UpdateProjectVisibility - AWS CodeBuild

UpdateProjectVisibility

Changes the public visibility for a project. The project's build results, logs, and artifacts are available to the general public. For more information, see Public build projects in the AWS CodeBuild User Guide.

Important

The following should be kept in mind when making your projects public:

  • All of a project's build results, logs, and artifacts, including builds that were run when the project was private, are available to the general public.

  • All build logs and artifacts are available to the public. Environment variables, source code, and other sensitive information may have been output to the build logs and artifacts. You must be careful about what information is output to the build logs. Some best practice are:

    • Do not store sensitive values, especially AWS access key IDs and secret access keys, in environment variables. We recommend that you use an Amazon EC2 Systems Manager Parameter Store or AWS Secrets Manager to store sensitive values.

    • Follow Best practices for using webhooks in the AWS CodeBuild User Guide to limit which entities can trigger a build, and do not store the buildspec in the project itself, to ensure that your webhooks are as secure as possible.

  • A malicious user can use public builds to distribute malicious artifacts. We recommend that you review all pull requests to verify that the pull request is a legitimate change. We also recommend that you validate any artifacts with their checksums to make sure that the correct artifacts are being downloaded.

Request Syntax

{ "projectArn": "string", "projectVisibility": "string", "resourceAccessRole": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Note

In the following list, the required parameters are described first.

projectArn

The Amazon Resource Name (ARN) of the build project.

Type: String

Length Constraints: Minimum length of 1.

Required: Yes

projectVisibility

Specifies the visibility of the project's builds. Possible values are:

PUBLIC_READ

The project builds are visible to the public.

PRIVATE

The project builds are not visible to the public.

Type: String

Valid Values: PUBLIC_READ | PRIVATE

Required: Yes

resourceAccessRole

The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.

Type: String

Length Constraints: Minimum length of 1.

Required: No

Response Syntax

{ "projectArn": "string", "projectVisibility": "string", "publicProjectAlias": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

projectArn

The Amazon Resource Name (ARN) of the build project.

Type: String

Length Constraints: Minimum length of 1.

projectVisibility

Specifies the visibility of the project's builds. Possible values are:

PUBLIC_READ

The project builds are visible to the public.

PRIVATE

The project builds are not visible to the public.

Type: String

Valid Values: PUBLIC_READ | PRIVATE

publicProjectAlias

Contains the project identifier used with the public build APIs.

For more information, see Public build API.

Type: String

Length Constraints: Minimum length of 1.

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidInputException

The input value that was provided is not valid.

HTTP Status Code: 400

ResourceNotFoundException

The specified AWS resource cannot be found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: