Top / Amazon Web Service / AWS CodeBuild / Project

AWS CodeBuild Project

This page shows how to write Terraform and CloudFormation for CodeBuild Project and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_codebuild_project (Terraform)

The Project in CodeBuild can be configured in Terraform with the resource name aws_codebuild_project. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

codebuild_project_test.tf#L9
resource "aws_codebuild_project" "my_project_noUsage" {
  name        = "test-project-cache"
  description = "test_codebuild_project_cache"

  service_role = ""
aws_codebuild_project_encryption_allowed.tf#L1
resource "aws_codebuild_project" "allowed" {
  artifacts {
    type = "NO_ARTIFACTS"
  }
}
aws_codebuild_project_encryption_denied.tf#L1
resource "aws_codebuild_project" "denied" {
  artifacts {
    type = "S3"
    encryption_disabled = true
  }
}
cicd-pipeline.tf#L1
resource "aws_codebuild_project" "tf-plan" {
  name         = "tf-cicd-plan2"
  description  = "Plan stage for terraform"
  service_role = aws_iam_role.tf-codebuild-role.arn

  artifacts {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_codebuild_project

There is 1 setting in aws_codebuild_project that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable encryption of CodeBuild artifacts

It's better to protect CodeBuild project artifacts with default encryption.

Review your AWS CodeBuild settings

You can check if the aws_codebuild_project setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a CodeBuild Project resource. See also the aws_codebuild_webhook resource, which manages the webhook to the source (e.g., the "rebuild every time a code change is pushed" option in the CodeBuild web console).

>> from Terraform Registry

AWS::CodeBuild::Project (CloudFormation)

The Project in CodeBuild can be configured in CloudFormation with the resource name AWS::CodeBuild::Project. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::CodeBuild::Project resource configures how AWS CodeBuild builds your source code. For example, it tells CodeBuild where to get the source code and which build environment to use.

>> from AWS CloudFormation Documentation

The Other Related AWS CodeBuild Resources

Frequently asked questions

What is AWS CodeBuild Project?

AWS CodeBuild Project is a resource for CodeBuild of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS CodeBuild Project?

For Terraform, the gilyas/infracost, snyk-labs/infrastructure-as-code-goof and snyk-labs/infrastructure-as-code-goof source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents