Best practice rules for AWS CodeBuild
AWS CodeBuild is a fully managed continuous integration service in the cloud. CodeBuild compiles source code, runs tests, and produces packages that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale your own build servers. CodeBuild automatically scales up and down and processes multiple builds concurrently, so your builds don’t have to wait in a queue. You can get started quickly by using CodeBuild prepackaged build environments, or you can use custom build environments to use your own build tools. With CodeBuild, you only pay by the minute.
- Configure OAuth for CodeBuild Project Sources
Ensure that CodeBuild GitHub or Bitbucket source repository URLs use OAuth.
- Disable Privileged Mode for CodeBuild Project Environments
Ensure Privileged Mode is disabled for Amazon CodeBuild project environments.
- Enable Encryption for S3 Logs
Ensure that S3 log encryption is enabled for Amazon CodeBuild build projects.
- Enable Logging for CodeBuild Build Projects
Ensure that build output logging is enabled for Amazon CodeBuild build projects.
- Remove CodeBuild Project Environment Variables with Clear Text Credentials
Ensure that CodeBuild project environment variables don't use clear text credentials.