Table: aws_codebuild_project - Query AWS CodeBuild Projects using SQL
The AWS CodeBuild Project is a component of AWS CodeBuild, a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. It provides prepackaged build environments for popular programming languages and build tools, such as Apache Maven, Gradle, and more.
Table Usage Guide
The aws_codebuild_project
table in Steampipe provides you with information about projects within AWS CodeBuild. This table allows you, as a DevOps engineer, to query project-specific details, including project ARN, creation date, project name, service role, and other associated metadata. You can utilize this table to gather insights on projects, such as the status of each project, the source code repository used, the build environment configuration, and more. The schema outlines the various attributes of the CodeBuild project for you, including the project ARN, creation date, last modified date, and associated tags.
Examples
Basic info
Explore the features and settings of your AWS CodeBuild projects to better understand their configuration, such as encryption details, build limits, and regional distribution. This can help in assessing project performance, security, and operational efficiency.
select name, description, encryption_key, concurrent_build_limit, source_version, service_role, created, last_modified, regionfrom aws_codebuild_project;
select name, description, encryption_key, concurrent_build_limit, source_version, service_role, created, last_modified, regionfrom aws_codebuild_project;
Get the build input details for each project
Determine the areas in which each project's build input details are configured, such as authorization, build status, and source location. This can help in managing and troubleshooting the build process in AWS CodeBuild projects.
select name, source_version, source ->> 'Auth' as auth, source ->> 'BuildStatusConfig' as build_status_config, source ->> 'Buildspec' as build_spec, source ->> 'GitCloneDepth' as git_clone_depth, source ->> 'GitSubmodulesConfig' as git_submodules_config, source ->> 'InsecureSsl' as insecure_ssl, source ->> 'Location' as location, source ->> 'ReportBuildStatus' as report_build_status, source ->> 'SourceIdentifier' as source_identifier, source ->> 'Type' as typefrom aws_codebuild_project;
select name, source_version, json_extract(source, '$.Auth') as auth, json_extract(source, '$.BuildStatusConfig') as build_status_config, json_extract(source, '$.Buildspec') as build_spec, json_extract(source, '$.GitCloneDepth') as git_clone_depth, json_extract(source, '$.GitSubmodulesConfig') as git_submodules_config, json_extract(source, '$.InsecureSsl') as insecure_ssl, json_extract(source, '$.Location') as location, json_extract(source, '$.ReportBuildStatus') as report_build_status, json_extract(source, '$.SourceIdentifier') as source_identifier, json_extract(source, '$.Type') as typefrom aws_codebuild_project;
List projects which are not created within a VPC
Determine the areas in which AWS CodeBuild projects have been created without a Virtual Private Cloud (VPC) configuration. This is useful for identifying potential security risks and ensuring all projects follow best practices for network security.
select name, description, vpc_configfrom aws_codebuild_projectwhere vpc_config is null;
select name, description, vpc_configfrom aws_codebuild_projectwhere vpc_config is null;
List projects that do not have logging enabled
Identify projects that have disabled logging, allowing you to pinpoint areas where crucial data might not be being recorded for future analysis. This is particularly useful for maintaining project transparency and troubleshooting potential issues.
select name, description, logs_config -> 'CloudWatchLogs' ->> 'Status' as cloud_watch_logs_status, logs_config -> 'S3Logs' ->> 'Status' as s3_logs_statusfrom aws_codebuild_projectwhere logs_config -> 'CloudWatchLogs' ->> 'Status' = 'DISABLED' and logs_config -> 'S3Logs' ->> 'Status' = 'DISABLED';
select name, description, json_extract(logs_config, '$.CloudWatchLogs.Status') as cloud_watch_logs_status, json_extract(logs_config, '$.S3Logs.Status') as s3_logs_statusfrom aws_codebuild_projectwhere json_extract(logs_config, '$.CloudWatchLogs.Status') = 'DISABLED' and json_extract(logs_config, '$.S3Logs.Status') = 'DISABLED';
List private build projects
Determine the areas in which your AWS CodeBuild projects are set to private, allowing you to gain insights into your project visibility settings and understand where potential privacy concerns may arise.
select name, arn, project_visibilityfrom aws_codebuild_projectwhere project_visibility = 'PRIVATE';
select name, arn, project_visibilityfrom aws_codebuild_projectwhere project_visibility = 'PRIVATE';
Schema for aws_codebuild_project
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the build project. | |
artifacts | jsonb | Information about the build output artifacts for the build project. | |
badge | jsonb | Information about the build badge for the build project. | |
build_batch_config | jsonb | A ProjectBuildBatchConfig object that defines the batch build options for the project. | |
cache | jsonb | Information about the cache for the build project. | |
concurrent_build_limit | bigint | The maximum number of concurrent builds that are allowed for this project. | |
created | timestamp with time zone | When the build project was created, expressed in Unix time format. | |
description | text | A description that makes the build project easy to identify. | |
encryption_key | text | The AWS Key Management Service (AWS KMS) customer master key (CMK) to be. | |
environment | jsonb | Information about the build environment for this build project. | |
file_system_locations | jsonb | An array of ProjectFileSystemLocation objects for a CodeBuild build project. | |
last_modified | timestamp with time zone | When the build project's settings were last modified, expressed in Unix time format. | |
logs_config | jsonb | Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket or both. | |
name | text | = | The name of the build project. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
project_visibility | text | Visibility of the build project. | |
public_project_alias | text | Contains the project identifier used with the public build APIs. | |
queued_timeout_in_minutes | bigint | The number of minutes a build is allowed to be queued before it times out. | |
region | text | The AWS Region in which the resource is located. | |
resource_access_role | text | The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds. | |
secondary_artifacts | jsonb | An array of ProjectArtifacts objects. | |
secondary_source_versions | jsonb | An array of ProjectSource objects. | |
secondary_sources | jsonb | An array of ProjectSource objects. | |
service_role | text | The ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account. | |
source | jsonb | Information about the build input source code for this build project. | |
source_version | text | A version of the build input to be built for this project. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
tags_src | jsonb | A list of tag key and value pairs associated with this build project. | |
timeout_in_minutes | bigint | How long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. | |
title | text | Title of the resource. | |
vpc_config | jsonb | Information about the VPC configuration that AWS CodeBuild accesses. | |
webhook | jsonb | Information about a webhook that connects repository events to a build project in AWS CodeBuild. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_codebuild_project