Login/Register
How to disable encryption on AWS CodeBuild artifacts?
Asked Answered
amazon-web-servicesencryptionamazon-s3artifactsaws-codebuild
U

3

8

I'm using AWS CodeBuild to build an application, it is configured to push the build artifacts to an AWS S3 bucket. On inspecting the artifcats/objects in the S3 bucket I realised that the objects has been encrypted.

Is it possible to disable to encryption on the artifcats/objects?

Unimproved answered 15/6, 2018 at 8:2 Comment(0)
F
11

There is now a checkbox named "Disable artifacts encryption" under the artifacts section which allows you to disable encryption when pushing artifacts to S3.

https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectArtifacts.html

Faulty answered 24/9, 2018 at 18:58 Comment(0)
V
2

I know this is an old post but I'd like to add my experience in this regard.

My requirement was to get front end assets from a code commit repository, build them and put them in s3 bucket. s3 bucket is further connected with cloudfront for serving the static front end content (written in react in my case).

I found that cloudfront is unable to serve KMS encrypted content as I found KMS.UnrecognizedClientException when I hit the cloudfront Url. I tried to fix that and disabling encryption on aws codebuild artifacts seemed to be the easiest solution when I found this

However, I wanted to manage this using aws-cdk. This code snippet in TypeScript may come handy if you're trying to solve the same issue using aws-cdk

Firstly, get your necessary imports. For this answer it'd be the following:

import * as codecommit from '@aws-cdk/aws-codecommit';
import * as codebuild from '@aws-cdk/aws-codebuild';

Then, I used the following snippet in a class that extends to cdk Stack Note: The same should work if your class extends to a cdk Construct


// replace these according to your requirement
const frontEndRepo = codecommit.Repository
      .fromRepositoryName(this, 'ImportedRepo', 'FrontEnd'); 

const frontendCodeBuild = new codebuild.Project(this, 'FrontEndCodeBuild', {
      source: codebuild.Source.codeCommit({ repository: frontEndRepo }),
      buildSpec: codebuild.BuildSpec.fromObject({
        version: '0.2',
        phases: {
          build: {
            commands: [
              'npm install && npm run build',
            ],
          },
        },
        artifacts: {
          files: 'build/**/*'
        }
      }),
      artifacts: codebuild.Artifacts.s3({
        bucket: this.bucket, // replace with s3 bucket object
        includeBuildId: false,
        packageZip: false,
        identifier: 'frontEndAssetArtifact',
        name: 'artifacts',
        encryption: false // added this to disable the encryption on codebuild
      }),
    });

Also to ensure that everytime I push a code in the repository, a build is triggered, I added the following snippet in the same class.

// add the following line in your imports if you're using this snippet
// import * as targets from '@aws-cdk/aws-events-targets';

frontEndRepo.onCommit('OnCommit', {
  target: new targets.CodeBuildProject(frontendCodeBuild),
});

Note: This may not be a perfect solution, but it's working well for me till now. I'll update this answer if I find a better solution using aws-cdk

Vortical answered 30/1, 2021 at 16:32 Comment(0)
C
-4

Artifact encryption cannot be disabled in AWS CodeBuild

Carouse answered 15/6, 2018 at 17:26 Comment(1)
It is enabled by default and can be disabled by this property in cloud formation docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/…Ferde

© 2022 - 2024 — McMap. All rights reserved.