AWS::CodeBuild::Project - AWS CloudFormation

AWS::CodeBuild::Project

The AWS::CodeBuild::Project resource configures how AWS CodeBuild builds your source code. For example, it tells CodeBuild where to get the source code and which build environment to use.

Note

To unset or remove a project value via CFN, explicitly provide the attribute with value as empty input.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::CodeBuild::Project", "Properties" : { "Artifacts" : Artifacts, "BadgeEnabled" : Boolean, "BuildBatchConfig" : ProjectBuildBatchConfig, "Cache" : ProjectCache, "ConcurrentBuildLimit" : Integer, "Description" : String, "EncryptionKey" : String, "Environment" : Environment, "FileSystemLocations" : [ ProjectFileSystemLocation, ... ], "LogsConfig" : LogsConfig, "Name" : String, "QueuedTimeoutInMinutes" : Integer, "ResourceAccessRole" : String, "SecondaryArtifacts" : [ Artifacts, ... ], "SecondarySources" : [ Source, ... ], "SecondarySourceVersions" : [ ProjectSourceVersion, ... ], "ServiceRole" : String, "Source" : Source, "SourceVersion" : String, "Tags" : [ Tag, ... ], "TimeoutInMinutes" : Integer, "Triggers" : ProjectTriggers, "Visibility" : String, "VpcConfig" : VpcConfig } }

Properties

Artifacts

Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.

Required: Yes

Type: Artifacts

Update requires: No interruption

BadgeEnabled

Indicates whether AWS CodeBuild generates a publicly accessible URL for your project's build badge. For more information, see Build Badges Sample in the AWS CodeBuild User Guide.

Note

Including build badges with your project is currently not supported if the source type is CodePipeline. If you specify CODEPIPELINE for the Source property, do not specify the BadgeEnabled property.

Required: No

Type: Boolean

Update requires: No interruption

BuildBatchConfig

A ProjectBuildBatchConfig object that defines the batch build options for the project.

Required: No

Type: ProjectBuildBatchConfig

Update requires: No interruption

Cache

Settings that AWS CodeBuild uses to store and reuse build dependencies.

Required: No

Type: ProjectCache

Update requires: No interruption

ConcurrentBuildLimit

The maximum number of concurrent builds that are allowed for this project.

New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.

Required: No

Type: Integer

Update requires: No interruption

Description

A description that makes the build project easy to identify.

Required: No

Type: String

Minimum: 0

Maximum: 255

Update requires: No interruption

EncryptionKey

The AWS Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.

Note

You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.

You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name>). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).

Required: No

Type: String

Minimum: 1

Update requires: No interruption

Environment

The build environment settings for the project, such as the environment type or the environment variables to use for the build environment.

Required: Yes

Type: Environment

Update requires: No interruption

FileSystemLocations

An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.

Required: No

Type: Array of ProjectFileSystemLocation

Update requires: No interruption

LogsConfig

Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.

Required: No

Type: LogsConfig

Update requires: No interruption

Name

The name of the build project. The name must be unique across all of the projects in your AWS account.

Required: No

Type: String

Pattern: [A-Za-z0-9][A-Za-z0-9\-_]{1,149}

Minimum: 2

Maximum: 150

Update requires: Replacement

QueuedTimeoutInMinutes

The number of minutes a build is allowed to be queued before it times out.

Required: No

Type: Integer

Minimum: 5

Maximum: 480

Update requires: No interruption

ResourceAccessRole

The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.

Required: No

Type: String

Minimum: 1

Update requires: No interruption

SecondaryArtifacts

A list of Artifacts objects. Each artifacts object specifies output settings that the project generates during a build.

Required: No

Type: Array of Artifacts

Minimum: 0

Maximum: 12

Update requires: No interruption

SecondarySources

An array of ProjectSource objects.

Required: No

Type: Array of Source

Minimum: 0

Maximum: 12

Update requires: No interruption

SecondarySourceVersions

An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).

Required: No

Type: Array of ProjectSourceVersion

Minimum: 0

Maximum: 12

Update requires: No interruption

ServiceRole

The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

Source

The source code settings for the project, such as the source code's repository type and location.

Required: Yes

Type: Source

Update requires: No interruption

SourceVersion

A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:

  • For CodeCommit: the commit ID, branch, or Git tag to use.

  • For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.

  • For GitLab: the commit ID, branch, or Git tag to use.

  • For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.

  • For Amazon S3: the version ID of the object that represents the build input ZIP file to use.

If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).

For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.

Required: No

Type: String

Update requires: No interruption

Tags

An arbitrary set of tags (key-value pairs) for the AWS CodeBuild project.

These tags are available for use by AWS services that support AWS CodeBuild build project tags.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 50

Update requires: No interruption

TimeoutInMinutes

How long, in minutes, from 5 to 2160 (36 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.

Required: No

Type: Integer

Minimum: 5

Maximum: 2160

Update requires: No interruption

Triggers

For an existing AWS CodeBuild build project that has its source code stored in a GitHub repository, enables AWS CodeBuild to begin automatically rebuilding the source code every time a code change is pushed to the repository.

Required: No

Type: ProjectTriggers

Update requires: No interruption

Visibility

Specifies the visibility of the project's builds. Possible values are:

PUBLIC_READ

The project builds are visible to the public.

PRIVATE

The project builds are not visible to the public.

Required: No

Type: String

Update requires: No interruption

VpcConfig

VpcConfig specifies settings that enable AWS CodeBuild to access resources in an Amazon VPC. For more information, see Use AWS CodeBuild with Amazon Virtual Private Cloud in the AWS CodeBuild User Guide.

Required: No

Type: VpcConfig

Update requires: No interruption

Return values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the name of the AWS CodeBuild project, such as myProjectName.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using Fn::GetAtt, see Fn::GetAtt.

Arn

The ARN of the AWS CodeBuild project, such as arn:aws:codebuild:us-west-2:123456789012:project/myProjectName.

Examples

Create a project

The following example creates an AWS CodeBuild project.

JSON

{ "Project": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] }, "Artifacts": { "Type": "no_artifacts" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/java:openjdk-8", "EnvironmentVariables": [ { "Name": "varName", "Type": "varType", "Value": "varValue" } ] }, "Source": { "Location": "codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c", "Type": "S3" }, "TimeoutInMinutes": 10, "Tags": [ { "Key": "Key1", "Value": "Value1" }, { "Key": "Key2", "Value": "Value2" } ] } } }

YAML

Project: Type: AWS::CodeBuild::Project Properties: Name: myProjectName Description: A description about my project ServiceRole: !GetAtt ServiceRole.Arn Artifacts: Type: no_artifacts Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/java:openjdk-8 EnvironmentVariables: - Name: varName Type: varType Value: varValue Source: Location: codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c Type: S3 TimeoutInMinutes: 10 Tags: - Key: Key1 Value: Value1 - Key: Key2 Value: Value2

Create a project with two filter groups.

The following example creates a project with two filter groups. Together, they trigger a build when one or both evaluate to true:

  • The first filter group specifies pull requests are created or updated on branches with Git reference names that match the regular expression ^refs/heads/master$ by a GitHub user that does not have account ID 12345.

  • The second filter group specifies push requests are created on files with names that match the regular expression READ_ME in branches with Git reference names that match the regular expression ^refs/heads/.*.

For this example, the name of the service role is my-example-service-role. The name of the source location is my-example-source-location.

YAML

CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: MyProject ServiceRole: my-example-service-role Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:1.0 Source: Type: GITHUB Location: my-example-source-location Triggers: Webhook: true FilterGroups: - - Type: EVENT Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED - Type: BASE_REF Pattern: ^refs/heads/master$ ExcludeMatchedPattern: false - Type: ACTOR_ACCOUNT_ID Pattern: 12345 ExcludeMatchedPattern: true - - Type: EVENT Pattern: PUSH - Type: HEAD_REF Pattern: ^refs/heads/.* - Type: FILE_PATH Pattern: READ_ME ExcludeMatchedPattern: true

JSON

{ "CodeBuildProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "MyProject", "ServiceRole": "my-example-service-role", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:1.0" }, "Source": { "Type": "GITHUB", "Location": "my-example-source-location" }, "Triggers": { "Webhook": true, "FilterGroups": [ [ { "Type": "EVENT", "Pattern": "PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED" }, { "Type": "BASE_REF", "Pattern": "^refs/heads/master$", "ExcludeMatchedPattern": false }, { "Type": "ACTOR_ACCOUNT_ID", "Pattern": 12345, "ExcludeMatchedPattern": true } ], [ { "Type": "EVENT", "Pattern": "PUSH" }, { "Type": "HEAD_REF", "Pattern": "^refs/heads/.*" }, { "Type": "FILE_PATH", "Pattern": "READ_ME", "ExcludeMatchedPattern": true } ] ] } } } }

Create a project using Amazon S3 and Amazon VPC

The following example creates a project that caches build dependencies in Amazon S3 and uses resources in an Amazon VPC.

YAML

Resources: CodeBuildProject: Type: AWS::CodeBuild::Project Properties: ServiceRole: !GetAtt CodeBuildRole.Arn Artifacts: Type: CODEPIPELINE Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/ubuntu-base:14.04 EnvironmentVariables: - Name: varName1 Value: varValue1 - Name: varName2 Value: varValue2 Type: PLAINTEXT - Name: varName3 Value: /CodeBuild/testParameter Type: PARAMETER_STORE Source: Type: CODEPIPELINE TimeoutInMinutes: 10 VpcConfig: VpcId: !Ref CodeBuildVPC Subnets: [!Ref CodeBuildSubnet] SecurityGroupIds: [!Ref CodeBuildSecurityGroup] Cache: Type: S3 Location: <mybucket/prefix> CodeBuildRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: ['sts:AssumeRole'] Effect: Allow Principal: Service: [codebuild.amazonaws.com] Version: '2012-10-17' Path: / Policies: - PolicyName: CodeBuildAccess PolicyDocument: Version: '2012-10-17' Statement: - Action: - 'logs:*' - 'ec2:CreateNetworkInterface' - 'ec2:DescribeNetworkInterfaces' - 'ec2:DeleteNetworkInterface' - 'ec2:DescribeSubnets' - 'ec2:DescribeSecurityGroups' - 'ec2:DescribeDhcpOptions' - 'ec2:DescribeVpcs' - 'ec2:CreateNetworkInterfacePermission' Effect: Allow Resource: '*' CodeBuildVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: name Value: codebuild CodeBuildSubnet: Type: AWS::EC2::Subnet Properties: VpcId: Ref: CodeBuildVPC CidrBlock: 10.0.1.0/24 CodeBuildSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: Codebuild Internet Group GroupDescription: 'CodeBuild SecurityGroup' VpcId: !Ref CodeBuildVPC

JSON

{ "Resources": { "CodeBuildProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "ServiceRole": { "Fn::GetAtt": [ "CodeBuildRole", "Arn" ] }, "Artifacts": { "Type": "CODEPIPELINE" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/ubuntu-base:14.04", "EnvironmentVariables": [ { "Name": "varName1", "Value": "varValue1" }, { "Name": "varName2", "Value": "varValue2", "Type": "PLAINTEXT" }, { "Name": "varName3", "Value": "/CodeBuild/testParameter", "Type": "PARAMETER_STORE" } ] }, "Source": { "Type": "CODEPIPELINE" }, "TimeoutInMinutes": 10, "VpcConfig": { "VpcId": { "Ref": "CodeBuildVPC" }, "Subnets": [ { "Ref": "CodeBuildSubnet" } ], "SecurityGroupIds": [ { "Ref": "CodeBuildSecurityGroup" } ] }, "Cache": { "Type": "S3", "Location": "<mybucket/prefix>" } } }, "CodeBuildRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] } } ], "Version": "2012-10-17" }, "Path": "/", "Policies": [ { "PolicyName": "CodeBuildAccess", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:*", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", "ec2:DescribeVpcs", "ec2:CreateNetworkInterfacePermission" ], "Effect": "Allow", "Resource": "*" } ] } } ] } }, "CodeBuildVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "name", "Value": "codebuild" } ] } }, "CodeBuildSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "CodeBuildVPC" }, "CidrBlock": "10.0.1.0/24" } }, "CodeBuildSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupName": "Codebuild Internet Group", "GroupDescription": "CodeBuild SecurityGroup", "VpcId": { "Ref": "CodeBuildVPC" } } } } }

See also