AWS::CodeBuild::Project Environment - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::CodeBuild::Project Environment

Environment is a property of the AWS::CodeBuild::Project resource that specifies the environment for an Amazon CodeBuild project.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Certificate" : String, "ComputeType" : String, "EnvironmentVariables" : [ EnvironmentVariable, ... ], "Image" : String, "ImagePullCredentialsType" : String, "PrivilegedMode" : Boolean, "RegistryCredential" : RegistryCredential, "Type" : String }

Properties

Certificate

The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the Amazon CodeBuild User Guide.

Required: No

Type: String

Update requires: No interruption

ComputeType

The type of compute environment. This determines the number of CPU cores and memory the build environment uses. Available values include:

  • BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 15 GB memory and 8 vCPUs for builds.

For more information, see Build Environment Compute Types in the Amazon CodeBuild User Guide.

Required: Yes

Type: String

Update requires: No interruption

EnvironmentVariables

A set of environment variables to make available to builds for this build project.

Required: No

Type: Array of EnvironmentVariable

Update requires: No interruption

Image

The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:

  • For an image tag: <registry>/<repository>:<tag>. For example, in the Docker repository that CodeBuild uses to manage its Docker images, this would be aws/codebuild/standard:4.0.

  • For an image digest: <registry>/<repository>@<digest>. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use <registry>/<repository>@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.

For more information, see Docker images provided by CodeBuild in the Amazon CodeBuild user guide.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

ImagePullCredentialsType

The type of credentials Amazon CodeBuild uses to pull images in your build. There are two valid values:

  • CODEBUILD specifies that Amazon CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust Amazon CodeBuild service principal.

  • SERVICE_ROLE specifies that Amazon CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an Amazon CodeBuild curated image, you must use CODEBUILD credentials.

Required: No

Type: String

Allowed values: CODEBUILD | SERVICE_ROLE

Update requires: No interruption

PrivilegedMode

Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.

You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:

If the operating system's base image is Ubuntu Linux:

- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&

- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"

If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:

- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&

- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"

Required: No

Type: Boolean

Update requires: No interruption

RegistryCredential

RegistryCredential is a property of the AWS::CodeBuild::Project Environment property that specifies information about credentials that provide access to a private Docker registry. When this is set:

  • imagePullCredentialsType must be set to SERVICE_ROLE.

  • images cannot be curated or an Amazon ECR image.

Required: No

Type: RegistryCredential

Update requires: No interruption

Type

The type of build environment to use for related builds.

  • The environment type ARM_CONTAINER is available only in regions US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), China (Beijing), China (Ningxia), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Spain), Europe (Stockholm), Europe (Zurich), Israel (Tel Aviv), Middle East (Bahrain), Middle East (UAE), and South America (São Paulo).

  • The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Hyderabad), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), China (Beijing), China (Ningxia), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Spain), Europe (Stockholm), Europe (Zurich), Israel (Tel Aviv), Middle East (Bahrain), Middle East (UAE), and South America (São Paulo).

  • The environment type LINUX_GPU_CONTAINER is available only in regions US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), China (Beijing), China (Ningxia), Europe (Frankfurt), Europe (Ireland), and Europe (London).

  • The environment types WINDOWS_SERVER_2019_CONTAINER are available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland).

For more information, see Build environment compute types in the Amazon CodeBuild user guide.

Required: Yes

Type: String

Allowed values: ARM_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER | WINDOWS_CONTAINER | WINDOWS_SERVER_2019_CONTAINER

Update requires: No interruption