AWS::CodeBuild::SourceCredential - AWS CloudFormation

AWS::CodeBuild::SourceCredential

Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use AWS Secrets Manager to store your credentials. If you use Secrets Manager, you must have secrets in your secrets manager. For more information, see Using Dynamic References to Specify Template Values.

Important

For security purposes, do not use plain text in your CloudFormation template to store your credentials.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::CodeBuild::SourceCredential", "Properties" : { "AuthType" : String, "ServerType" : String, "Token" : String, "Username" : String } }

YAML

Type: AWS::CodeBuild::SourceCredential Properties: AuthType: String ServerType: String Token: String Username: String

Properties

AuthType

The type of authentication used by the credentials. Valid options are OAUTH, BASIC_AUTH, or PERSONAL_ACCESS_TOKEN.

Required: Yes

Type: String

Allowed values: BASIC_AUTH | OAUTH | PERSONAL_ACCESS_TOKEN

Update requires: No interruption

ServerType

The type of source provider. The valid options are GITHUB, GITHUB_ENTERPRISE, or BITBUCKET.

Required: Yes

Type: String

Allowed values: BITBUCKET | GITHUB | GITHUB_ENTERPRISE

Update requires: Replacement

Token

For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

Username

The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.

Required: No

Type: String

Minimum: 1

Update requires: No interruption

Examples

Create Bitbucket source credentials using AWS Secrets Manager

YAML

CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH

JSON

{ "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } } }

Create GitHub Enterprise source credentials using AWS Secrets Manager

YAML

Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github_enterprise:SecretString:token}}' ServerType: GITHUB_ENTERPRISE AuthType: PERSONAL_ACCESS_TOKEN

JSON

{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github_enterprise:SecretString:token}}", "ServerType": "GITHUB_ENTERPRISE", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }

Create GitHub source credentials using AWS Secrets Manager

YAML

Resources: CodeBuildSourceCredential: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN

JSON

{ "Resources": { "CodeBuildSourceCredential": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } } } }

Import source credentials for Bitbucket

YAML

Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}' ServerType: BITBUCKET Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}' AuthType: BASIC_AUTH MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:2.0' Source: Type: BITBUCKET Location: 'your-bitbucket-repo-url' DependsOn: MySourceCreds

JSON

{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}", "ServerType": "BITBUCKET", "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}", "AuthType": "BASIC_AUTH" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleAr", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:2.0" }, "Source": { "Type": "BITBUCKET", "Location": "your-bitbucket-repo-url" } }, "DependsOn": "MySourceCreds" } } }

Import source credentials for Github

YAML

Resources: MySourceCreds: Type: 'AWS::CodeBuild::SourceCredential' Properties: Token: '{{resolve:secretsmanager:github:SecretString:token}}' ServerType: GITHUB AuthType: PERSONAL_ACCESS_TOKEN MyProject: Type: 'AWS::CodeBuild::Project' Properties: Name: myProjectName Description: A description about my project ServiceRole: testServiceRoleArn Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: 'aws/codebuild/standard:2.0' Source: Type: GITHUB Location: 'your-github-repo-url' DependsOn: MySourceCreds

JSON

{ "Resources": { "MySourceCreds": { "Type": "AWS::CodeBuild::SourceCredential", "Properties": { "Token": "{{resolve:secretsmanager:github:SecretString:token}}", "ServerType": "GITHUB", "AuthType": "PERSONAL_ACCESS_TOKEN" } }, "MyProject": { "Type": "AWS::CodeBuild::Project", "Properties": { "Name": "myProjectName", "Description": "A description about my project", "ServiceRole": "testServiceRoleArn", "Artifacts": { "Type": "NO_ARTIFACTS" }, "Environment": { "Type": "LINUX_CONTAINER", "ComputeType": "BUILD_GENERAL1_SMALL", "Image": "aws/codebuild/standard:2.0" }, "Source": { "Type": "GITHUB", "Location": "your-github-repo-url" } }, "DependsOn": "MySourceCreds" } } }