steampipe plugin install awssteampipe plugin install aws

Table: aws_codebuild_build - Query AWS CodeBuild Build using SQL

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. It allows you to build and test code with continuous scaling and enables you to pay only for the build time you use. CodeBuild eliminates the need to provision, manage, and scale your own build servers.

Table Usage Guide

The aws_codebuild_build table in Steampipe provides you with information about builds in AWS CodeBuild. This table allows you as a DevOps engineer to query build-specific details, including build statuses, source details, build environment, and associated metadata. You can utilize this table to gather insights on builds, such as build status, source version, the duration of the build, and more. The schema outlines for you the various attributes of the CodeBuild build, including the build ID, build status, start and end time, and associated tags.

Examples

Basic info

Explore which AWS CodeBuild projects have been completed and gain insights into their build status, duration, and other related details. This can help in managing and optimizing the build processes in your AWS environment.

select
  arn,
  id,
  build_complete,
  timeout_in_minutes,
  project_name,
  build_status,
  encryption_key,
  end_time,
  region
from
  aws_codebuild_build;

select
  arn,
  id,
  build_complete,
  timeout_in_minutes,
  project_name,
  build_status,
  encryption_key,
  end_time,
  region
from
  aws_codebuild_build;

List encrypted build output artifacts

Discover the segments that include encrypted build output artifacts, allowing you to focus on the areas where secure data is being used in your AWS CodeBuild projects.

select
  arn,
  id,
  encryption_key
from
  aws_codebuild_build
where
  encryption_key is not null;

select
  arn,
  id,
  encryption_key
from
  aws_codebuild_build
where
  encryption_key is not null;

List complete builds

Explore which AWS CodeBuild projects have been fully built. This is useful for assessing project progress and identifying any projects that may still be in progress or have yet to begin.

select
  id,
  arn,
  artifacts,
  build_complete
from
  aws_codebuild_build
where
  build_complete;

select
  id,
  arn,
  artifacts,
  build_complete
from
  aws_codebuild_build
where
  build_complete = 1;

List VPC configuration details of builds

Explore the security aspects of your AWS CodeBuild projects by examining the Virtual Private Cloud (VPC) configurations. This can help you understand and manage the security group IDs, subnets, and VPC IDs associated with your builds.

select
  id,
  arn,
  vpc_config ->> 'SecurityGroupIds' as security_group_id,
  vpc_config ->> 'Subnets' as subnets,
  vpc_config ->> 'VpcId' as vpc_id
from
  aws_codebuild_build;

select
  id,
  arn,
  json_extract(vpc_config, '$.SecurityGroupIds') as security_group_id,
  json_extract(vpc_config, '$.Subnets') as subnets,
  json_extract(vpc_config, '$.VpcId') as vpc_id
from
  aws_codebuild_build;

List artifact details of builds

This query is useful to gain insights into the specific details of artifacts associated with various builds in AWS CodeBuild. It helps in understanding the access level, encryption status, and other crucial aspects of these artifacts, which can aid in better management and security of your build artifacts.

select
  id,
  arn,
  artifacts ->> 'ArtifactIdentifier' as artifact_id,
  artifacts ->> 'BucketOwnerAccess' as bucket_owner_access,
  artifacts ->> 'EncryptionDisabled' as encryption_disabled,
  artifacts ->> 'OverrideArtifactName' as override_artifact_name
from
  aws_codebuild_build;

select
  id,
  arn,
  json_extract(artifacts, '$.ArtifactIdentifier') as artifact_id,
  json_extract(artifacts, '$.BucketOwnerAccess') as bucket_owner_access,
  json_extract(artifacts, '$.EncryptionDisabled') as encryption_disabled,
  json_extract(artifacts, '$.OverrideArtifactName') as override_artifact_name
from
  aws_codebuild_build;

Get environment details of builds

Explore the specific environmental aspects of your builds in AWS CodeBuild. This can help you understand the settings like compute type, image, and credentials used, which can be useful for troubleshooting or optimizing your build processes.

select
  id,
  environment ->> 'Certificate' as environment_certificate,
  environment ->> 'ComputeType' as environment_compute_type,
  environment ->> 'EnvironmentVariables' as environment_variables,
  environment ->> 'Image' as environment_image,
  environment ->> 'ImagePullCredentialsType' as environment_image_pull_credentials_type,
  environment ->> 'PrivilegedMode' as environment_privileged_mode,
  environment ->> 'RegistryCredential' as environment_registry_credential,
  environment ->> 'Type' as environment_type
from
  aws_codebuild_build;

select
  id,
  json_extract(environment, '$.Certificate') as environment_certificate,
  json_extract(environment, '$.ComputeType') as environment_compute_type,
  json_extract(environment, '$.EnvironmentVariables') as environment_variables,
  json_extract(environment, '$.Image') as environment_image,
  json_extract(environment, '$.ImagePullCredentialsType') as environment_image_pull_credentials_type,
  json_extract(environment, '$.PrivilegedMode') as environment_privileged_mode,
  json_extract(environment, '$.RegistryCredential') as environment_registry_credential,
  json_extract(environment, '$.Type') as environment_type
from
  aws_codebuild_build;

Get log details of builds

Gain insights into the status and location of your build logs. This query is useful for identifying potential issues with log storage and accessibility, such as encryption status and bucket owner access.

select
  id,
  logs -> 'S3Logs' ->> 'Status' as s3_log_status,
  logs -> 'S3Logs' ->> 'Location' as s3_log_location,
  logs -> 'S3Logs' ->> 'BucketOwnerAccess' as s3_log_bucket_owner_access,
  logs -> 'S3Logs' ->> 'EncryptionDisabled' as s3_log_encryption_disabled,
  logs ->> 'DeepLink' as deep_link,
  logs ->> 'GroupName' as group_name,
  logs ->> 'S3LogsArn' as s3_logs_arn,
  logs ->> 'S3DeepLink' as s3_deep_link,
  logs ->> 'StreamName' as stream_name,
  logs ->> 'CloudWatchLogsArn' as cloud_watch_logs_arn,
  logs -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status,
  logs -> 'CloudWatchLogs' ->> 'GroupName' as cloud_watch_logs_group_name,
  logs -> 'CloudWatchLogs' ->> 'StreamName' as cloud_watch_logs_stream_name
from
  aws_codebuild_build;

select
  id,
  json_extract(logs, '$.S3Logs.Status') as s3_log_status,
  json_extract(logs, '$.S3Logs.Location') as s3_log_location,
  json_extract(logs, '$.S3Logs.BucketOwnerAccess') as s3_log_bucket_owner_access,
  json_extract(logs, '$.S3Logs.EncryptionDisabled') as s3_log_encryption_disabled,
  json_extract(logs, '$.DeepLink') as deep_link,
  json_extract(logs, '$.GroupName') as group_name,
  json_extract(logs, '$.S3LogsArn') as s3_logs_arn,
  json_extract(logs, '$.S3DeepLink') as s3_deep_link,
  json_extract(logs, '$.StreamName') as stream_name,
  json_extract(logs, '$.CloudWatchLogsArn') as cloud_watch_logs_arn,
  json_extract(
    logs,
    '$

Get network interface details of builds

Explore the network configurations of your AWS CodeBuild projects. This allows you to assess the network interface and subnet details, which can be crucial for understanding your project's networking setup and troubleshooting connectivity issues.

select
  id,
  network_interfaces ->> 'NetworkInterfaceId' as network_interface_id,
  network_interfaces ->> 'SubnetId' as subnet_id,
from
  aws_codebuild_build;

select
  id,
  json_extract(network_interfaces, '$.NetworkInterfaceId') as network_interface_id,
  json_extract(network_interfaces, '$.SubnetId') as subnet_id
from
  aws_codebuild_build;

List phase details of builds

Explore the progress of your build processes by examining the start and end times, duration, and status of each phase. This can help you identify potential bottlenecks or inefficiencies in your build process.

select
  id,
  p ->> 'EndTime' as end_time,
  p ->> 'Contexts' as contexts,
  p ->> 'PhaseType' as phase_type,
  p ->> 'StartTime' as start_time,
  p ->> 'DurationInSeconds' as duration_in_seconds,
  p ->> 'PhaseStatus' as phase_status
from
  aws_codebuild_build,
  jsonb_array_elements(phases) as p;

select
  aws_codebuild_build.id,
  json_extract(p, '$.EndTime') as end_time,
  json_extract(p, '$.Contexts') as contexts,
  json_extract(p, '$.PhaseType') as phase_type,
  json_extract(p, '$.StartTime') as start_time,
  json_extract(p, '$.DurationInSeconds') as duration_in_seconds,
  json_extract(p, '$.PhaseStatus') as phase_status
from
  aws_codebuild_build,
  json_each(phases) as p;

Get source details of builds

Determine the areas in which the source details of various builds can be analyzed for security and performance. This is beneficial for understanding the build configurations and identifying potential areas of improvement.

select
  id,
  source ->> 'Auth' as source_auth,
  source ->> 'BuildStatusConfig' as source_BuildStatusConfig,
  source ->> 'Buildspec' as source_buildspec,
  source ->> 'GitCloneDepth' as source_git_clone_depth,
  source ->> 'GitSubmodulesConfig' as source_git_submodules_config,
  source ->> 'GitCloneDepth' as source_git_clone_depth,
  source ->> 'InsecureSsl' as source_insecure_ssl,
  source ->> 'Location' as source_location,
  source ->> 'ReportBuildStatus' as source_report_build_status,
  source ->> 'SourceIdentifier' as source_identifier,
  source ->> 'Type' as source_type
from
  aws_codebuild_build;

select
  id,
  json_extract(source, '$.Auth') as source_auth,
  json_extract(source, '$.BuildStatusConfig') as source_BuildStatusConfig,
  json_extract(source, '$.Buildspec') as source_buildspec,
  json_extract(source, '$.GitCloneDepth') as source_git_clone_depth,
  json_extract(source, '$.GitSubmodulesConfig') as source_git_submodules_config,
  json_extract(source, '$.GitCloneDepth') as source_git_clone_depth,
  json_extract(source, '$.InsecureSsl') as source_insecure_ssl,
  json_extract(source, '$.Location') as source_location,
  json_extract(source, '$.ReportBuildStatus') as source_report_build_status,
  json_extract(source, '$.SourceIdentifier') as source_identifier,
  json_extract(source, '$.Type') as source_type
from
  aws_codebuild_build;

List file system location details of builds

Explore the specific details of file system locations used in different builds. This can help in understanding the organization of builds and making improvements in the build process.

select
  id,
  f ->> 'Identifier' as file_system_identifier,
  f ->> 'Location' as file_system_location,
  f ->> 'MountOptions' as file_system_mount_options,
  f ->> 'MountPoint' as file_system_mount_point,
  f ->> 'Type' as file_system_type
from
  aws_codebuild_build,
  jsonb_array_elements(file_system_locations) as f;

select
  aws_codebuild_build.id,
  json_extract(f.value, '$.Identifier') as file_system_identifier,
  json_extract(f.value, '$.Location') as file_system_location,
  json_extract(f.value, '$.MountOptions') as file_system_mount_options,
  json_extract(f.value, '$.MountPoint') as file_system_mount_point,
  json_extract(f.value, '$.Type') as file_system_type
from
  aws_codebuild_build,
  json_each(file_system_locations) as f;

Control examples

CodeBuild projects should not be unused for 90 days or greater

Schema for aws_codebuild_build

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text		The ARN of the build.
artifacts	jsonb		A BuildArtifacts object the defines the build artifacts for this build.
build_batch_arn	text		The ARN of the batch build that this build is a member of, if applicable.
build_complete	boolean		Indicates if the build is complete.
build_number	bigint		The number of the build.
build_status	jsonb		The status of the build.
cache	jsonb		Information about the cache for the build.
current_phase	text		The current build phase.
debug_session	jsonb		Contains information about the debug session for this build.
encryption_key	text		The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
end_time	timestamp with time zone		The date and time that the build process ended, expressed in Unix time format.
environment	jsonb		Information about the build environment for this build project.
exported_environment_variables	jsonb		A list of exported environment variables for this build.
file_system_locations	jsonb		An array of ProjectFileSystemLocation objects for a CodeBuild build project.
id	text	=	The unique identifier of the build.
initiator	text		The entity that started the build.
logs	jsonb		Information about the build's logs in CloudWatch Logs.
network_interfaces	jsonb		Describes a network interface.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
phases	jsonb		Information about all previous build phases that are complete and information about any current build phase that is not yet complete.
project_name	text		The name of the build project.
queued_timeout_in_minutes	bigint		Specifies the amount of time, in minutes, that a build is allowed to be queued before it times out.
region	text		The AWS Region in which the resource is located.
report_arns	jsonb		An array of the ARNs associated with this build's reports.
resolved_source_version	text		The identifier of the resolved version of this build's source code.
secondary_artifacts	jsonb		An array of BuildArtifacts objects the define the build artifacts for this build.
secondary_source_versions	jsonb		An array of ProjectSourceVersion objects.
secondary_sources	jsonb		An array of ProjectSource objects that define the sources for the build.
source	jsonb		Information about the build input source code for the build project.
source_version	text		The identifier of the version of the source code to be built.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
start_time	timestamp with time zone		The date and time that the build started.
timeout_in_minutes	bigint		How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed.
title	text		Title of the resource.
vpc_config	jsonb		Information about the VPC configuration that CodeBuild accesses.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_codebuild_build