AWS CodeBuild Source Credential
This page shows how to write Terraform and CloudFormation for CodeBuild Source Credential and write them securely.
aws_codebuild_source_credential (Terraform)
The Source Credential in CodeBuild can be configured in Terraform with the resource name aws_codebuild_source_credential
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_codebuild_source_credential" "github_credential" {
auth_type = "PERSONAL_ACCESS_TOKEN"
server_type = "GITHUB"
token = var.github_token
}
resource "aws_codebuild_source_credential" "github" {
count = var.is_include_codebuild ? 1 : 0
auth_type = "PERSONAL_ACCESS_TOKEN"
server_type = "GITHUB"
token = var.github_token
}
Parameters
-
arn
optional computed - string -
auth_type
required - string -
id
optional computed - string -
server_type
required - string -
token
required - string -
user_name
optional - string
Explanation in Terraform Registry
Provides a CodeBuild Source Credentials Resource.
NOTE: > Codebuild only allows a single credential per given server type in a given region. Therefore, when you define
aws_codebuild_source_credential
,aws_codebuild_project
resource defined in the same module will use it.
Tips: Best Practices for The Other AWS CodeBuild Resources
In addition to the aws_codebuild_project, AWS CodeBuild has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_codebuild_project
Ensure to enable encryption of CodeBuild artifacts
It's better to protect CodeBuild project artifacts with default encryption.
AWS::CodeBuild::SourceCredential (CloudFormation)
The SourceCredential in CodeBuild can be configured in CloudFormation with the resource name AWS::CodeBuild::SourceCredential
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
ServerType
required - String -
Username
optional - String -
Token
required - String -
AuthType
required - String
Explanation in CloudFormation Registry
Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use AWS Secrets Manager to store your credentials. If you use Secrets Manager, you must have secrets in your secrets manager. For more information, see Using Dynamic References to Specify Template Values. Important For security purposes, do not use plain text in your AWS CloudFormation template to store your credentials.
Frequently asked questions
What is AWS CodeBuild Source Credential?
AWS CodeBuild Source Credential is a resource for CodeBuild of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS CodeBuild Source Credential?
For Terraform, the osodevops/aws-terraform-module-codebuild-packer and aashari/terraform-aws-static-website source code examples are useful. See the Terraform Example section for further details.