steampipe plugin install aws

Table: aws_codebuild_project - Query AWS CodeBuild Projects using SQL

The AWS CodeBuild Project is a component of AWS CodeBuild, a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. It provides prepackaged build environments for popular programming languages and build tools, such as Apache Maven, Gradle, and more.

Table Usage Guide

The aws_codebuild_project table in Steampipe provides you with information about projects within AWS CodeBuild. This table allows you, as a DevOps engineer, to query project-specific details, including project ARN, creation date, project name, service role, and other associated metadata. You can utilize this table to gather insights on projects, such as the status of each project, the source code repository used, the build environment configuration, and more. The schema outlines the various attributes of the CodeBuild project for you, including the project ARN, creation date, last modified date, and associated tags.

Examples

Basic info

Explore the features and settings of your AWS CodeBuild projects to better understand their configuration, such as encryption details, build limits, and regional distribution. This can help in assessing project performance, security, and operational efficiency.

select
name,
description,
encryption_key,
concurrent_build_limit,
source_version,
service_role,
created,
last_modified,
region
from
aws_codebuild_project;
select
name,
description,
encryption_key,
concurrent_build_limit,
source_version,
service_role,
created,
last_modified,
region
from
aws_codebuild_project;

Get the build input details for each project

Determine the areas in which each project's build input details are configured, such as authorization, build status, and source location. This can help in managing and troubleshooting the build process in AWS CodeBuild projects.

select
name,
source_version,
source ->> 'Auth' as auth,
source ->> 'BuildStatusConfig' as build_status_config,
source ->> 'Buildspec' as build_spec,
source ->> 'GitCloneDepth' as git_clone_depth,
source ->> 'GitSubmodulesConfig' as git_submodules_config,
source ->> 'InsecureSsl' as insecure_ssl,
source ->> 'Location' as location,
source ->> 'ReportBuildStatus' as report_build_status,
source ->> 'SourceIdentifier' as source_identifier,
source ->> 'Type' as type
from
aws_codebuild_project;
select
name,
source_version,
json_extract(source, '$.Auth') as auth,
json_extract(source, '$.BuildStatusConfig') as build_status_config,
json_extract(source, '$.Buildspec') as build_spec,
json_extract(source, '$.GitCloneDepth') as git_clone_depth,
json_extract(source, '$.GitSubmodulesConfig') as git_submodules_config,
json_extract(source, '$.InsecureSsl') as insecure_ssl,
json_extract(source, '$.Location') as location,
json_extract(source, '$.ReportBuildStatus') as report_build_status,
json_extract(source, '$.SourceIdentifier') as source_identifier,
json_extract(source, '$.Type') as type
from
aws_codebuild_project;

List projects which are not created within a VPC

Determine the areas in which AWS CodeBuild projects have been created without a Virtual Private Cloud (VPC) configuration. This is useful for identifying potential security risks and ensuring all projects follow best practices for network security.

select
name,
description,
vpc_config
from
aws_codebuild_project
where
vpc_config is null;
select
name,
description,
vpc_config
from
aws_codebuild_project
where
vpc_config is null;

List projects that do not have logging enabled

Identify projects that have disabled logging, allowing you to pinpoint areas where crucial data might not be being recorded for future analysis. This is particularly useful for maintaining project transparency and troubleshooting potential issues.

select
name,
description,
logs_config -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status,
logs_config -> 'S3Logs' ->> 'Status' as s3_logs_status
from
aws_codebuild_project
where
logs_config -> 'CloudWatchLogs' ->> 'Status' = 'DISABLED'
and logs_config -> 'S3Logs' ->> 'Status' = 'DISABLED';
select
name,
description,
json_extract(logs_config, '$.CloudWatchLogs.Status') as cloud_watch_logs_status,
json_extract(logs_config, '$.S3Logs.Status') as s3_logs_status
from
aws_codebuild_project
where
json_extract(logs_config, '$.CloudWatchLogs.Status') = 'DISABLED'
and json_extract(logs_config, '$.S3Logs.Status') = 'DISABLED';

List private build projects

Determine the areas in which your AWS CodeBuild projects are set to private, allowing you to gain insights into your project visibility settings and understand where potential privacy concerns may arise.

select
name,
arn,
project_visibility
from
aws_codebuild_project
where
project_visibility = 'PRIVATE';
select
name,
arn,
project_visibility
from
aws_codebuild_project
where
project_visibility = 'PRIVATE';

Schema for aws_codebuild_project

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the build project.
artifactsjsonbInformation about the build output artifacts for the build project.
badgejsonbInformation about the build badge for the build project.
build_batch_configjsonbA ProjectBuildBatchConfig object that defines the batch build options for the project.
cachejsonbInformation about the cache for the build project.
concurrent_build_limitbigintThe maximum number of concurrent builds that are allowed for this project.
createdtimestamp with time zoneWhen the build project was created, expressed in Unix time format.
descriptiontextA description that makes the build project easy to identify.
encryption_keytextThe AWS Key Management Service (AWS KMS) customer master key (CMK) to be.
environmentjsonbInformation about the build environment for this build project.
file_system_locationsjsonbAn array of ProjectFileSystemLocation objects for a CodeBuild build project.
last_modifiedtimestamp with time zoneWhen the build project's settings were last modified, expressed in Unix time format.
logs_configjsonbInformation about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket or both.
nametext=The name of the build project.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
project_visibilitytextVisibility of the build project.
queued_timeout_in_minutesbigintThe number of minutes a build is allowed to be queued before it times out.
regiontextThe AWS Region in which the resource is located.
secondary_artifactsjsonbAn array of ProjectArtifacts objects.
secondary_source_versionsjsonbAn array of ProjectSource objects.
secondary_sourcesjsonbAn array of ProjectSource objects.
service_roletextThe ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
sourcejsonbInformation about the build input source code for this build project.
source_versiontextA version of the build input to be built for this project.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tag key and value pairs associated with this build project.
timeout_in_minutesbigintHow long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed.
titletextTitle of the resource.
vpc_configjsonbInformation about the VPC configuration that AWS CodeBuild accesses.
webhookjsonb Information about a webhook that connects repository events to a build project in AWS CodeBuild.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_codebuild_project