AWS CodeBuild (IAM)

aws devops

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages.

Common permissions

codebuild:ListProjectscodebuild:StartBuildcodebuild:StopBuildcodebuild:ListBuildscodebuild:ListBuildsForProjectcodebuild:ListReportscodebuild:CreateReportcodebuild:UpdateReport

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:ListProjects",
        "codebuild:StartBuild",
        "codebuild:StopBuild",
        "codebuild:ListBuilds",
        "codebuild:ListBuildsForProject",
        "codebuild:ListReports",
        "codebuild:CreateReport",
        "codebuild:UpdateReport"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid codebuild:* — grants full control including project deletion and configuration changes
Avoid codebuild:DeleteProject and codebuild:DeleteReportGroup — can break CI/CD pipelines and lose build history

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/codebuild/codebuild.json ↗

API

full doc /v1/iam/codebuild