Table: aws_codebuild_build - Query AWS CodeBuild Build using SQL
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. It allows you to build and test code with continuous scaling and enables you to pay only for the build time you use. CodeBuild eliminates the need to provision, manage, and scale your own build servers.
Table Usage Guide
The aws_codebuild_build
table in Steampipe provides you with information about builds in AWS CodeBuild. This table allows you as a DevOps engineer to query build-specific details, including build statuses, source details, build environment, and associated metadata. You can utilize this table to gather insights on builds, such as build status, source version, the duration of the build, and more. The schema outlines for you the various attributes of the CodeBuild build, including the build ID, build status, start and end time, and associated tags.
Examples
Basic info
Explore which AWS CodeBuild projects have been completed and gain insights into their build status, duration, and other related details. This can help in managing and optimizing the build processes in your AWS environment.
select arn, id, build_complete, timeout_in_minutes, project_name, build_status, encryption_key, end_time, regionfrom aws_codebuild_build;
select arn, id, build_complete, timeout_in_minutes, project_name, build_status, encryption_key, end_time, regionfrom aws_codebuild_build;
List encrypted build output artifacts
Discover the segments that include encrypted build output artifacts, allowing you to focus on the areas where secure data is being used in your AWS CodeBuild projects.
select arn, id, encryption_keyfrom aws_codebuild_buildwhere encryption_key is not null;
select arn, id, encryption_keyfrom aws_codebuild_buildwhere encryption_key is not null;
List complete builds
Explore which AWS CodeBuild projects have been fully built. This is useful for assessing project progress and identifying any projects that may still be in progress or have yet to begin.
select id, arn, artifacts, build_completefrom aws_codebuild_buildwhere build_complete;
select id, arn, artifacts, build_completefrom aws_codebuild_buildwhere build_complete = 1;
List VPC configuration details of builds
Explore the security aspects of your AWS CodeBuild projects by examining the Virtual Private Cloud (VPC) configurations. This can help you understand and manage the security group IDs, subnets, and VPC IDs associated with your builds.
select id, arn, vpc_config ->> 'SecurityGroupIds' as security_group_id, vpc_config ->> 'Subnets' as subnets, vpc_config ->> 'VpcId' as vpc_idfrom aws_codebuild_build;
select id, arn, json_extract(vpc_config, '$.SecurityGroupIds') as security_group_id, json_extract(vpc_config, '$.Subnets') as subnets, json_extract(vpc_config, '$.VpcId') as vpc_idfrom aws_codebuild_build;
List artifact details of builds
This query is useful to gain insights into the specific details of artifacts associated with various builds in AWS CodeBuild. It helps in understanding the access level, encryption status, and other crucial aspects of these artifacts, which can aid in better management and security of your build artifacts.
select id, arn, artifacts ->> 'ArtifactIdentifier' as artifact_id, artifacts ->> 'BucketOwnerAccess' as bucket_owner_access, artifacts ->> 'EncryptionDisabled' as encryption_disabled, artifacts ->> 'OverrideArtifactName' as override_artifact_namefrom aws_codebuild_build;
select id, arn, json_extract(artifacts, '$.ArtifactIdentifier') as artifact_id, json_extract(artifacts, '$.BucketOwnerAccess') as bucket_owner_access, json_extract(artifacts, '$.EncryptionDisabled') as encryption_disabled, json_extract(artifacts, '$.OverrideArtifactName') as override_artifact_namefrom aws_codebuild_build;
Get environment details of builds
Explore the specific environmental aspects of your builds in AWS CodeBuild. This can help you understand the settings like compute type, image, and credentials used, which can be useful for troubleshooting or optimizing your build processes.
select id, environment ->> 'Certificate' as environment_certificate, environment ->> 'ComputeType' as environment_compute_type, environment ->> 'EnvironmentVariables' as environment_variables, environment ->> 'Image' as environment_image, environment ->> 'ImagePullCredentialsType' as environment_image_pull_credentials_type, environment ->> 'PrivilegedMode' as environment_privileged_mode, environment ->> 'RegistryCredential' as environment_registry_credential, environment ->> 'Type' as environment_typefrom aws_codebuild_build;
select id, json_extract(environment, '$.Certificate') as environment_certificate, json_extract(environment, '$.ComputeType') as environment_compute_type, json_extract(environment, '$.EnvironmentVariables') as environment_variables, json_extract(environment, '$.Image') as environment_image, json_extract(environment, '$.ImagePullCredentialsType') as environment_image_pull_credentials_type, json_extract(environment, '$.PrivilegedMode') as environment_privileged_mode, json_extract(environment, '$.RegistryCredential') as environment_registry_credential, json_extract(environment, '$.Type') as environment_typefrom aws_codebuild_build;
Get log details of builds
Gain insights into the status and location of your build logs. This query is useful for identifying potential issues with log storage and accessibility, such as encryption status and bucket owner access.
select id, logs -> 'S3Logs' ->> 'Status' as s3_log_status, logs -> 'S3Logs' ->> 'Location' as s3_log_location, logs -> 'S3Logs' ->> 'BucketOwnerAccess' as s3_log_bucket_owner_access, logs -> 'S3Logs' ->> 'EncryptionDisabled' as s3_log_encryption_disabled, logs ->> 'DeepLink' as deep_link, logs ->> 'GroupName' as group_name, logs ->> 'S3LogsArn' as s3_logs_arn, logs ->> 'S3DeepLink' as s3_deep_link, logs ->> 'StreamName' as stream_name, logs ->> 'CloudWatchLogsArn' as cloud_watch_logs_arn, logs -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status, logs -> 'CloudWatchLogs' ->> 'GroupName' as cloud_watch_logs_group_name, logs -> 'CloudWatchLogs' ->> 'StreamName' as cloud_watch_logs_stream_namefrom aws_codebuild_build;
select id, json_extract(logs, '$.S3Logs.Status') as s3_log_status, json_extract(logs, '$.S3Logs.Location') as s3_log_location, json_extract(logs, '$.S3Logs.BucketOwnerAccess') as s3_log_bucket_owner_access, json_extract(logs, '$.S3Logs.EncryptionDisabled') as s3_log_encryption_disabled, json_extract(logs, '$.DeepLink') as deep_link, json_extract(logs, '$.GroupName') as group_name, json_extract(logs, '$.S3LogsArn') as s3_logs_arn, json_extract(logs, '$.S3DeepLink') as s3_deep_link, json_extract(logs, '$.StreamName') as stream_name, json_extract(logs, '$.CloudWatchLogsArn') as cloud_watch_logs_arn, json_extract( logs, '$
Get network interface details of builds
Explore the network configurations of your AWS CodeBuild projects. This allows you to assess the network interface and subnet details, which can be crucial for understanding your project's networking setup and troubleshooting connectivity issues.
select id, network_interface ->> 'NetworkInterfaceId' as network_interface_id, network_interface ->> 'SubnetId' as subnet_id,from aws_codebuild_build;
select id, json_extract(network_interface, '$.NetworkInterfaceId') as network_interface_id, json_extract(network_interface, '$.SubnetId') as subnet_idfrom aws_codebuild_build;
List phase details of builds
Explore the progress of your build processes by examining the start and end times, duration, and status of each phase. This can help you identify potential bottlenecks or inefficiencies in your build process.
select id, p ->> 'EndTime' as end_time, p ->> 'Contexts' as contexts, p ->> 'PhaseType' as phase_type, p ->> 'StartTime' as start_time, p ->> 'DurationInSeconds' as duration_in_seconds, p ->> 'PhaseStatus' as phase_statusfrom aws_codebuild_build, jsonb_array_elements(phases) as p;
select aws_codebuild_build.id, json_extract(p, '$.EndTime') as end_time, json_extract(p, '$.Contexts') as contexts, json_extract(p, '$.PhaseType') as phase_type, json_extract(p, '$.StartTime') as start_time, json_extract(p, '$.DurationInSeconds') as duration_in_seconds, json_extract(p, '$.PhaseStatus') as phase_statusfrom aws_codebuild_build, json_each(phases) as p;
Get source details of builds
Determine the areas in which the source details of various builds can be analyzed for security and performance. This is beneficial for understanding the build configurations and identifying potential areas of improvement.
select id, source ->> 'Auth' as source_auth, source ->> 'BuildStatusConfig' as source_BuildStatusConfig, source ->> 'Buildspec' as source_buildspec, source ->> 'GitCloneDepth' as source_git_clone_depth, source ->> 'GitSubmodulesConfig' as source_git_submodules_config, source ->> 'GitCloneDepth' as source_git_clone_depth, source ->> 'InsecureSsl' as source_insecure_ssl, source ->> 'Location' as source_location, source ->> 'ReportBuildStatus' as source_report_build_status, source ->> 'SourceIdentifier' as source_identifier, source ->> 'Type' as source_typefrom aws_codebuild_build;
select id, json_extract(source, '$.Auth') as source_auth, json_extract(source, '$.BuildStatusConfig') as source_BuildStatusConfig, json_extract(source, '$.Buildspec') as source_buildspec, json_extract(source, '$.GitCloneDepth') as source_git_clone_depth, json_extract(source, '$.GitSubmodulesConfig') as source_git_submodules_config, json_extract(source, '$.GitCloneDepth') as source_git_clone_depth, json_extract(source, '$.InsecureSsl') as source_insecure_ssl, json_extract(source, '$.Location') as source_location, json_extract(source, '$.ReportBuildStatus') as source_report_build_status, json_extract(source, '$.SourceIdentifier') as source_identifier, json_extract(source, '$.Type') as source_typefrom aws_codebuild_build;
List file system location details of builds
Explore the specific details of file system locations used in different builds. This can help in understanding the organization of builds and making improvements in the build process.
select id, f ->> 'Identifier' as file_system_identifier, f ->> 'Location' as file_system_location, f ->> 'MountOptions' as file_system_mount_options, f ->> 'MountPoint' as file_system_mount_point, f ->> 'Type' as file_system_typefrom aws_codebuild_build, jsonb_array_elements(file_system_locations) as f;
select aws_codebuild_build.id, json_extract(f.value, '$.Identifier') as file_system_identifier, json_extract(f.value, '$.Location') as file_system_location, json_extract(f.value, '$.MountOptions') as file_system_mount_options, json_extract(f.value, '$.MountPoint') as file_system_mount_point, json_extract(f.value, '$.Type') as file_system_typefrom aws_codebuild_build, json_each(file_system_locations) as f;
Schema for aws_codebuild_build
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The ARN of the build. | |
artifacts | jsonb | A BuildArtifacts object the defines the build artifacts for this build. | |
build_batch_arn | text | The ARN of the batch build that this build is a member of, if applicable. | |
build_complete | boolean | Indicates if the build is complete. | |
build_number | bigint | The number of the build. | |
build_status | jsonb | The status of the build. | |
cache | jsonb | Information about the cache for the build. | |
current_phase | text | The current build phase. | |
debug_session | jsonb | Contains information about the debug session for this build. | |
encryption_key | text | The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts. | |
end_time | timestamp with time zone | The date and time that the build process ended, expressed in Unix time format. | |
environment | jsonb | Information about the build environment for this build project. | |
exported_environment_variables | jsonb | A list of exported environment variables for this build. | |
file_system_locations | jsonb | An array of ProjectFileSystemLocation objects for a CodeBuild build project. | |
id | text | = | The unique identifier of the build. |
initiator | text | The entity that started the build. | |
logs | jsonb | Information about the build's logs in CloudWatch Logs. | |
network_interfaces | jsonb | Describes a network interface. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
phases | jsonb | Information about all previous build phases that are complete and information about any current build phase that is not yet complete. | |
project_name | text | The name of the build project. | |
queued_timeout_in_minutes | bigint | Specifies the amount of time, in minutes, that a build is allowed to be queued before it times out. | |
region | text | The AWS Region in which the resource is located. | |
report_arns | jsonb | An array of the ARNs associated with this build's reports. | |
resolved_source_version | text | The identifier of the resolved version of this build's source code. | |
secondary_artifacts | jsonb | An array of BuildArtifacts objects the define the build artifacts for this build. | |
secondary_source_versions | jsonb | An array of ProjectSourceVersion objects. | |
secondary_sources | jsonb | An array of ProjectSource objects that define the sources for the build. | |
service_role | text | The name of a service role used for this build. | |
source | jsonb | Information about the build input source code for the build project. | |
source_version | text | The identifier of the version of the source code to be built. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
start_time | timestamp with time zone | The date and time that the build started. | |
timeout_in_minutes | bigint | How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed. | |
title | text | Title of the resource. | |
vpc_config | jsonb | Information about the VPC configuration that CodeBuild accesses. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_codebuild_build