Commands action reference
The Commands action allows you to run shell commands in a virtual compute instance. When you run the action, commands specified in the action configuration are run in a separate container. All artifacts that are specified as input artifacts to a CodeBuild action are available inside of the container running the commands. This action allows you to specify commands without first creating a CodeBuild project. For more information, see ActionDeclaration and OutputArtifact in the Amazon CodePipeline API Reference.
Important
This action uses CodePipeline managed CodeBuild compute to run commands in a build environment. Running the commands action will incur separate charges in Amazon CodeBuild.
Note
The Commands action is only available for V2 type pipelines.
Topics
Considerations for the Commands action
The following considerations apply for the Commands action.
-
The commands action uses CodeBuild resources similar to the CodeBuild action, while allowing shell environment commands in a virtual compute instance without the need to associate or create a build project.
Note
Running the commands action will incur separate charges in Amazon CodeBuild.
-
Because the Commands action in CodePipeline uses CodeBuild resources, the builds run by the action will be attributed to the build limits for your account in CodeBuild. Builds run by the Commands action will count toward the concurrent build limits as configured for that account.
-
The timeout for builds with the Commands action is 55 minutes, as based on CodeBuild builds.
-
The compute instance uses an isolated build environment in CodeBuild.
Note
Because the isolated build environment is used at the account level, an instance might be reused for another pipeline execution.
-
All formats are supported except multi-line formats. You must use single-line format when entering commands.
-
The commands action is not supported for cross-account or cross-Region actions.
-
For this action, CodePipeline will assume the pipeline service role and use that role to allow access to resources at runtime. It is recommended to configure the service role so that the permissions are scoped down to the action level.
-
The permissions added to the CodePipeline service role are detailed in Add permissions to the CodePipeline service role .
-
The permission needed to view logs in the console is detailed in Permissions required to view compute logs in the CodePipeline console .
-
Unlike other actions in CodePipeline, you do not set fields in the action configuration; you set the action configuration fields outside of the action configuration.
Service role policy permissions
When CodePipeline runs the action, CodePipeline creates a log group using the name of the pipeline as follows. This enables you to scope down permissions to log resources using the pipeline name.
/aws/codepipeline/
MyPipelineName
If you are using an existing service role, to use the Commands action, you will need to add the following permissions for the service role.
-
logs:CreateLogGroup
-
logs:CreateLogStream
-
logs:PutLogEvents
In the service role policy statement, scope down the permissions to the pipeline level as shown in the following example.
{ "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:
YOUR_AWS_ACCOUNT_ID
:log-group:/aws/codepipeline/YOUR_PIPELINE_NAME
", "arn:aws:logs:*:YOUR_AWS_ACCOUNT_ID
:log-group:/aws/codepipeline/YOUR_PIPELINE_NAME
:*" ] }
To view logs in the console using the action details dialog page, the permission to view logs must be added to the console role. For more information, see the console permissions policy example in Permissions required to view compute logs in the CodePipeline console.
Action type
-
Category:
Compute
-
Owner:
AWS
-
Provider:
Commands
-
Version:
1
Configuration parameters
- Commands
-
Required: Yes
You can provide shell commands for the
Commands
action to run. In the console, commands are entered on separate lines. In the CLI, commands are entered as separate strings.Note
Multi-line formats are not supported and will result in an error message. Single-line format must be used for entering commands in the Commands field.
The following details provide the default compute that is used for the Commands action. For more information, see Build environment compute modes and types reference in the CodeBuild User Guide.
-
CodeBuild image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
-
Compute type: Linux Small
-
Environment computeType value: BUILD_GENERAL1_SMALL
-
Environment type value: LINUX_CONTAINER
-
- outputVariables
-
Required: No
Specify the names of the variables in your environment that you want to export. For a reference of CodeBuild environment variables, see Environment variables in build environments
in the CodeBuild User Guide. - Files
-
Required: No
You can provide files that you want to export as output artifacts for the action.
The supported format for files is the same as for CodeBuild file patterns. For example, enter
**/
for all files. For more information, see Build specification reference for CodeBuildin the CodeBuild User Guide.
Input artifacts
-
Number of artifacts:
1 to 10
Output artifacts
-
Number of artifacts:
0 to 1
Action declaration (example)
See also
The following related resources can help you as you work with this action.
-
Tutorial: Create a pipeline that runs commands with compute – This tutorial provides a sample pipeline with the Commands action.