AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With AWS CodeBuild, you do not need to provision, manage, and scale your own build servers. AWS CodeBuild scales continuously and processes multiple builds concurrently, so your builds do not wait in a queue. AWS CodeBuild has prepackaged build environments, or you can create custom build environments that use your own build tools. With AWS CodeBuild, AWS charges by the minute for the compute resources you use.
AWS CodeBuild enables you to define the build environment to perform build tasks and the actual tasks that it will perform. AWS CodeBuild comes with prepackaged build environments for most common workloads and build tools (Apache Maven, Grade, and others), and it allows you to create custom environments for any custom tools or processes. AWS CodePipeline includes built-in integration with AWS CodeBuild, which can act as a provider for any build or test actions in your pipeline.
AWS CodeBuild initiates build tasks inside a build project, which defines the environmental settings, build steps to perform, and any output artifacts. The build container’s operating system, runtime, and build tools make up the build environment.
Build projects define all aspects of a build. This includes the environment in which to perform builds, any tools to include in the environment, the actual build steps to perform, and outputs to save.
Create a Build Project When you create a build project, you fi rst select a source provider. AWS CodeBuild supports AWS CodeCommit, Amazon S3, GitHub, and BitBucket as source providers. When you use GitHub or BitBucket, a separate authentication fl ow will be invoked. This allows access to the source repository from AWS CodeBuild. GitHub source repositories also support webhooks to trigger builds automatically any time you push a commit to a specifi c repository and branch.
After AWS CodeBuild successfully connects to the source repository or location, you select a build environment . AWS CodeBuild provides preconfigured build environments for some operating systems, runtimes, and runtime versions, such as Ubuntu with Java 9. Next, you will confi gure the build specifi cation . This can be done in one of two ways. You can insert build commands in the console or specify a buildspec.yml fi le in your source code. Both options are valid, but if you use a buildspec.yml fi le, you will see additional confi guration options
If your build creates artifacts you would like to use in later steps of your pipeline/process, you can specify output artifacts to save to Amazon S3. Otherwise, you can choose not to save any artifacts. You will need to specify individual fi lename(s) for AWS CodeBuild to save on your behalf.
AWS CodeBuild supports caching, which you can confi gure in the next step. Caching saves some components of the build environment to reduce the time to create environments when you submit build jobs. Every build project requires an IAM service role that is accessible by AWS CodeBuild. When you create new projects, you can automatically create a service role that you restrict to this project only. You can update service roles to work with up to 10 build projects at a time.
Lastly, you can confi gure AWS CodeBuild to create build environments with connectivity to an Amazon Virtual Private Cloud (Amazon VPC) in your account. To do so, specify the Amazon VPC ID, subnets, and security groups to assign to the build environment. You can confi gure other settings when you create the build, such as to run the Docker daemon in privileged mode to build Docker images. After you set the build project properties, you can select the compute type (memory and vCPU settings), any environment variables to pass to the build container, and tags to apply to the project.
When you set environment variables, they will be visible in plain text in the AWS CodeBuild console and AWS CLI or SDK. If there is sensitive information that you would like to pass to build jobs, consider using the AWS Systems Manager Parameter Store . This will require the build project’s IAM role to have permissions to access the parameter store.
The buildspec.yml file can provide the build specification to your build projects in the AWS CodeBuild console, the AWS CLI, or the AWS SDK when you create the build project, or as part of your source repository in a YAML-formatted buildspec.yml file. You can supply only one build specification to a build project. A build specification’s format is as follows:
version: 0.2
env:
variables:
key: "value"
parameter-store:
key: "value"
phases:
install:
commands:
- command
pre_build:
commands:
- command
build:
commands:
- command
post_build:
commands:
- command
artifacts:
files:
- location
discard-paths: yes
base-directory: location
cache:
paths:
- pathAWS supports multiple build specification versions; however, AWS recommends you use the latest version whenever possible.
You can add optional environment variables to build jobs. Any key/value pairs that you provide in the variables section are available as environment variables in plain text.
Any environment variables that you define here will overwrite those you define elsewhere in the build project, such as those in the container itself or by Docker.
The parameter-store mapping specifi es parameters to query in AWS Systems Manager Parameter Store.
The phases mapping specifi es commands to run at each stage of the build job. When you specify build settings in the AWS CodeBuild console, AWS CLI, or AWS SDK, you are not able to separate commands into phases . With a build specifi cations fi le, you can separate commands into phases.
install Commands to execute during installation of the build environment. pre_build Commands to be run before the build begins. build Commands to be run during the build. post_build Commands to be run after the build completes.
If a command fails in any stage, subsequent stages will not run.
The artifacts mapping specifi es where AWS CodeBuild will place output artifacts, if any. This is required only if your build job produces actual outputs. For example, unit tests would not produce output artifacts for later use in a pipeline. The files list specifi es individual fi les in the build environment that will act as output artifacts. You can specify individual fi les, directories, or recursive directories. You can use discard-paths and base-directory to specify a different directory structure to package output artifacts.
If you confi gure caching for the build project, the cache map specifi es which fi les to upload to Amazon S3 for use in subsequent builds.
A build environment is a Docker image with a preconfigured operating system, programming language runtime, and any other tools that AWS CodeBuild uses to perform build tasks and communicate with the service, along with other metadata for the environment, such as the compute settings. AWS CodeBuild maintains its own repository of preconfi gured build environments. If these environments do not meet your requirements, you can use public Docker Hub images. Alternatively, you can use container images in Amazon Elastic Container Registry (Amazon ECR).
AWS CodeBuild provides build environments for Ubuntu and Amazon Linux operating systems, and it supports the following:
Not all programming languages support both Ubuntu and Amazon Linux build environments.
This table lists the memory, virtual central processing unit (vCPU), and disk space confi gurations for build environments.
| Compute Type | Memory | vCPUs | Disk Space |
|---|---|---|---|
| BUILD_GENERAL1_SMALL | 3 GB | 2 | 64 GB |
| BUILD_GENERAL1_MEDIUM | 7 GB | 4 | 128 GB |
| BUILD_GENERAL1_LARGE | 15 GB | 8 | 128 GB |
AWS CodeBuild provides several environment variables by default, such as AWS_REGION, CODEBUILD_BUILD_ID , and HOME.
When you create your own environment variables, AWS CodeBuild reserves the CODEBUILD_ prefix.
When you initiate a build, AWS CodeBuild copies the input artifact(s) into the build environment. AWS CodeBuild uses the build specifi cation to run the build process, which includes any steps to perform and outputs to provide after the build completes. Build logs are made available to Amazon CloudWatch Logs for real-time monitoring. When you run builds manually in the AWS CodeBuild console, AWS CLI, or AWS SDK, you have the option to change several properties before you run a build job.
AWS CodeBuild enforces service limits in the table. An asterisk (*) indicates that you can increase limits if you submit a request to AWS Support.
| Limit | Value |
|---|---|
| Build projects per region per account* | 1000 |
| Build timeout | 8 hours |
| Concurrently running builds* | 20 |
AWS CodePipeline enables you to build jobs for both build and test actions. Both action types require exactly one input artifact and may return zero or one output artifacts. When you create a build or test actions in your pipeline with your build projects, the only input that you require is the build project name. The AWS CodePipeline console also has the option to create new build projects when you create the action.
