Update CodeBuild CF stack template to add disabled encryption and rem…

…ove webhook Booleans (aws#4243) * Remove webhook/triggers from CodeBuild CF stack template * Disable artifact encryption on CodeBuild devbuild stack template * Remove trailing space on EcryptionDisabled lines
xxx0624 · Jul 29, 2024 · 512fa42 · 512fa42
1 parent ac78654
commit 512fa42
Showing 1 changed file with 9 additions and 57 deletions.
diff --git a/build-infrastructure/codebuild-devbuild-stack.yml b/build-infrastructure/codebuild-devbuild-stack.yml
@@ -23,6 +23,7 @@ Resources:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -46,18 +47,12 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
   UbuntuArmProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -81,18 +76,12 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
   ArmProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -116,18 +105,12 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
   AmdProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -151,20 +134,14 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
 
   # Creates a CodeBuild project for Amazon Linux 2 ARM    
   Amzn2ArmProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -188,20 +165,14 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
 
   # Creates a CodeBuild project for Amazon Linux 2 AMD
   Amzn2AmdProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -225,20 +196,14 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
 
   # Creates a CodeBuild project for Amazon Linux 2023 ARM
   Amzn2023ArmProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled: true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -262,20 +227,14 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE
 
   # Creates a CodeBuild project for Amazon Linux 2023 AMD
   Amzn2023AmdProject:
     Type: 'AWS::CodeBuild::Project'
     Properties:
       Artifacts:
+        EncryptionDisabled : true
         Location: !Ref BuildBucketName
         NamespaceType: NONE
         OverrideArtifactName: true
@@ -299,13 +258,6 @@ Resources:
         Location: !Ref GithubFullRepoName
         Type: GITHUB
       TimeoutInMinutes: 60
-      Triggers:
-        BuildType: BUILD
-        # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName
-        # This allow list can be modified using aws-cli or aws-sdk
-        # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs
-        # so they have to be listed separately
-        Webhook: true
       Visibility: PRIVATE     
 
   # Defines the service roles for the CodeBuild projects
@@ -652,4 +604,4 @@ Resources:
                   - 's3:GetBucketAcl'
                   - 's3:GetBucketLocation'
           PolicyName: !Sub '${AWS::StackName}-ServicePolicyAmzn2023Amd'
-      RoleName: !Sub '${AWS::StackName}-ServiceRoleAmzn2023Amd'
+      RoleName: !Sub '${AWS::StackName}-ServiceRoleAmzn2023Amd'