Skip to main content
  1. Projects/
  2. Certification: AWS DevOps Pro/
  3. 1: SDLC Automation/

2: CodeBuild

0: CodeBuild Overview

·1 min

What is it?

  • CI service, fully managed (no maintaining build servers)
  • Compiles source code
  • Runs tests
  • Prepackaged build environments for common langs
  • Produces software packages ready-to-deploy (“artifacts”)
    • E.g. for java, a .jar file
    • Artifacts land in S3

Do we need codebuild if it’s not a compiled lang?

  • Perhaps not
  • Maybe we don’t need a build stage for e.g. HTML or Python

What are we charged for?

  • Just when builds are running.

How can we access CodeBuild?

  • Console
  • CLI
  • SDK
  • CodePipeline

1: CodeBuild Projects

·2 mins

What are CodeBuild Projects?

  • CodeBuild requires a build project:
    • The build project creates a build env
    • Can be created via CLI or console
    • Project contains info about how to run a build:
      • Where src code?
      • Which env to use?
      • Which commands to run?
      • Where to deposit output artifact? (on S3)

What is a “buildspec” file?

  • It’s the buildspec.yml file with build commands + settings
  • Must be in root of code source directory
  • Usually zipped with the src code, but can be uploaded with build project
  • buildspec.yml has phases:
    • Install (e.g. Apache Maven)
    • Pre-build (e.g. connect to ECR)
    • Build (e.g. compile the .jar)
    • Post-build (e.g. confirmation message)
  • Each phase has commands
    • Regular arbitrary shell commands to run
    • “finally” commands which run regardless of ^ outcome

What are potential code sources for CodeBuild?

  • CodeCommit
  • S3 bucket (w/ versioning enabled)
  • GitHub (enterprise) / Bitbucket

Must you (manually) run CodeBuild after CodeCommit merges?

  • You could set up a cloudWatch event to watch your repo
    • On successful merge, run builds automatically

How would you notify personnel re: new build logs?

  • CodeBuild -> CloudWatch (AKA eventBridge) event to listen for logs
    • CloudWatch (EventBridge) Event -> SNS (text, email)
    • CloudWatch (EventBridge) Event -> Lambda f’n -> Slack / Discord

Where do Build Artifacts End Up?

  • S3 bucket

Is a service role needed to work with other AWS services?

  • Yes; e.g. if you need to tie into codebuild, Lambda, or CF

What do you need if working with a VPC?

  • VPC ID
  • Subnet IDs
  • Security groups
  • These might apply if working with ec2 instances

Etcetera

  • We can tie in SNS for notifications
  • We can use CloudWatch for logging
  • Buckets have to be in the same region as build