{"slug":"iam-aws-codebuild","cloud":"aws","service":"codebuild","title":"AWS CodeBuild (IAM)","description":"AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages.","category":"devops","common_permissions":["codebuild:ListProjects","codebuild:StartBuild","codebuild:StopBuild","codebuild:ListBuilds","codebuild:ListBuildsForProject","codebuild:ListReports","codebuild:CreateReport","codebuild:UpdateReport"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:ListProjects\",\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:ListBuilds\",\n        \"codebuild:ListBuildsForProject\",\n        \"codebuild:ListReports\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid codebuild:* — grants full control including project deletion and configuration changes","Avoid codebuild:DeleteProject and codebuild:DeleteReportGroup — can break CI/CD pipelines and lose build history"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/codebuild/codebuild.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:49:42.270Z","updated_at":"2026-06-14T04:49:42.270Z"}