@turbot/aws-codebuild

The aws-codebuild mod contains resource, control and policy definitions for AWS CodeBuild service.

• Setting Policies Tutorial
• Mods Overview
• Policies Overview
• Resources Overview
• Common Policies and Controls

Recommended Version

Resource Types

• AWS > CodeBuild
• AWS > CodeBuild > Build
• AWS > CodeBuild > Project
• AWS > CodeBuild > Source Credential

Control Types

• AWS > CodeBuild > Build > Active
• AWS > CodeBuild > Build > Approved
• AWS > CodeBuild > Build > CMDB
• AWS > CodeBuild > Build > Discovery
• AWS > CodeBuild > Build > Usage
• AWS > CodeBuild > Project > Active
• AWS > CodeBuild > Project > Approved
• AWS > CodeBuild > Project > CMDB
• AWS > CodeBuild > Project > Discovery
• AWS > CodeBuild > Project > Tags
• AWS > CodeBuild > Project > Usage
• AWS > CodeBuild > Source Credential > Active
• AWS > CodeBuild > Source Credential > Approved
• AWS > CodeBuild > Source Credential > CMDB
• AWS > CodeBuild > Source Credential > Discovery

Policy Types

• AWS > CodeBuild > API Enabled
• AWS > CodeBuild > Approved Regions [Default]
• AWS > CodeBuild > Build > Active
• AWS > CodeBuild > Build > Active > Age
• AWS > CodeBuild > Build > Active > Budget
• AWS > CodeBuild > Build > Active > Last Modified
• AWS > CodeBuild > Build > Approved
• AWS > CodeBuild > Build > Approved > Budget
• AWS > CodeBuild > Build > Approved > Custom
• AWS > CodeBuild > Build > Approved > Regions
• AWS > CodeBuild > Build > Approved > Usage
• AWS > CodeBuild > Build > CMDB
• AWS > CodeBuild > Build > Regions
• AWS > CodeBuild > Build > Usage
• AWS > CodeBuild > Build > Usage > Limit
• AWS > CodeBuild > Enabled
• AWS > CodeBuild > Permissions
• AWS > CodeBuild > Permissions > Levels
• AWS > CodeBuild > Permissions > Levels > Modifiers
• AWS > CodeBuild > Permissions > Lockdown
• AWS > CodeBuild > Permissions > Lockdown > API Boundary
• AWS > CodeBuild > Project > Active
• AWS > CodeBuild > Project > Active > Age
• AWS > CodeBuild > Project > Active > Budget
• AWS > CodeBuild > Project > Active > Last Modified
• AWS > CodeBuild > Project > Approved
• AWS > CodeBuild > Project > Approved > Budget
• AWS > CodeBuild > Project > Approved > Custom
• AWS > CodeBuild > Project > Approved > Regions
• AWS > CodeBuild > Project > Approved > Usage
• AWS > CodeBuild > Project > CMDB
• AWS > CodeBuild > Project > Regions
• AWS > CodeBuild > Project > Tags
• AWS > CodeBuild > Project > Tags > Template
• AWS > CodeBuild > Project > Usage
• AWS > CodeBuild > Project > Usage > Limit
• AWS > CodeBuild > Regions
• AWS > CodeBuild > Source Credential > Active
• AWS > CodeBuild > Source Credential > Active > Age
• AWS > CodeBuild > Source Credential > Active > Last Modified
• AWS > CodeBuild > Source Credential > Approved
• AWS > CodeBuild > Source Credential > Approved > Custom
• AWS > CodeBuild > Source Credential > Approved > Regions
• AWS > CodeBuild > Source Credential > Approved > Usage
• AWS > CodeBuild > Source Credential > CMDB
• AWS > CodeBuild > Source Credential > Regions
• AWS > CodeBuild > Tags Template [Default]
• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-codebuild
• AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-codebuild
• AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-codebuild
• AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-codebuild

Release Notes

5.5.0 (2023-10-05)

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

• Users can now perform quick actions on resources to remediate cloud configuration issues or skip Turbot alarms for issues that they want to come back to later. To get started, click on the Actions button, which will reveal a dropdown menu with available actions, and select one. See Quick Actions for more information.

Action Types

Added

• AWS > CodeBuild > Build > Delete from AWS
• AWS > CodeBuild > Build > Skip alarm for Active control
• AWS > CodeBuild > Build > Skip alarm for Active control [90 days]
• AWS > CodeBuild > Build > Skip alarm for Approved control
• AWS > CodeBuild > Build > Skip alarm for Approved control [90 days]
• AWS > CodeBuild > Project > Delete from AWS
• AWS > CodeBuild > Project > Set Tags
• AWS > CodeBuild > Project > Skip alarm for Active control
• AWS > CodeBuild > Project > Skip alarm for Active control [90 days]
• AWS > CodeBuild > Project > Skip alarm for Approved control
• AWS > CodeBuild > Project > Skip alarm for Approved control [90 days]
• AWS > CodeBuild > Project > Skip alarm for Tags control
• AWS > CodeBuild > Project > Skip alarm for Tags control [90 days]
• AWS > CodeBuild > Source Credential > Delete from AWS
• AWS > CodeBuild > Source Credential > Skip alarm for Active control
• AWS > CodeBuild > Source Credential > Skip alarm for Active control [90 days]
• AWS > CodeBuild > Source Credential > Skip alarm for Approved control
• AWS > CodeBuild > Source Credential > Skip alarm for Approved control [90 days]

5.4.1 (2022-03-31)

Bug fixes

• Projects created in AWS were not upserted automatically into Turbot's CMDB. This is now fixed.

5.4.0 (2022-03-30)

What's new?

• Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

• We've improved the process of deleting resources from Turbot if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Turbot's IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Turbot more reliably than before.

Resource Types

Added

• AWS > CodeBuild > Source Credential

Control Types

Added

• AWS > CodeBuild > Source Credential > Active
• AWS > CodeBuild > Source Credential > Approved
• AWS > CodeBuild > Source Credential > CMDB
• AWS > CodeBuild > Source Credential > Discovery

Policy Types

Added

• AWS > CodeBuild > Build > Approved > Custom
• AWS > CodeBuild > Project > Approved > Custom
• AWS > CodeBuild > Source Credential > Active
• AWS > CodeBuild > Source Credential > Active > Age
• AWS > CodeBuild > Source Credential > Active > Last Modified
• AWS > CodeBuild > Source Credential > Approved
• AWS > CodeBuild > Source Credential > Approved > Custom
• AWS > CodeBuild > Source Credential > Approved > Regions
• AWS > CodeBuild > Source Credential > Approved > Usage
• AWS > CodeBuild > Source Credential > CMDB
• AWS > CodeBuild > Source Credential > Regions

Action Types

Added

• AWS > CodeBuild > Source Credential > Delete
• AWS > CodeBuild > Source Credential > Router

5.3.2 (2021-01-10)

Bug fixes

• Controls run faster now when in the tbd and skipped states thanks to the new Turbot Precheck feature (not to be confused with TSA PreCheck). With Turbot Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

5.3.1 (2020-09-08)

Bug fixes

• The AWS > CodeBuild > Build > CMDB control would continuously re-run for any builds in a FAILED, FAULT and TIMED_OUT state. This is now fixed and the CMDB control will now only re-run for builds in the IN_PROGRESS state.

5.3.0 (2020-09-01)

What's new?

• Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
• We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.2.1 (2020-08-11)

Bug fixes

• In various Active controls, we were outputting log messages that did not properly show how many days were left until we'd delete the inactive resources (we were still deleting them after the correct number of days). These log messages have been fixed and now contain the correct number of days.

5.2.0 (2020-08-06)

What's new?

• We've improved our event handling configuration and now filter which AWS events Turbot listens for based on resources' CMDB policies. If a resource's CMDB policy is not set to Enforce: Enabled, the EventBridge rules will be configured to not send any events for that resource. This will greatly reduce the number of unnecessary events that Turbot listens for and handles today.

Policy Types

Added

• AWS > Turbot > Event Handlers > Events > Rules > Custom Event Patterns > @turbot/aws-codebuild

Removed

• AWS > Turbot > Event Handlers > Events > Rules > Event Sources > @turbot/aws-codebuild

5.1.1 (2020-06-30)

Bug fixes

• Sometimes when updating CMDB for resources with tags that have empty string values, e.g., [{Key: "Empty", Value: ""}, {Key: "Turbot is great", Value: "true"}], we would not store all of the tags correctly. This has been fixed and now all tags are accounted for.

5.1.0 (2020-06-29)

Policy Types

Added

• AWS > CodeBuild > Build > Active > Budget
• AWS > CodeBuild > Build > Approved > Budget

Removed

• AWS > CodeBuild > Build > Active > Status

5.0.3 (2020-06-17)

Bug fixes

• Although the data validation errors, which appear in various CMDB and Discovery controls, are not blockers, they look ugly in the UI and should be cleaned up. These errors have now been fixed.
• Running AWS > CodeBuild > Build > Discovery control upserted builds with malformed AKA (missing partition value, region name and account id). This issue has now been fixed.

5.0.2 (2020-05-27)

Bug fixes

• Deleting a Codebuild project from the AWS console did not automatically delete it from the CMDB. This issue has been fixed.

• Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.