AWS CodeBuild Source Credential

This page shows how to write Terraform and CloudFormation for CodeBuild Source Credential and write them securely.

aws_codebuild_source_credential (Terraform)

The Source Credential in CodeBuild can be configured in Terraform with the resource name aws_codebuild_source_credential. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

aws_codebuild_project.tf#L39
resource "aws_codebuild_source_credential" "github_credential" {
  auth_type   = "PERSONAL_ACCESS_TOKEN"
  server_type = "GITHUB"
  token       = var.github_token
}

codebuild_project.tf#L165
resource "aws_codebuild_source_credential" "github" {
  count       = var.is_include_codebuild ? 1 : 0
  auth_type   = "PERSONAL_ACCESS_TOKEN"
  server_type = "GITHUB"
  token       = var.github_token
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a CodeBuild Source Credentials Resource.

NOTE: > Codebuild only allows a single credential per given server type in a given region. Therefore, when you define aws_codebuild_source_credential, aws_codebuild_project resource defined in the same module will use it.

Tips: Best Practices for The Other AWS CodeBuild Resources

In addition to the aws_codebuild_project, AWS CodeBuild has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_codebuild_project

Ensure to enable encryption of CodeBuild artifacts

It's better to protect CodeBuild project artifacts with default encryption.

Review your AWS CodeBuild settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::CodeBuild::SourceCredential (CloudFormation)

The SourceCredential in CodeBuild can be configured in CloudFormation with the resource name AWS::CodeBuild::SourceCredential. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Explanation in CloudFormation Registry

Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use AWS Secrets Manager to store your credentials. If you use Secrets Manager, you must have secrets in your secrets manager. For more information, see Using Dynamic References to Specify Template Values. Important For security purposes, do not use plain text in your AWS CloudFormation template to store your credentials.

Frequently asked questions

What is AWS CodeBuild Source Credential?

AWS CodeBuild Source Credential is a resource for CodeBuild of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS CodeBuild Source Credential?

For Terraform, the osodevops/aws-terraform-module-codebuild-packer and aashari/terraform-aws-static-website source code examples are useful. See the Terraform Example section for further details.