AWS – AWS CodeBuild adds support for new IAM condition keys

AWS CodeBuild now supports new IAM condition keys enabling granular access control on CodeBuild’s resource-modifying APIs. The new condition keys cover most of CodeBuild’s API request contexts, including network settings, credential configurations and compute restrictions. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages ready for deployment.

The new condition keys allow you to create IAM policies that better enforce your organizational policies on CodeBuild resources such as projects and fleets. For example, you can use codebuild:vpcConfig.vpcId condition keys to enforce the VPC connectivity settings on projects or fleets, codebuild:source.buildspec condition keys to prevent unauthorized modifications to project buildspec commands, and codebuild:computeConfiguration.instanceType condition keys to restrict which compute types your builds can use.

The new IAM condition keys are available in all regions where CodeBuild is offered. For more information about the AWS Regions where CodeBuild is available, see the AWS Regions page.

For a full list of new CodeBuild IAM condition keys, please visit our documentation. To learn more about how to get started with CodeBuild, visit the AWS CodeBuild product page.

Read More for the details.