Table: aws_codebuild_source_credential - Query AWS CodeBuild Source Credentials using SQL
The AWS CodeBuild Source Credentials are used to interact with external code repositories. They store the authentication information required to access private repositories in GitHub, BitBucket, and AWS CodeCommit. This feature enables secure connection to these repositories, allowing AWS CodeBuild to read the source code for build operations.
Table Usage Guide
The aws_codebuild_source_credential
table in Steampipe provides you with information about source credentials within AWS CodeBuild. This table allows you as a DevOps engineer to query specific details about source credentials, including the ARN, server type, authentication type, and token. You can utilize this table to gather insights on source credentials, such as identifying the server types, verifying the authentication types, and more. The schema outlines the various attributes of the source credential for you, including the ARN, server type, authentication type, and token.
Examples
Basic info
Determine the areas in which authentication types and server types are used across different regions. This can provide useful insights for managing and optimizing the use of AWS CodeBuild source credentials.
select arn, server_type, auth_type, regionfrom aws_codebuild_source_credential;
select arn, server_type, auth_type, regionfrom aws_codebuild_source_credential;
List projects using OAuth to access GitHub source repository
This query helps identify projects that are utilizing OAuth for accessing GitHub as their source repository. This could be useful for auditing purposes, ensuring the correct authorization method is being used for accessing code repositories.
select p.arn as project_arn, p.source ->> 'Location' as source_repository, p.source ->> 'Type' as source_repository_type, c.auth_type as authorization_typefrom aws_codebuild_project as p join aws_codebuild_source_credential as c on ( p.region = c.region and p.source ->> 'Type' = c.server_type )where p.source ->> 'Type' = 'GITHUB' and c.auth_type = 'OAUTH';
select p.arn as project_arn, json_extract(p.source, '$.Location') as source_repository, json_extract(p.source, '$.Type') as source_repository_type, c.auth_type as authorization_typefrom aws_codebuild_project as p join aws_codebuild_source_credential as c on ( p.region = c.region and json_extract(p.source, '$.Type') = c.server_type )where json_extract(p.source, '$.Type') = 'GITHUB' and c.auth_type = 'OAUTH';
Schema for aws_codebuild_source_credential
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the token. | |
auth_type | text | The type of authentication used by the credentials. Possible values are: OAUTH, BASIC_AUTH, or PERSONAL_ACCESS_TOKEN. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
server_type | text | The type of source provider. Possible values are: GITHUB, GITHUB_ENTERPRISE, or BITBUCKET. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_codebuild_source_credential