Description:
A CodeBuild project with an user controlled buildspec allows users to have more control over the build process. This can be helpful for users who need to customize the build process for their specific needs.
Rationale:
Following this policy ensures that CodeBuild projects are more secure and flexible. By giving users control over the buildspec, they can be sure that the build process is tailored to their specific needs. This can help to prevent security vulnerabilities and ensure that builds are successful.
Impact:
Following this policy can have a number of positive impacts, including:
- Increased security: By giving users control over the buildspec, they can be sure that the build process is tailored to their specific needs. This can help to prevent security vulnerabilities.
- Increased flexibility: Users can customize the build process to meet their specific needs.
- Improved build success rates: By giving users control over the buildspec, they can be sure that the build process is tailored to their specific needs. This can help to improve build success rates.
Default Value:
AWS CodeBuild does not require that CodeBuild projects have an user controlled buildspec. However, it is recommended that you follow this policy to ensure that your CodeBuild projects are more secure and flexible.
Pre-requisites:
- You must have an AWS account and be signed in to the AWS Management Console.
- You must have the AWS CodeBuild permissions to create and manage CodeBuild projects.
Remediation Steps:
To remediate a CodeBuild project that does not have an user controlled buildspec, you can follow these steps:
- Go to the AWS CodeBuild console.
- Click on the "Projects" tab.
- Select the CodeBuild project that you want to remediate.
- Click on the "Edit" button.
- In the "Buildspec" section, select the "User controlled" option.
- Click on the "Save" button.
Test Plan:
To test whether a CodeBuild project has an user controlled buildspec, you can follow these steps:
- Go to the AWS CodeBuild console.
- Click on the "Projects" tab.
- Select the CodeBuild project that you want to test.
- Click on the "Build" button.
- In the "Buildspec" section, verify that the "User controlled" option is selected.
Implementation Plan:
To implement this policy, you can follow these steps:
- Create a new CodeBuild project.
- In the "Buildspec" section, select the "User controlled" option.
- Save the CodeBuild project.
AWS CLI Process:
To use the AWS CLI to implement this policy, you can use the following command:
aws codebuild create-project --name my-project --buildspec user-controlled
Using AWS GUI:
To use the AWS Management Console to implement this policy, you can follow these steps:
- Go to the AWS CodeBuild console.
- Click on the "Projects" tab.
- Click on the "Create project" button.
- In the "Name" field, enter a name for your CodeBuild project.
- In the "Buildspec" section, select the "User controlled" option.
- Click on the "Create" button.
Backout Plan:
To backout of this policy, you can follow these steps:
- Go to the AWS CodeBuild console.
- Click on the "Projects" tab.
- Select the CodeBuild project that you want to backout of.
- Click on the "Edit" button.
- In the "Buildspec" section, select the "Default" option.
- Click on the "Save" button.
Note:
- This policy is not applicable to CodeBuild projects that are triggered by CodePipeline.
- This policy is not applicable to CodeBuild projects that are created using the CodeBuild API.
Reference:
https://docs.aws.amazon.com/codebuild/latest/userguide/
https://docs.aws.amazon.com/cli/latest/reference/codebuild/
https://docs.aws.amazon.com/codebuild/latest/APIReference/