Module codebuild

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Others

Resources

Resource Project

class Project extends CustomResource

Provides a CodeBuild Project resource. See also the aws.codebuild.Webhook resource, which manages the webhook to the source (e.g. the “rebuild every time a code change is pushed” option in the CodeBuild web console).

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("example", {
    acl: "private",
});
const exampleRole = new aws.iam.Role("example", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codebuild.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`,
});
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateNetworkInterface",
        "ec2:DescribeDhcpOptions",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeVpcs"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateNetworkInterfacePermission"
      ],
      "Resource": [
        "arn:aws:ec2:us-east-1:123456789012:network-interface/*"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:Subnet": [
            "${aws_subnet_example1.arn}",
            "${aws_subnet_example2.arn}"
          ],
          "ec2:AuthorizedService": "codebuild.amazonaws.com"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "${exampleBucket.arn}",
        "${exampleBucket.arn}/*"
      ]
    }
  ]
}
`,
    role: exampleRole.name,
});
const exampleProject = new aws.codebuild.Project("example", {
    artifacts: {
        type: "NO_ARTIFACTS",
    },
    buildTimeout: 5,
    cache: {
        location: exampleBucket.bucket,
        type: "S3",
    },
    description: "testCodebuildProject",
    environment: {
        computeType: "BUILD_GENERAL1_SMALL",
        environmentVariables: [
            {
                name: "SOME_KEY1",
                value: "SOME_VALUE1",
            },
            {
                name: "SOME_KEY2",
                type: "PARAMETER_STORE",
                value: "SOME_VALUE2",
            },
        ],
        image: "aws/codebuild/standard:1.0",
        imagePullCredentialsType: "CODEBUILD",
        type: "LINUX_CONTAINER",
    },
    logsConfig: {
        cloudwatchLogs: {
            groupName: "log-group",
            streamName: "log-stream",
        },
        s3Logs: {
            location: pulumi.interpolate`${exampleBucket.id}/build-log`,
            status: "ENABLED",
        },
    },
    serviceRole: exampleRole.arn,
    source: {
        gitCloneDepth: 1,
        location: "https://github.com/mitchellh/packer.git",
        type: "GITHUB",
    },
    tags: {
        Environment: "Test",
    },
    vpcConfig: {
        securityGroupIds: [
            aws_security_group_example1.id,
            aws_security_gorup_example2.id,
        ],
        subnets: [
            aws_subnet_example1.id,
            aws_subnet_example2.id,
        ],
        vpcId: aws_vpc_example.id,
    },
});
const projectWithCache = new aws.codebuild.Project("project-with-cache", {
    artifacts: {
        type: "NO_ARTIFACTS",
    },
    buildTimeout: 5,
    cache: {
        modes: [
            "LOCAL_DOCKER_LAYER_CACHE",
            "LOCAL_SOURCE_CACHE",
        ],
        type: "LOCAL",
    },
    description: "testCodebuildProjectCache",
    environment: {
        computeType: "BUILD_GENERAL1_SMALL",
        environmentVariables: [{
            name: "SOME_KEY1",
            value: "SOME_VALUE1",
        }],
        image: "aws/codebuild/standard:1.0",
        imagePullCredentialsType: "CODEBUILD",
        type: "LINUX_CONTAINER",
    },
    serviceRole: exampleRole.arn,
    source: {
        gitCloneDepth: 1,
        location: "https://github.com/mitchellh/packer.git",
        type: "GITHUB",
    },
    tags: {
        Environment: "Test",
    },
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/codebuild_project.html.markdown.

constructor

new Project(name: string, args: ProjectArgs, opts?: pulumi.CustomResourceOptions)

Create a Project resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProjectState, opts?: pulumi.CustomResourceOptions): Project

Get an existing Project resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Project. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the CodeBuild project.

property artifacts

public artifacts: pulumi.Output<outputs.codebuild.ProjectArtifacts>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

public badgeEnabled: pulumi.Output<boolean | undefined>;

Generates a publicly-accessible URL for the projects build badge. Available as badgeUrl attribute when enabled.

property badgeUrl

public badgeUrl: pulumi.Output<string>;

The URL of the build badge when badgeEnabled is enabled.

property buildTimeout

public buildTimeout: pulumi.Output<number | undefined>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

public cache: pulumi.Output<outputs.codebuild.ProjectCache | undefined>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

public description: pulumi.Output<string>;

A short description of the project.

property encryptionKey

public encryptionKey: pulumi.Output<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

public environment: pulumi.Output<outputs.codebuild.ProjectEnvironment>;

Information about the project’s build environment. Environment blocks are documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logsConfig

public logsConfig: pulumi.Output<outputs.codebuild.ProjectLogsConfig | undefined>;

Configuration for the builds to store log data to CloudWatch or S3.

property name

public name: pulumi.Output<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

public secondaryArtifacts: pulumi.Output<outputs.codebuild.ProjectSecondaryArtifact[] | undefined>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

public secondarySources: pulumi.Output<outputs.codebuild.ProjectSecondarySource[] | undefined>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

public serviceRole: pulumi.Output<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

public source: pulumi.Output<outputs.codebuild.ProjectSource>;

Information about the project’s input source code. Source blocks are documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcConfig

public vpcConfig: pulumi.Output<outputs.codebuild.ProjectVpcConfig | undefined>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

Resource SourceCredential

class SourceCredential extends CustomResource

Provides a CodeBuild Source Credentials Resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.codebuild.SourceCredential("example", {
    authType: "PERSONAL_ACCESS_TOKEN",
    serverType: "GITHUB",
    token: "example",
});
Bitbucket Server Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.codebuild.SourceCredential("example", {
    authType: "BASIC_AUTH",
    serverType: "BITBUCKET",
    token: "example",
    userName: "test-user",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/codebuild_source_credential.html.markdown.

constructor

new SourceCredential(name: string, args: SourceCredentialArgs, opts?: pulumi.CustomResourceOptions)

Create a SourceCredential resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SourceCredentialState, opts?: pulumi.CustomResourceOptions): SourceCredential

Get an existing SourceCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of SourceCredential. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of Source Credential.

property authType

public authType: pulumi.Output<string>;

The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property serverType

public serverType: pulumi.Output<string>;

The source provider used for this project.

property token

public token: pulumi.Output<string>;

For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userName

public userName: pulumi.Output<string | undefined>;

The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.

Resource Webhook

class Webhook extends CustomResource

Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.

Example Usage

Bitbucket and GitHub

When working with Bitbucket and GitHub source CodeBuild webhooks, the CodeBuild service will automatically create (on aws.codebuild.Webhook resource creation) and delete (on aws.codebuild.Webhook resource deletion) the Bitbucket/GitHub repository webhook using its granted OAuth permissions. This behavior cannot be controlled by this provider.

Note: The AWS account that this provider uses to create this resource must have authorized CodeBuild to access Bitbucket/GitHub’s OAuth API in each applicable region. This is a manual step that must be done before creating webhooks with this resource. If OAuth is not configured, AWS will return an error similar to ResourceNotFoundException: Could not find access token for server type github. More information can be found in the CodeBuild User Guide for Bitbucket and GitHub.

Note: Further managing the automatically created Bitbucket/GitHub webhook with the bitbucketHook/githubRepositoryWebhook resource is only possible with importing that resource after creation of the aws.codebuild.Webhook resource. The CodeBuild API does not ever provide the secret attribute for the aws.codebuild.Webhook resource in this scenario.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.codebuild.Webhook("example", {
    filterGroups: [{
        filters: [
            {
                pattern: "PUSH",
                type: "EVENT",
            },
            {
                pattern: "master",
                type: "HEAD_REF",
            },
        ],
    }],
    projectName: aws_codebuild_project_example.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/codebuild_webhook.html.markdown.

constructor

new Webhook(name: string, args: WebhookArgs, opts?: pulumi.CustomResourceOptions)

Create a Webhook resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebhookState, opts?: pulumi.CustomResourceOptions): Webhook

Get an existing Webhook resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Webhook. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property branchFilter

public branchFilter: pulumi.Output<string | undefined>;

A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use filterGroup over branchFilter.

property filterGroups

public filterGroups: pulumi.Output<outputs.codebuild.WebhookFilterGroup[] | undefined>;

Information about the webhook’s trigger. Filter group blocks are documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property payloadUrl

public payloadUrl: pulumi.Output<string>;

The CodeBuild endpoint where webhook events are sent.

property projectName

public projectName: pulumi.Output<string>;

The name of the build project.

property secret

public secret: pulumi.Output<string>;

The secret token of the associated repository. Not returned by the CodeBuild API for all source types.

property url

public url: pulumi.Output<string>;

The URL to the webhook.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface ProjectArgs

interface ProjectArgs

The set of arguments for constructing a Project resource.

property artifacts

artifacts: pulumi.Input<inputs.codebuild.ProjectArtifacts>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

badgeEnabled?: pulumi.Input<boolean>;

Generates a publicly-accessible URL for the projects build badge. Available as badgeUrl attribute when enabled.

property buildTimeout

buildTimeout?: pulumi.Input<number>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

cache?: pulumi.Input<inputs.codebuild.ProjectCache>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

description?: pulumi.Input<string>;

A short description of the project.

property encryptionKey

encryptionKey?: pulumi.Input<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

environment: pulumi.Input<inputs.codebuild.ProjectEnvironment>;

Information about the project’s build environment. Environment blocks are documented below.

property logsConfig

logsConfig?: pulumi.Input<inputs.codebuild.ProjectLogsConfig>;

Configuration for the builds to store log data to CloudWatch or S3.

property name

name?: pulumi.Input<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

secondaryArtifacts?: pulumi.Input<pulumi.Input<inputs.codebuild.ProjectSecondaryArtifact>[]>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

secondarySources?: pulumi.Input<pulumi.Input<inputs.codebuild.ProjectSecondarySource>[]>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

serviceRole: pulumi.Input<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

source: pulumi.Input<inputs.codebuild.ProjectSource>;

Information about the project’s input source code. Source blocks are documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property vpcConfig

vpcConfig?: pulumi.Input<inputs.codebuild.ProjectVpcConfig>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

interface ProjectState

interface ProjectState

Input properties used for looking up and filtering Project resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the CodeBuild project.

property artifacts

artifacts?: pulumi.Input<inputs.codebuild.ProjectArtifacts>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

badgeEnabled?: pulumi.Input<boolean>;

Generates a publicly-accessible URL for the projects build badge. Available as badgeUrl attribute when enabled.

property badgeUrl

badgeUrl?: pulumi.Input<string>;

The URL of the build badge when badgeEnabled is enabled.

property buildTimeout

buildTimeout?: pulumi.Input<number>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

cache?: pulumi.Input<inputs.codebuild.ProjectCache>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

description?: pulumi.Input<string>;

A short description of the project.

property encryptionKey

encryptionKey?: pulumi.Input<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

environment?: pulumi.Input<inputs.codebuild.ProjectEnvironment>;

Information about the project’s build environment. Environment blocks are documented below.

property logsConfig

logsConfig?: pulumi.Input<inputs.codebuild.ProjectLogsConfig>;

Configuration for the builds to store log data to CloudWatch or S3.

property name

name?: pulumi.Input<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

secondaryArtifacts?: pulumi.Input<pulumi.Input<inputs.codebuild.ProjectSecondaryArtifact>[]>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

secondarySources?: pulumi.Input<pulumi.Input<inputs.codebuild.ProjectSecondarySource>[]>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

serviceRole?: pulumi.Input<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

source?: pulumi.Input<inputs.codebuild.ProjectSource>;

Information about the project’s input source code. Source blocks are documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property vpcConfig

vpcConfig?: pulumi.Input<inputs.codebuild.ProjectVpcConfig>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

interface SourceCredentialArgs

interface SourceCredentialArgs

The set of arguments for constructing a SourceCredential resource.

property authType

authType: pulumi.Input<string>;

The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.

property serverType

serverType: pulumi.Input<string>;

The source provider used for this project.

property token

token: pulumi.Input<string>;

For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.

property userName

userName?: pulumi.Input<string>;

The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.

interface SourceCredentialState

interface SourceCredentialState

Input properties used for looking up and filtering SourceCredential resources.

property arn

arn?: pulumi.Input<string>;

The ARN of Source Credential.

property authType

authType?: pulumi.Input<string>;

The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.

property serverType

serverType?: pulumi.Input<string>;

The source provider used for this project.

property token

token?: pulumi.Input<string>;

For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.

property userName

userName?: pulumi.Input<string>;

The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.

interface WebhookArgs

interface WebhookArgs

The set of arguments for constructing a Webhook resource.

property branchFilter

branchFilter?: pulumi.Input<string>;

A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use filterGroup over branchFilter.

property filterGroups

filterGroups?: pulumi.Input<pulumi.Input<inputs.codebuild.WebhookFilterGroup>[]>;

Information about the webhook’s trigger. Filter group blocks are documented below.

property projectName

projectName: pulumi.Input<string>;

The name of the build project.

interface WebhookState

interface WebhookState

Input properties used for looking up and filtering Webhook resources.

property branchFilter

branchFilter?: pulumi.Input<string>;

A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use filterGroup over branchFilter.

property filterGroups

filterGroups?: pulumi.Input<pulumi.Input<inputs.codebuild.WebhookFilterGroup>[]>;

Information about the webhook’s trigger. Filter group blocks are documented below.

property payloadUrl

payloadUrl?: pulumi.Input<string>;

The CodeBuild endpoint where webhook events are sent.

property projectName

projectName?: pulumi.Input<string>;

The name of the build project.

property secret

secret?: pulumi.Input<string>;

The secret token of the associated repository. Not returned by the CodeBuild API for all source types.

property url

url?: pulumi.Input<string>;

The URL to the webhook.