AWS::CodeBuild::Project
The AWS::CodeBuild::Project resource configures how AWS CodeBuild builds your source
code. For example, it tells CodeBuild where to get the source code and which build environment to
use.
Note
To unset or remove a project value via CFN, explicitly provide the attribute with value as empty input.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::CodeBuild::Project", "Properties" : { "Artifacts" :Artifacts, "BadgeEnabled" :Boolean, "BuildBatchConfig" :ProjectBuildBatchConfig, "Cache" :ProjectCache, "ConcurrentBuildLimit" :Integer, "Description" :String, "EncryptionKey" :String, "Environment" :Environment, "FileSystemLocations" :[ ProjectFileSystemLocation, ... ], "LogsConfig" :LogsConfig, "Name" :String, "QueuedTimeoutInMinutes" :Integer, "ResourceAccessRole" :String, "SecondaryArtifacts" :[ Artifacts, ... ], "SecondarySources" :[ Source, ... ], "SecondarySourceVersions" :[ ProjectSourceVersion, ... ], "ServiceRole" :String, "Source" :Source, "SourceVersion" :String, "Tags" :[ Tag, ... ], "TimeoutInMinutes" :Integer, "Triggers" :ProjectTriggers, "Visibility" :String, "VpcConfig" :VpcConfig} }
YAML
Type: AWS::CodeBuild::Project Properties: Artifacts:ArtifactsBadgeEnabled:BooleanBuildBatchConfig:ProjectBuildBatchConfigCache:ProjectCacheConcurrentBuildLimit:IntegerDescription:StringEncryptionKey:StringEnvironment:EnvironmentFileSystemLocations:- ProjectFileSystemLocationLogsConfig:LogsConfigName:StringQueuedTimeoutInMinutes:IntegerResourceAccessRole:StringSecondaryArtifacts:- ArtifactsSecondarySources:- SourceSecondarySourceVersions:- ProjectSourceVersionServiceRole:StringSource:SourceSourceVersion:StringTags:- TagTimeoutInMinutes:IntegerTriggers:ProjectTriggersVisibility:StringVpcConfig:VpcConfig
Properties
Artifacts-
Artifactsis a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.Required: Yes
Type: Artifacts
Update requires: No interruption
BadgeEnabled-
Indicates whether AWS CodeBuild generates a publicly accessible URL for your project's build badge. For more information, see Build Badges Sample in the AWS CodeBuild User Guide.
Note
Including build badges with your project is currently not supported if the source type is CodePipeline. If you specify
CODEPIPELINEfor theSourceproperty, do not specify theBadgeEnabledproperty.Required: No
Type: Boolean
Update requires: No interruption
BuildBatchConfig-
A
ProjectBuildBatchConfigobject that defines the batch build options for the project.Required: No
Type: ProjectBuildBatchConfig
Update requires: No interruption
Cache-
Settings that AWS CodeBuild uses to store and reuse build dependencies.
Required: No
Type: ProjectCache
Update requires: No interruption
ConcurrentBuildLimit-
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
Required: No
Type: Integer
Update requires: No interruption
Description-
A description that makes the build project easy to identify.
Required: No
Type: String
Minimum:
0Maximum:
255Update requires: No interruption
EncryptionKey-
The AWS Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format
alias/<alias-name>). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).Required: No
Type: String
Minimum:
1Update requires: No interruption
Environment-
The build environment settings for the project, such as the environment type or the environment variables to use for the build environment.
Required: Yes
Type: Environment
Update requires: No interruption
FileSystemLocations-
An array of
ProjectFileSystemLocationobjects for a CodeBuild build project. AProjectFileSystemLocationobject specifies theidentifier,location,mountOptions,mountPoint, andtypeof a file system created using Amazon Elastic File System.Required: No
Type: Array of ProjectFileSystemLocation
Update requires: No interruption
LogsConfig-
Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.
Required: No
Type: LogsConfig
Update requires: No interruption
Name-
The name of the build project. The name must be unique across all of the projects in your AWS account.
Required: No
Type: String
Pattern:
[A-Za-z0-9][A-Za-z0-9\-_]{1,149}Minimum:
2Maximum:
150Update requires: Replacement
QueuedTimeoutInMinutes-
The number of minutes a build is allowed to be queued before it times out.
Required: No
Type: Integer
Minimum:
5Maximum:
480Update requires: No interruption
ResourceAccessRole-
The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.
Required: No
Type: String
Minimum:
1Update requires: No interruption
SecondaryArtifacts-
A list of
Artifactsobjects. Each artifacts object specifies output settings that the project generates during a build.Required: No
Type: Array of Artifacts
Minimum:
0Maximum:
12Update requires: No interruption
SecondarySources-
An array of
ProjectSourceobjects.Required: No
Type: Array of Source
Minimum:
0Maximum:
12Update requires: No interruption
SecondarySourceVersions-
An array of
ProjectSourceVersionobjects. IfsecondarySourceVersionsis specified at the build level, then they take over thesesecondarySourceVersions(at the project level).Required: No
Type: Array of ProjectSourceVersion
Minimum:
0Maximum:
12Update requires: No interruption
ServiceRole-
The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
Required: Yes
Type: String
Minimum:
1Update requires: No interruption
Source-
The source code settings for the project, such as the source code's repository type and location.
Required: Yes
Type: Source
Update requires: No interruption
SourceVersion-
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
-
For CodeCommit: the commit ID, branch, or Git tag to use.
-
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format
pr/pull-request-ID(for examplepr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used. -
For GitLab: the commit ID, branch, or Git tag to use.
-
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
-
For Amazon S3: the version ID of the object that represents the build input ZIP file to use.
If
sourceVersionis specified at the build level, then that version takes precedence over thissourceVersion(at the project level).For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
Required: No
Type: String
Update requires: No interruption
-
-
An arbitrary set of tags (key-value pairs) for the AWS CodeBuild project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
Required: No
Type: Array of Tag
Minimum:
0Maximum:
50Update requires: No interruption
TimeoutInMinutes-
How long, in minutes, from 5 to 2160 (36 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
Required: No
Type: Integer
Minimum:
5Maximum:
2160Update requires: No interruption
Triggers-
For an existing AWS CodeBuild build project that has its source code stored in a GitHub repository, enables AWS CodeBuild to begin automatically rebuilding the source code every time a code change is pushed to the repository.
Required: No
Type: ProjectTriggers
Update requires: No interruption
Visibility-
Specifies the visibility of the project's builds. Possible values are:
- PUBLIC_READ
-
The project builds are visible to the public.
- PRIVATE
-
The project builds are not visible to the public.
Required: No
Type: String
Update requires: No interruption
VpcConfig-
VpcConfigspecifies settings that enable AWS CodeBuild to access resources in an Amazon VPC. For more information, see Use AWS CodeBuild with Amazon Virtual Private Cloud in the AWS CodeBuild User Guide.Required: No
Type: VpcConfig
Update requires: No interruption
Return values
Ref
When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the name of the AWS CodeBuild project, such as myProjectName.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using Fn::GetAtt, see Fn::GetAtt.
Arn-
The ARN of the AWS CodeBuild project, such as
arn:aws:codebuild:us-west-2:123456789012:project/myProjectName.
Examples
Create a project
The following example creates an AWS CodeBuild project.
JSON
{ "Project": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] }, "Artifacts": { "Type": "no_artifacts" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/java:openjdk-8", "EnvironmentVariables": [ { "Name": "varName", "Type": "varType", "Value": "varValue" } ] }, "Source": { "Location": "codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c", "Type": "S3" }, "TimeoutInMinutes": 10, "Tags": [ { "Key": "Key1", "Value": "Value1" }, { "Key": "Key2", "Value": "Value2" } ] } } }
YAML
Project: Type: AWS::CodeBuild::Project Properties: Name: myProjectName Description: A description about my project ServiceRole: !GetAtt ServiceRole.Arn Artifacts: Type: no_artifacts Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/java:openjdk-8 EnvironmentVariables: - Name: varName Type: varType Value: varValue Source: Location: codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c Type: S3 TimeoutInMinutes: 10 Tags: - Key: Key1 Value: Value1 - Key: Key2 Value: Value2
Create a project with two filter groups.
The following example creates a project with two filter groups. Together, they trigger a build when one or both evaluate to true:
-
The first filter group specifies pull requests are created or updated on branches with Git reference names that match the regular expression
^refs/heads/master$by a GitHub user that does not have account ID12345. -
The second filter group specifies push requests are created on files with names that match the regular expression
READ_MEin branches with Git reference names that match the regular expression^refs/heads/.*.
For this example, the name of the service role is my-example-service-role. The name of the source location
is my-example-source-location.
YAML
CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: MyProject ServiceRole: my-example-service-role Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:1.0 Source: Type: GITHUB Location: my-example-source-location Triggers: Webhook: true FilterGroups: - - Type: EVENT Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED - Type: BASE_REF Pattern: ^refs/heads/master$ ExcludeMatchedPattern: false - Type: ACTOR_ACCOUNT_ID Pattern: 12345 ExcludeMatchedPattern: true - - Type: EVENT Pattern: PUSH - Type: HEAD_REF Pattern: ^refs/heads/.* - Type: FILE_PATH Pattern: READ_ME ExcludeMatchedPattern: true
JSON
{ "CodeBuildProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "MyProject", "ServiceRole": "my-example-service-role", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:1.0" }, "Source": { "Type": "GITHUB", "Location": "my-example-source-location" }, "Triggers": { "Webhook": true, "FilterGroups": [ [ { "Type": "EVENT", "Pattern": "PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED" }, { "Type": "BASE_REF", "Pattern": "^refs/heads/master$", "ExcludeMatchedPattern": false }, { "Type": "ACTOR_ACCOUNT_ID", "Pattern": 12345, "ExcludeMatchedPattern": true } ], [ { "Type": "EVENT", "Pattern": "PUSH" }, { "Type": "HEAD_REF", "Pattern": "^refs/heads/.*" }, { "Type": "FILE_PATH", "Pattern": "READ_ME", "ExcludeMatchedPattern": true } ] ] } } } }
Create a project using Amazon S3 and Amazon VPC
The following example creates a project that caches build dependencies in Amazon S3 and uses resources in an Amazon VPC.
YAML
Resources: CodeBuildProject: Type: AWS::CodeBuild::Project Properties: ServiceRole: !GetAtt CodeBuildRole.Arn Artifacts: Type: CODEPIPELINE Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/ubuntu-base:14.04 EnvironmentVariables: - Name: varName1 Value: varValue1 - Name: varName2 Value: varValue2 Type: PLAINTEXT - Name: varName3 Value: /CodeBuild/testParameter Type: PARAMETER_STORE Source: Type: CODEPIPELINE TimeoutInMinutes: 10 VpcConfig: VpcId: !Ref CodeBuildVPC Subnets: [!Ref CodeBuildSubnet] SecurityGroupIds: [!Ref CodeBuildSecurityGroup] Cache: Type: S3 Location:<mybucket/prefix>CodeBuildRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: ['sts:AssumeRole'] Effect: Allow Principal: Service: [codebuild.amazonaws.com] Version: '2012-10-17' Path: / Policies: - PolicyName: CodeBuildAccess PolicyDocument: Version: '2012-10-17' Statement: - Action: - 'logs:*' - 'ec2:CreateNetworkInterface' - 'ec2:DescribeNetworkInterfaces' - 'ec2:DeleteNetworkInterface' - 'ec2:DescribeSubnets' - 'ec2:DescribeSecurityGroups' - 'ec2:DescribeDhcpOptions' - 'ec2:DescribeVpcs' - 'ec2:CreateNetworkInterfacePermission' Effect: Allow Resource: '*' CodeBuildVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: name Value: codebuild CodeBuildSubnet: Type: AWS::EC2::Subnet Properties: VpcId: Ref: CodeBuildVPC CidrBlock: 10.0.1.0/24 CodeBuildSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: Codebuild Internet Group GroupDescription: 'CodeBuild SecurityGroup' VpcId: !Ref CodeBuildVPC
JSON
{ "Resources": { "CodeBuildProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "ServiceRole": { "Fn::GetAtt": [ "CodeBuildRole", "Arn" ] }, "Artifacts": { "Type": "CODEPIPELINE" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/ubuntu-base:14.04", "EnvironmentVariables": [ { "Name": "varName1", "Value": "varValue1" }, { "Name": "varName2", "Value": "varValue2", "Type": "PLAINTEXT" }, { "Name": "varName3", "Value": "/CodeBuild/testParameter", "Type": "PARAMETER_STORE" } ] }, "Source": { "Type": "CODEPIPELINE" }, "TimeoutInMinutes": 10, "VpcConfig": { "VpcId": { "Ref": "CodeBuildVPC" }, "Subnets": [ { "Ref": "CodeBuildSubnet" } ], "SecurityGroupIds": [ { "Ref": "CodeBuildSecurityGroup" } ] }, "Cache": { "Type": "S3", "Location": "<mybucket/prefix>" } } }, "CodeBuildRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "codebuild.amazonaws.com" ] } } ], "Version": "2012-10-17" }, "Path": "/", "Policies": [ { "PolicyName": "CodeBuildAccess", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:*", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", "ec2:DescribeVpcs", "ec2:CreateNetworkInterfacePermission" ], "Effect": "Allow", "Resource": "*" } ] } } ] } }, "CodeBuildVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "name", "Value": "codebuild" } ] } }, "CodeBuildSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "CodeBuildVPC" }, "CidrBlock": "10.0.1.0/24" } }, "CodeBuildSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupName": "Codebuild Internet Group", "GroupDescription": "CodeBuild SecurityGroup", "VpcId": { "Ref": "CodeBuildVPC" } } } } }
See also
-
CreateProject in the AWS CodeBuild API Reference
