Docker in custom image sample for CodeBuild - Amazon CodeBuild
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Docker in custom image sample for CodeBuild

This sample builds and runs a Docker image by using Amazon CodeBuild and a custom Docker build image (docker:dind in Docker Hub).

To learn how to build a Docker image by using a build image provided by CodeBuild with Docker support instead, see our Docker sample.


Running this sample might result in charges to your Amazon account. These include possible charges for CodeBuild and for Amazon resources and actions related to Amazon S3, Amazon KMS, and CloudWatch Logs. For more information, see CodeBuild pricing, Amazon S3 pricing, Amazon Key Management Service pricing, and Amazon CloudWatch pricing.

Running the sample

To run this sample
  1. Create the files as described in the "Directory structure" and "Files" sections of this topic, and then upload them to an S3 input bucket or an Amazon CodeCommit, GitHub, or Bitbucket repository.


    Do not upload (root directory name), just the files inside of (root directory name).

    If you are using an S3 input bucket, be sure to create a ZIP file that contains the files, and then upload it to the input bucket. Do not add (root directory name) to the ZIP file, just the files inside of (root directory name).

  2. Create a build project, run the build, and view related build information by following the steps in Run Amazon CodeBuild directly.

    If you use the Amazon CLI to create the build project, the JSON-formatted input to the create-project command might look similar to this. (Replace the placeholders with your own values.)

    { "name": "sample-docker-custom-image-project", "source": { "type": "S3", "location": "codebuild-region-ID-account-ID-input-bucket/" }, "artifacts": { "type": "NO_ARTIFACTS" }, "environment": { "type": "LINUX_CONTAINER", "image": "docker:dind", "computeType": "BUILD_GENERAL1_SMALL", "privilegedMode": true }, "serviceRole": "arn:aws:iam::account-ID:role/role-name", "encryptionKey": "arn:aws:kms:region-ID:account-ID:key/key-ID" }

    By default, Docker containers do not allow access to any devices. Privileged mode grants a build project's Docker container access to all devices. For more information, see Runtime Privilege and Linux Capabilities on the Docker Docs website.

  3. To see the build results, look in the build's log for the string Hello, World!. For more information, see View build details.

Directory structure

This sample assumes this directory structure.

(root directory name) ├── buildspec.yml └── Dockerfile


The base image of the operating system used in this sample is Ubuntu. The sample uses these files. For more information about the OverlayFS storage driver referenced in the buildspec file, see Use the OverlayFS storage driver on the Docker website.

buildspec.yml (in (root directory name))

version: 0.2 phases: install: commands: - nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp:// --storage-driver=overlay2 & - timeout 15 sh -c "until docker info; do echo .; sleep 1; done" pre_build: commands: - docker build -t helloworld . build: commands: - docker images - docker run helloworld echo "Hello, World!"

If the base operating system is Alpine Linux, in the buildspec.yml add the -t argument to timeout:

- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"

Dockerfile (in (root directory name))

FROM maven:3.3.9-jdk-8 RUN echo "Hello World"

Related resources