Description:
This policy ensures that all Code Build Projects are in use. This helps to ensure that your CodeBuild resources are being utilized effectively.

Rationale:
CodeBuild Projects that are not in use can waste resources and cost money. By ensuring that all CodeBuild Projects are in use, you can help to reduce your AWS costs.

Impact:
If you do not ensure that all CodeBuild Projects are in use, you may be wasting resources and incurring unnecessary costs.

Default Value:
By default, CodeBuild Projects are not in use until they are triggered.

Pre-requisites:

  • You must have an AWS account and be an IAM user with the appropriate permissions to view and manage CodeBuild Projects.


Remediation Steps:

  1. Identify all CodeBuild Projects that are not in use.
  2. Determine the reason why the projects are not in use.
  3. Take action to put the projects into use, or delete them if they are no longer needed.


Test Plan:

  1. Identify a subset of CodeBuild Projects that are not in use.
  2. Determine the reason why the projects are not in use.
  3. Take action to put the projects into use, or delete them if they are no longer needed.
  4. Verify that the projects are in use or deleted, as appropriate.

Implementation Plan:

AWS CLI:

aws codebuild list-projects



AWS GUI:

  1. Go to the CodeBuild console.
  2. Click Projects.

Backout Plan:

  1. Restore the CodeBuild Projects that were deleted.
  2. Re-enable the CodeBuild Projects that were not in use.

Note:

  • This policy applies to all regions and accounts.
  • You can use the AWS CLI or the AWS SDKs to automate the process of identifying and remediating unused CodeBuild Projects.

Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/concepts.html