AWS::CodeBuild::SourceCredential
Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use Amazon Secrets Manager to store your credentials. If you use Secrets Manager, you must have secrets in your secrets manager. For more information, see Using Dynamic References to Specify Template Values.
Important
For security purposes, do not use plain text in your Amazon CloudFormation template to store your credentials.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::CodeBuild::SourceCredential", "Properties" : { "AuthType" :String, "ServerType" :String, "Token" :String, "Username" :String} }
YAML
Type: AWS::CodeBuild::SourceCredential Properties: AuthType:StringServerType:StringToken:StringUsername:String
Properties
AuthType-
The type of authentication used by the credentials. Valid options are OAUTH, BASIC_AUTH, or PERSONAL_ACCESS_TOKEN.
Required: Yes
Type: String
Allowed values:
BASIC_AUTH | OAUTH | PERSONAL_ACCESS_TOKENUpdate requires: No interruption
ServerType-
The type of source provider. The valid options are GITHUB, GITHUB_ENTERPRISE, or BITBUCKET.
Required: Yes
Type: String
Allowed values:
BITBUCKET | GITHUB | GITHUB_ENTERPRISEUpdate requires: Replacement
Token-
For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.
Required: Yes
Type: String
Minimum:
1Update requires: No interruption
Username-
The Bitbucket username when the
authTypeis BASIC_AUTH. This parameter is not valid for other types of source providers or connections.Required: No
Type: String
Minimum:
1Update requires: No interruption
Examples
Create Bitbucket source credentials using Amazon Secrets Manager
YAML
CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH
JSON
{ "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } } }
Create GitHub Enterprise source credentials using Amazon Secrets Manager
YAML
Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github_enterprise:SecretString:token}}' ServerType: GITHUB_ENTERPRISE AuthType: PERSONAL_ACCESS_TOKEN
JSON
{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github_enterprise:SecretString:token}}", "ServerType": "GITHUB_ENTERPRISE", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }
Create GitHub source credentials using Amazon Secrets Manager
YAML
Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN
JSON
{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }
Import source credentials for Bitbucket
YAML
Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:5.0' Source: Type: BITBUCKET Location: 'your-bitbucket-repo-url' DependsOn: MySourceCreds
JSON
{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleAr", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:5.0" }, "Source": { "Type": "BITBUCKET", "Location": "your-bitbucket-repo-url" } }, "DependsOn": "MySourceCreds" } } }
Import source credentials for Github
YAML
Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:5.0' Source: Type: GITHUB Location: 'your-github-repo-url' DependsOn: MySourceCreds
JSON
{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleArn", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:5.0" }, "Source": { "Type": "GITHUB", "Location": "your-github-repo-url" } }, "DependsOn": "MySourceCreds" } } }