AWS CodeBuild Webhook

This page shows how to write Terraform and CloudFormation for CodeBuild Webhook and write them securely.

aws_codebuild_webhook (Terraform)

The Webhook in CodeBuild can be configured in Terraform with the resource name aws_codebuild_webhook. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

cicd-pipeline.tf#L56
resource "aws_codebuild_webhook" "cicd-plan-webhook" {
  project_name = aws_codebuild_project.tf-plan.name
  build_type   = "BUILD"
  filter_group {
    filter {
      type    = "EVENT"
codebuild_webhook.tf#L1
resource "aws_codebuild_webhook" "webhook_example" {
    project_name = aws_codebuild_project.webhook_example.id
    ## Only trigger builds when the specified branch (HEAD_REF) is pushed to
    filter_group {
        filter {
            type = "EVENT"
3.tf#L1
resource "aws_codebuild_webhook" "continuous_apply" {
  project_name = aws_codebuild_project.continuous_apply.name

  filter_group {
    filter {
      type    = "EVENT"
build.tf#L82
resource "aws_codebuild_webhook" "prd" {
  count        = replace(var.env, var.name, "") == "-prd" ? 1 : 0
  project_name = aws_codebuild_project.this.name

  filter_group {
    filter {
main.tf#L1
resource "aws_codebuild_webhook" "webhook" {
  count         = length(var.webhook)
  project_name  = element(var.project_name, lookup(var.webhook[count.index], "project_id"))
  branch_filter = lookup(var.webhook[count.index], "branch_filter")

  dynamic "filter_group" {

Parameters

Explanation in Terraform Registry

Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.

AWS::CodeBuild::Project WebhookFilter (CloudFormation)

The Project WebhookFilter in CodeBuild can be configured in CloudFormation with the resource name AWS::CodeBuild::Project WebhookFilter. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

ExcludeMatchedPattern Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
Required: No
Type: Boolean
Update requires: No interruption

Pattern For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
Required: Yes
Type: String
Update requires: No interruption

Type The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTORACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events. _Required
: Yes
Type: String
Allowed values: ACTOR_ACCOUNT_ID | BASE_REF | COMMIT_MESSAGE | EVENT | FILE_PATH | HEAD_REF
Update requires: No interruption

Explanation in CloudFormation Registry

WebhookFilter is a structure of the FilterGroups property on the AWS CodeBuild Project ProjectTriggers property type that specifies which webhooks trigger an AWS CodeBuild build.

Frequently asked questions

What is AWS CodeBuild Webhook?

AWS CodeBuild Webhook is a resource for CodeBuild of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS CodeBuild Webhook?

For Terraform, the didilmfs/learn-aws-cicd, exNihlio/terraform and Unripe01/study-terraform-forked source code examples are useful. See the Terraform Example section for further details.