The AWS CodeBuild plugin for Jenkins provides a build step for your Jenkins project.
If you already have a Jenkins setup and would like to only install the AWS CodeBuild plugin, then the recommended approach would be to search for "AWS CodeBuild" in the Plugin Manager on your Jenkins instance.
Create Project on the AWS CodeBuild console.
Create AWS IAM user to be used by the Jenkins plugin.
Create a freestyle project in Jenkins.
For the Source Code Management make sure to select how you would like to retrieve your source. You may need to install the GitHub Plugin (or the relevant source repository provider's Jenkins plugin) to your Jenkins server.
Policy sample for IAM user:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": ["arn:aws:logs:{{region}}:{{awsAccountId}}:log-group:/aws/codebuild/{{projectName}}:*"],
"Action": ["logs:GetLogEvents"]
},
{
"Effect": "Allow",
"Resource": ["arn:aws:s3:::{{inputBucket}}"],
"Action": ["s3:GetBucketVersioning"]
},
{
"Effect": "Allow",
"Resource": ["arn:aws:s3:::{{inputBucket}}/{{inputObject}}"],
"Action": ["s3:PutObject"]
},
{
"Effect": "Allow",
"Resource": ["arn:aws:s3:::{{outputBucket}}/*"],
"Action": ["s3:GetObject"]
},
{
"Effect": "Allow",
"Resource": ["arn:aws:codebuild:{{region}}:{{awsAccountId}}:project/{{projectName}}"],
"Action": ["codebuild:StartBuild",
"codebuild:BatchGetBuilds",
"codebuild:BatchGetProjects"]
}
]
}
Use the snippet generator (click "Pipeline Syntax" on your pipeline project page) to generate the pipeline script that adds CodeBuild as a step in your pipeline. It should generate something like
awsCodeBuild projectName: 'project', credentialsType: 'keys', region: 'us-west-2', sourceControlType: 'jenkins'
Additionally, this returns a result object which exposes the following methods which can be useful to later steps:
getBuildId()
: returns the build ID of the build (similar to codebuild-project-name:12346789-ffff-0000-aaaa-bbbbccccdddd
)getArn()
: returns the ARN of the build (similar to arn:aws:codebuild:AWS_REGION:AWS_ACCOUNT_ID:build/CODEBUILD_BUILD_ID
, where CODEBUILD_BUILD_ID
is the same information returned in getBuildId)getArtifactsLocation()
: returns the S3 ARN of the artifacts location (similar to arn:aws:s3:::s3-bucket-name/path/to/my/artifacts
)It's recommended to use the Jenkins credentials store for your AWS credentials. Your Jenkins credentials must be of type CodeBuild Credentials
to be compatible with the CodeBuild plugin. When creating new CodeBuild Credentials
, the plugin will attempt to use the default credentials provider chain if AWS access and secret keys are not defined. You can also specify your AWS access and secret keys and session token in the CodeBuild configuration when using credentialsType: 'keys'
. Example:
awsCodeBuild projectName: 'project',
credentialsType: 'keys',
awsAccessKey: env.AWS_ACCESS_KEY_ID,
awsSecretKey: env.AWS_SECRET_ACCESS_KEY,
awsSessionToken: env.AWS_SESSION_TOKEN,
...
If the access/secret keys and session token are not specified, the plugin will attempt to use the default credentials provider chain. When running a Jenkins pipeline build, the plugin will attempt to use credentials from the pipeline-aws plugin before falling back to the default credentials provider chain. If you are running Jenkins on an EC2 instance, leave the access and secret key fields blank and specify credentialsType: 'keys'
to use credentials from your EC2 instance profile, which is in the default credentials provider chain.