AWS::CodeBuild::SourceCredential - AWS CloudFormation
SyntaxPropertiesExamples

AWS::CodeBuild::SourceCredential

Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository. We strongly recommend that you use AWS Secrets Manager to store your credentials. If you use Secrets Manager, you must have secrets in your secrets manager. For more information, see Using Dynamic References to Specify Template Values.

Important

For security purposes, do not use plain text in your AWS CloudFormation template to store your credentials.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::CodeBuild::SourceCredential",
  "Properties" : {
      "AuthType" : String,
      "ServerType" : String,
      "Token" : String,
      "Username" : String
    }
}

YAML

Type: AWS::CodeBuild::SourceCredential
Properties:
  AuthType: String
  ServerType: String
  Token: String
  Username: String

Properties

AuthType

The type of authentication used by the credentials. Valid options are OAUTH, BASIC_AUTH, PERSONAL_ACCESS_TOKEN, CODECONNECTIONS, or SECRETS_MANAGER.

Required: Yes

Type: String

Allowed values: OAUTH | BASIC_AUTH | PERSONAL_ACCESS_TOKEN | CODECONNECTIONS | SECRETS_MANAGER

Update requires: No interruption

ServerType

The type of source provider. The valid options are GITHUB, GITHUB_ENTERPRISE, GITLAB, GITLAB_SELF_MANAGED, or BITBUCKET.

Required: Yes

Type: String

Allowed values: GITHUB | BITBUCKET | GITHUB_ENTERPRISE | GITLAB | GITLAB_SELF_MANAGED

Update requires: Replacement

Token

For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is either the access token or the app password. For the authType CODECONNECTIONS, this is the connectionArn. For the authType SECRETS_MANAGER, this is the secretArn.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

Username

The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.

Required: No

Type: String

Minimum: 1

Update requires: No interruption

Examples

Create Bitbucket source credentials using AWS Secrets Manager

YAML

CodeBuildSourceCredential:
  Type: 'AWS::CodeBuild::SourceCredential'
  Properties:
    Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}'
    ServerType: BITBUCKET
    Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}'
    AuthType: BASIC_AUTH

JSON

{
   "CodeBuildSourceCredential": {
      "Type": "AWS::CodeBuild::SourceCredential",
      "Properties": {
         "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}",
         "ServerType": "BITBUCKET",
         "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}",
         "AuthType": "BASIC_AUTH"
      }
   }
}

Create GitHub Enterprise source credentials using AWS Secrets Manager

YAML

Resources:
  CodeBuildSourceCredential:
    Type: 'AWS::CodeBuild::SourceCredential'
    Properties:
      Token: '{{resolve:secretsmanager:github_enterprise:SecretString:token}}'
      ServerType: GITHUB_ENTERPRISE
      AuthType: PERSONAL_ACCESS_TOKEN

JSON

{
   "Resources": {
      "CodeBuildSourceCredential": {
         "Type": "AWS::CodeBuild::SourceCredential",
         "Properties": {
            "Token": "{{resolve:secretsmanager:github_enterprise:SecretString:token}}",
            "ServerType": "GITHUB_ENTERPRISE",
            "AuthType": "PERSONAL_ACCESS_TOKEN"
         }
      }
   }
}

Create GitHub source credentials using AWS Secrets Manager

YAML

Resources:
  CodeBuildSourceCredential:
    Type: 'AWS::CodeBuild::SourceCredential'
    Properties:
      Token: '{{resolve:secretsmanager:github:SecretString:token}}'
      ServerType: GITHUB
      AuthType: PERSONAL_ACCESS_TOKEN

JSON

{
   "Resources": {
      "CodeBuildSourceCredential": {
         "Type": "AWS::CodeBuild::SourceCredential",
         "Properties": {
            "Token": "{{resolve:secretsmanager:github:SecretString:token}}",
            "ServerType": "GITHUB",
            "AuthType": "PERSONAL_ACCESS_TOKEN"
         }
      }
   }
}

Import source credentials for Bitbucket

YAML

Resources:
  MySourceCreds:
    Type: 'AWS::CodeBuild::SourceCredential'
    Properties:
      Token: '{{resolve:secretsmanager:bitbucket:SecretString:token}}'
      ServerType: BITBUCKET
      Username: '{{resolve:secretsmanager:bitbucket:SecretString:username}}'
      AuthType: BASIC_AUTH
  MyProject:
    Type: 'AWS::CodeBuild::Project'
    Properties:
      Name: myProjectName
      Description: A description about my project
      ServiceRole: testServiceRoleArn
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: 'aws/codebuild/standard:5.0'
      Source:
        Type: BITBUCKET
        Location: 'your-bitbucket-repo-url'
    DependsOn: MySourceCreds

JSON

{
    "Resources": {
        "MySourceCreds": {
            "Type": "AWS::CodeBuild::SourceCredential",
            "Properties": {
                "Token": "{{resolve:secretsmanager:bitbucket:SecretString:token}}",
                "ServerType": "BITBUCKET",
                "Username": "{{resolve:secretsmanager:bitbucket:SecretString:username}}",
                "AuthType": "BASIC_AUTH"
            }
        },
        "MyProject": {
            "Type": "AWS::CodeBuild::Project",
            "Properties": {
                "Name": "myProjectName",
                "Description": "A description about my project",
                "ServiceRole": "testServiceRoleAr",
                "Artifacts": {
                    "Type": "NO_ARTIFACTS"
                },
                "Environment": {
                    "Type": "LINUX_CONTAINER",
                    "ComputeType": "BUILD_GENERAL1_SMALL",
                    "Image": "aws/codebuild/standard:5.0"
                },
                "Source": {
                    "Type": "BITBUCKET",
                    "Location": "your-bitbucket-repo-url"
                }
            },
            "DependsOn": "MySourceCreds"
        }
    }
}

Import source credentials for Github

YAML

Resources:
  MySourceCreds:
    Type: 'AWS::CodeBuild::SourceCredential'
    Properties: 
      Token: '{{resolve:secretsmanager:github:SecretString:token}}'
      ServerType: GITHUB
      AuthType: PERSONAL_ACCESS_TOKEN
  MyProject:
    Type: 'AWS::CodeBuild::Project'
    Properties: 
      Name: myProjectName
      Description: A description about my project
      ServiceRole: testServiceRoleArn
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: 'aws/codebuild/standard:5.0'
      Source:
        Type: GITHUB
        Location: 'your-github-repo-url'
    DependsOn: MySourceCreds

JSON

{
    "Resources": {
        "MySourceCreds": {
            "Type": "AWS::CodeBuild::SourceCredential",
            "Properties": {
                "Token": "{{resolve:secretsmanager:github:SecretString:token}}",
                "ServerType": "GITHUB",
                "AuthType": "PERSONAL_ACCESS_TOKEN"
            }
        },
        "MyProject": {
            "Type": "AWS::CodeBuild::Project",
            "Properties": {
                "Name": "myProjectName",
                "Description": "A description about my project",
                "ServiceRole": "testServiceRoleArn",
                "Artifacts": {
                    "Type": "NO_ARTIFACTS"
                },
                "Environment": {
                    "Type": "LINUX_CONTAINER",
                    "ComputeType": "BUILD_GENERAL1_SMALL",
                    "Image": "aws/codebuild/standard:5.0"
                },
                "Source": {
                    "Type": "GITHUB",
                    "Location": "your-github-repo-url"
                }
            },
            "DependsOn": "MySourceCreds"
        }
    }
}