AWS CodeBuild Concepts: Difference between revisions
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
The service role, unless specified otherwise, is automatically created with the following policies: | The service role, unless specified otherwise, is automatically created with the following policies: | ||
CodeBuildBasePolicy-<''build-project-name''>-<''region''> | |||
<syntaxhighlight lang='json'> | <syntaxhighlight lang='json'> | ||
Line 44: | Line 44: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
CodeBuildVpcPolicy-<''build-project-name''>-<''region''> | |||
CodeBuildCloudWatchLogsPolicy-<''build-project-name''>-<''region''> | |||
For operational details on handling the service role, see {{Internal|AWS_CodeBuild_Operations#Role_name|CodeBuild Operations - Role name}} | For operational details on handling the service role, see {{Internal|AWS_CodeBuild_Operations#Role_name|CodeBuild Operations - Role name}} |
Revision as of 04:38, 13 February 2019
Internal
Build Project
Service Role
The service role, unless specified otherwise, is automatically created with the following policies:
CodeBuildBasePolicy-<build-project-name>-<region>
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:us-west-2:673499572719:log-group:/aws/codebuild/playground-ops",
"arn:aws:logs:us-west-2:673499572719:log-group:/aws/codebuild/playground-ops:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codepipeline-us-west-2-*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
]
}
CodeBuildVpcPolicy-<build-project-name>-<region>
CodeBuildCloudWatchLogsPolicy-<build-project-name>-<region>
For operational details on handling the service role, see
VPC
Security Group
The build project configuration allows selecting on or more security groups, which are security groups that AWS CodeBuild should use to work with the VPC. The security groups should allow outbound connections.