User:
user-ARN
is not authorized to perform:
codebuild:CreateProject. This is most likely because you
configured the AWS CLI with the credentials of an user who does not have sufficient
permissions to use CodeBuild to create build projects. To fix this, configure the AWS CLI
with credentials belonging to one of the following IAM entities:
-
An administrator user in your AWS account. For more information, see Creating your first AWS account root user and group in the user Guide.
-
An user in your AWS account with the
AWSCodeBuildAdminAccess
,AmazonS3ReadOnlyAccess
, andIAMFullAccess
managed policies attached to that user or to an IAM group that the user belongs to. If you do not have an user or group in your AWS account with these permissions, and you cannot add these permissions to your user or group, contact your AWS account administrator for assistance. For more information, see AWS managed (predefined) policies for AWS CodeBuild.
Step 6: Run the build
(Previous step: Step 5: Create the build project)
In this step, you instruct AWS CodeBuild to run the build with the settings in the build project.
To run the build
-
Use the AWS CLI to run the start-build command:
aws codebuild start-build --project-name
project-name
Replace
project-name
with your build project name from the previous step (for example,codebuild-demo-project
). -
If successful, data similar to the following appears in the output:
{ "build": { "buildComplete": false, "initiator": "
user-name
", "artifacts": { "location": "arn:aws:s3:::codebuild-region-ID
-account-ID
-output-bucket/message-util.zip" }, "projectName": "codebuild-demo-project", "timeoutInMinutes": 60, "buildStatus": "IN_PROGRESS", "environment": { "computeType": "BUILD_GENERAL1_SMALL", "image": "aws/codebuild/standard:5.0", "type": "LINUX_CONTAINER", "environmentVariables": [] }, "source": { "type": "S3", "location": "codebuild-region-ID
-account-ID
-input-bucket/MessageUtil.zip" }, "currentPhase": "SUBMITTED", "startTime": 1472848787.882, "id": "codebuild-demo-project:0cfbb6ec-3db9-4e8c-992b-1ab28EXAMPLE", "arn": "arn:aws:codebuild:region-ID
:account-ID
:build/codebuild-demo-project:0cfbb6ec-3db9-4e8c-992b-1ab28EXAMPLE" } }-
build
represents information about this build.-
buildComplete
represents whether the build was completed (true
). Otherwise,false
. -
initiator
represents the entity that started the build. -
artifacts
represents information about the build output, including its location. -
projectName
represents the name of the build project. -
buildStatus
represents the current build status when the start-build command was run. -
currentPhase
represents the current build phase when the start-build command was run. -
startTime
represents the time, in Unix time format, when the build process started. -
id
represents the ID of the build. -
arn
represents the ARN of the build.
-
Make a note of the
id
value. You need it in the next step. -
Step 7: View summarized build information
(Previous step: Step 6: Run the build)
In this step, you view summarized information about the status of your build.
To view summarized build information
-
Use the AWS CLI to run the batch-get-builds command.
aws codebuild batch-get-builds --ids
id
Replace
id
with theid
value that appeared in the output of the previous step.If successful, data similar to this appears in the output.
{ "buildsNotFound": [], "builds": [ { "buildComplete": true, "phases": [ { "phaseStatus": "SUCCEEDED", "endTime": 1472848788.525, "phaseType": "SUBMITTED", "durationInSeconds": 0, "startTime": 1472848787.882 },
... The full list of build phases has been omitted for brevity ...
{ "phaseType": "COMPLETED", "startTime": 1472848878.079 } ], "logs": { "groupName": "/aws/codebuild/codebuild-demo-project", "deepLink": "https://console.aws.amazon.com/cloudwatch/home?region=region-ID
#logEvent:group=/aws/codebuild/codebuild-demo-project;stream=38ca1c4a-e9ca-4dbc-bef1-d52bfEXAMPLE", "streamName": "38ca1c4a-e9ca-4dbc-bef1-d52bfEXAMPLE" }, "artifacts": { "md5sum": "MD5-hash
", "location": "arn:aws:s3:::codebuild-region-ID
-account-ID
-output-bucket/message-util.zip", "sha256sum": "SHA-256-hash
" }, "projectName": "codebuild-demo-project", "timeoutInMinutes": 60, "initiator": "user-name
", "buildStatus": "SUCCEEDED", "environment": { "computeType": "BUILD_GENERAL1_SMALL", "image": "aws/codebuild/standard:5.0", "type": "LINUX_CONTAINER", "environmentVariables": [] }, "source": { "type": "S3", "location": "codebuild-region-ID
-account-ID
-input-bucket/MessageUtil.zip" }, "currentPhase": "COMPLETED", "startTime": 1472848787.882, "endTime": 1472848878.079, "id": "codebuild-demo-project:38ca1c4a-e9ca-4dbc-bef1-d52bfEXAMPLE", "arn": "arn:aws:codebuild:region-ID
:account-ID
:build/codebuild-demo-project:38ca1c4a-e9ca-4dbc-bef1-d52bfEXAMPLE" } ] }-
buildsNotFound
represents the build IDs for any builds where information is not available. In this example, it should be empty. -
builds
represents information about each build where information is available. In this example, information about only one build appears in the output.-
phases
represents the set of build phases CodeBuild runs during the build process. Information about each build phase is listed separately asstartTime
,endTime
, anddurationInSeconds
(when the build phase started and ended, expressed in Unix time format, and how long it lasted, in seconds), andphaseType
such as (SUBMITTED
,PROVISIONING
,DOWNLOAD_SOURCE
,INSTALL
,PRE_BUILD
,BUILD
,POST_BUILD
,UPLOAD_ARTIFACTS
,FINALIZING
, orCOMPLETED
) andphaseStatus
(such asSUCCEEDED
,FAILED
,FAULT
,TIMED_OUT
,IN_PROGRESS
, orSTOPPED
). The first time you run the batch-get-builds command, there might not be many (or any) phases. After subsequent runs of the batch-get-builds command with the same build ID, more build phases should appear in the output. -
logs
represents information in Amazon CloudWatch Logs about the build's logs. -
md5sum
andsha256sum
represent MD5 and SHA-256 hashes of the build's output artifact. These appear in the output only if the build project'spackaging
value is set toZIP
. (You did not set this value in this tutorial.) You can use these hashes along with a checksum tool to confirm file integrity and authenticity.Note
You can also use the Amazon S3 console to view these hashes. Select the box next to the build output artifact, choose Actions, and then choose Properties. In the Properties pane, expand Metadata, and view the values for x-amz-meta-codebuild-content-md5 and x-amz-meta-codebuild-content-sha256. (In the Amazon S3 console, the build output artifact's ETag value should not be interpreted to be either the MD5 or SHA-256 hash.)
If you use the AWS SDKs to get these hashes, the values are named
codebuild-content-md5
andcodebuild-content-sha256
. -
endTime
represents the time, in Unix time format, when the build process ended.
-
Note
Amazon S3 metadata has a CodeBuild header named
x-amz-meta-codebuild-buildarn
which contains thebuildArn
of the CodeBuild build that publishes artifacts to Amazon S3. ThebuildArn
is added to allow source tracking for notifications and to reference which build the artifact is generated from. -
Step 8: View detailed build information
(Previous step: Step 7: View summarized build information)
In this step, you view detailed information about your build in CloudWatch Logs.
Note
To protect sensitive information, the following are hidden in CodeBuild logs:
-
AWS access key IDs. For more information, see Managing Access Keys for IAM Users in the AWS Identity and Access Management User Guide.
-
Strings specified using the Parameter Store. For more information, see Systems Manager Parameter Store and Systems Manager Parameter Store Console Walkthrough in the Amazon EC2 Systems Manager User Guide.
-
Strings specified using AWS Secrets Manager. For more information, see Key management.
To view detailed build information
-
Use your web browser to go to the
deepLink
location that appeared in the output in the previous step (for example,https://console.aws.amazon.com/cloudwatch/home?region=
).region-ID
#logEvent:group=/aws/codebuild/codebuild-demo-project;stream=38ca1c4a-e9ca-4dbc-bef1-d52bfEXAMPLE -
In the CloudWatch Logs log stream, you can browse the log events. By default, only the last set of log events is displayed. To see earlier log events, scroll to the beginning of the list.
-
In this tutorial, most of the log events contain verbose information about CodeBuild downloading and installing build dependency files into its build environment, which you probably don't care about. You can use the Filter events box to reduce the information displayed. For example, if you enter
"[INFO]"
in Filter events, only those events that contain[INFO]
are displayed. For more information, see Filter and pattern syntax in the Amazon CloudWatch User Guide.
These portions of a CloudWatch Logs log stream pertain to this tutorial.
... [Container] 2016/04/15 17:49:42 Entering phase PRE_BUILD [Container] 2016/04/15 17:49:42 Running command echo Entering pre_build phase... [Container] 2016/04/15 17:49:42 Entering pre_build phase... [Container] 2016/04/15 17:49:42 Phase complete: PRE_BUILD Success: true [Container] 2016/04/15 17:49:42 Entering phase BUILD [Container] 2016/04/15 17:49:42 Running command echo Entering build phase... [Container] 2016/04/15 17:49:42 Entering build phase... [Container] 2016/04/15 17:49:42 Running command mvn install [Container] 2016/04/15 17:49:44 [INFO] Scanning for projects... [Container] 2016/04/15 17:49:44 [INFO] [Container] 2016/04/15 17:49:44 [INFO] ------------------------------------------------------------------------ [Container] 2016/04/15 17:49:44 [INFO] Building Message Utility Java Sample App 1.0 [Container] 2016/04/15 17:49:44 [INFO] ------------------------------------------------------------------------ ... [Container] 2016/04/15 17:49:55 ------------------------------------------------------- [Container] 2016/04/15 17:49:55 T E S T S [Container] 2016/04/15 17:49:55 ------------------------------------------------------- [Container] 2016/04/15 17:49:55 Running TestMessageUtil [Container] 2016/04/15 17:49:55 Inside testSalutationMessage() [Container] 2016/04/15 17:49:55 Hi!Robert [Container] 2016/04/15 17:49:55 Inside testPrintMessage() [Container] 2016/04/15 17:49:55 Robert [Container] 2016/04/15 17:49:55 Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.018 sec [Container] 2016/04/15 17:49:55 [Container] 2016/04/15 17:49:55 Results : [Container] 2016/04/15 17:49:55 [Container] 2016/04/15 17:49:55 Tests run: 2, Failures: 0, Errors: 0, Skipped: 0 ... [Container] 2016/04/15 17:49:56 [INFO] ------------------------------------------------------------------------ [Container] 2016/04/15 17:49:56 [INFO] BUILD SUCCESS [Container] 2016/04/15 17:49:56 [INFO] ------------------------------------------------------------------------ [Container] 2016/04/15 17:49:56 [INFO] Total time: 11.845 s [Container] 2016/04/15 17:49:56 [INFO] Finished at: 2016-04-15T17:49:56+00:00 [Container] 2016/04/15 17:49:56 [INFO] Final Memory: 18M/216M [Container] 2016/04/15 17:49:56 [INFO] ------------------------------------------------------------------------ [Container] 2016/04/15 17:49:56 Phase complete: BUILD Success: true [Container] 2016/04/15 17:49:56 Entering phase POST_BUILD [Container] 2016/04/15 17:49:56 Running command echo Entering post_build phase... [Container] 2016/04/15 17:49:56 Entering post_build phase... [Container] 2016/04/15 17:49:56 Phase complete: POST_BUILD Success: true [Container] 2016/04/15 17:49:57 Preparing to copy artifacts [Container] 2016/04/15 17:49:57 Assembling file list [Container] 2016/04/15 17:49:57 Expanding target/messageUtil-1.0.jar [Container] 2016/04/15 17:49:57 Found target/messageUtil-1.0.jar [Container] 2016/04/15 17:49:57 Creating zip artifact
In this example, CodeBuild successfully completed the pre-build, build, and post-build
build phases. It ran the unit tests and successfully built the
messageUtil-1.0.jar
file.
Step 9: Get the build output artifact
(Previous step: Step 8: View detailed build information)
In this step, you get the messageUtil-1.0.jar
file that CodeBuild built and uploaded to the output bucket.
You can use the CodeBuild console or the Amazon S3 console to complete this step.
To get the build output artifact (AWS CodeBuild console)
-
With the CodeBuild console still open and the build details page still displayed from the previous step, choose the Build details tab and scroll down to the Artifacts section.
Note
If the build details page is not displayed, in the navigation bar, choose Build history, and then choose the Build run link.
-
The link to the Amazon S3 folder is under the Artifacts upload location. This link opens the folder in Amazon S3 where you find the
messageUtil-1.0.jar
build output artifact file.
To get the build output artifact (Amazon S3 console)
Open the Amazon S3 console at https://console.aws.amazon.com/s3/
. -
Open
codebuild-
.region-ID
-account-ID
-output-bucket -
Open the
codebuild-demo-project
folder. -
Open the
target
folder, where you find themessageUtil-1.0.jar
build output artifact file.
Step 10: Delete the S3 buckets
(Previous step: Step 9: Get the build output artifact)
To prevent ongoing charges to your AWS account, you can delete the input and output buckets used in this tutorial. For instructions, see Deleting or Emptying a Bucket in the Amazon Simple Storage Service User Guide.
If you are using the IAM user or an administrator IAM user to delete these buckets, the
user must have more access permissions. Add the following statement between the markers
(### BEGIN ADDING STATEMENT HERE ###
and ### END
ADDING STATEMENTS HERE ###
) to an existing access policy for the user.
The ellipses (...) in this statement are used for brevity. Do not remove any statements in the existing access policy. Do not enter these ellipses into the policy.
{ "Version": "2012-10-17", "Id": "...", "Statement": [
### BEGIN ADDING STATEMENT HERE ###
{ "Effect": "Allow", "Action": [ "s3:DeleteBucket", "s3:DeleteObject" ], "Resource": "*" }### END ADDING STATEMENT HERE ###
] }
Wrapping up
In this tutorial, you used AWS CodeBuild to build a set of Java class files into a JAR file. You then viewed the build's results.
You can now try using CodeBuild in your own scenarios. Follow the instructions in Plan a build. If you don't feel ready yet, you might want to try building some of the samples. For more information, see Use case-based samples for CodeBuild.