Skip to main content

aws.codebuild

Supported Platform

  • aws

Description

AWS CodeBuild for building and testing code

The aws.codebuild resource is used to assess the configuration of the AWS CodeBuild service and the projects within.

Fields

IDTYPEDESCRIPTION
projects[]aws.codebuild.projectlist of build projects

Examples

Return a list of aws.codebuild.project resources representing all AWS CodeBuild projects configured across all enabled regions within the account and the values for specified fields

aws.codebuild.projects {
arn
description
name
environment
region
source
}

Checks that all projects containing env variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are not in plaintext

aws.codebuild.projects {
environment ['EnvironmentVariables'].where(_['Name'] == "AWS_ACCESS_KEY_ID") { _['Type'] != "PLAINTEXT"}
environment ['EnvironmentVariables'].where(_['Name'] == "AWS_SECRET_ACCESS_KEY") { _['Type'] != "PLAINTEXT"}
}

Checks that all projects using github or bitbucket as the source use oauth

aws.codebuild.projects.where( source['Type'] == "BITBUCKET" || source['Type'] == "GITHUB" ) {
source['Auth']['Type'] == "OAUTH"
}

References