Use Amazon CodeBuild with Amazon CodePipeline to test code and run builds - Amazon CodeBuild
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use Amazon CodeBuild with Amazon CodePipeline to test code and run builds

You can automate your release process by using Amazon CodePipeline to test your code and run your builds with Amazon CodeBuild.

The following table lists tasks and the methods available for performing them. Using the Amazon SDKs to accomplish these tasks is outside the scope of this topic.

Task Available approaches Approaches described in this topic
Create a continuous delivery (CD) pipeline with CodePipeline that automates builds with CodeBuild
  • CodePipeline console

  • Amazon CLI

  • Amazon SDKs

  • Use the CodePipeline console

  • Use the Amazon CLI

  • You can adapt the information in this topic to use the Amazon SDKs. For more information, see the create-pipeline action documentation for your programming language in the SDKs section of Tools for Amazon Web Services or see CreatePipeline in the Amazon CodePipeline API Reference.

Add test and build automation with CodeBuild to an existing pipeline in CodePipeline
  • CodePipeline console

  • Amazon CLI

  • Amazon SDKs


  1. Answer the questions in Plan a build.

  2. If you are using an user to access CodePipeline instead of an Amazon root account or an administrator user, attach the managed policy named AWSCodePipelineFullAccess to the user (or to the IAM group to which the user belongs). Using an Amazon root account is not recommended. This policy grants the user permission to create the pipeline in CodePipeline. For more information, see Attaching managed policies in the user Guide.


    The IAM entity that attaches the policy to the user (or to the IAM group to which the user belongs) must have permission in IAM to attach policies. For more information, see Delegating permissions to administer IAM users, groups, and credentials in the user Guide.

  3. Create a CodePipeline service role, if you do not already have one available in your Amazon account. CodePipeline uses this service role to interact with other Amazon services, including Amazon CodeBuild, on your behalf. For example, to use the Amazon CLI to create a CodePipeline service role, run the IAM create-role command:

    For Linux, OS X, or Unix:

    aws iam create-role --role-name AWS-CodePipeline-CodeBuild-Service-Role --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":""},"Action":"sts:AssumeRole"}}'

    For Windows:

    aws iam create-role --role-name AWS-CodePipeline-CodeBuild-Service-Role --assume-role-policy-document "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"\"},\"Action\":\"sts:AssumeRole\"}}"

    The IAM entity that creates this CodePipeline service role must have permission in IAM to create service roles.

  4. After you create a CodePipeline service role or identify an existing one, you must add the default CodePipeline service role policy to the service role as described in Review the default CodePipeline service role policy in the Amazon CodePipeline User Guide, if it isn't already a part of the policy for the role.


    The IAM entity that adds this CodePipeline service role policy must have permission in IAM to add service role policies to service roles.

  5. Create and upload the source code to a repository type supported by CodeBuild and CodePipeline, such as CodeCommit, Amazon S3, Bitbucket, or GitHub. The source code should contain a buildspec file, but you can declare one when you define a build project later in this topic. For more information, see the Buildspec reference.


    If you plan to use the pipeline to deploy built source code, the build output artifact must be compatible with the deployment system you use.