AWS::CodeBuild::SourceCredential - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::CodeBuild::SourceCredential

有关 GitHub、GitHub Enterprise 或 Bitbucket 存储库的凭证的信息。我们强烈建议您使用 AWS Secrets Manager 来存储您的凭证。如果使用 Secrets Manager,则您的密钥管理器中必须有密钥。有关更多信息,请参阅使用动态引用以指定模板值

重要

出于安全原因,请勿在 CloudFormation 模板中以纯文本形式存储凭证。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::CodeBuild::SourceCredential", "Properties" : { "AuthType" : String, "ServerType" : String, "Token" : String, "Username" : String } }

YAML

Type: AWS::CodeBuild::SourceCredential Properties: AuthType: String ServerType: String Token: String Username: String

属性

AuthType

凭证使用的身份验证类型。有效选项为 OAUTH、BASIC_AUTH 或 PERSONAL_ACCESS_TOKEN。

必需:是

类型:字符串

允许的值BASIC_AUTH | OAUTH | PERSONAL_ACCESS_TOKEN

Update requires: No interruption

ServerType

源提供商类型。有效选项为 GITHUB、GITHUB_ENTERPRISE 或 BITBUCKET。

必需:是

类型:字符串

允许的值BITBUCKET | GITHUB | GITHUB_ENTERPRISE

Update requires: Replacement

Token

对于 GitHub 或 GitHub Enterprise,这是个人访问令牌。对于 Bitbucket,这是应用程序密码。

必需:是

类型:字符串

最低1

Update requires: No interruption

Username

authType 为 BASIC_AUTH 时的 Bitbucket 用户名。对于其他类型的源提供商或连接,此参数无效。

必需:否

类型:字符串

最低1

Update requires: No interruption

示例

使用 AWS Secrets Manager 创建 Bitbucket 源凭证

YAML

CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH

JSON

{ "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } } }

使用 AWS Secrets Manager 创建 GitHub Enterprise 源凭证

YAML

Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github_enterprise:SecretString:token}}' ServerType: GITHUB_ENTERPRISE AuthType: PERSONAL_ACCESS_TOKEN

JSON

{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github_enterprise:SecretString:token}}", "ServerType": "GITHUB_ENTERPRISE", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }

使用 AWS Secrets Manager 创建 GitHub 源凭证

YAML

Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN

JSON

{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }

导入 Bitbucket 的源凭证

YAML

Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:2.0' Source: Type: BITBUCKET Location: 'your-bitbucket-repo-url' DependsOn: MySourceCreds

JSON

{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleAr", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:2.0" }, "Source": { "Type": "BITBUCKET", "Location": "your-bitbucket-repo-url" } }, "DependsOn": "MySourceCreds" } } }

导入 Github 的源凭证

YAML

Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:2.0' Source: Type: GITHUB Location: 'your-github-repo-url' DependsOn: MySourceCreds

JSON

{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleArn", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:2.0" }, "Source": { "Type": "GITHUB", "Location": "your-github-repo-url" } }, "DependsOn": "MySourceCreds" } } }