» Resource: aws_codebuild_webhook
Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.
» Example Usage
» Bitbucket and GitHub
When working with Bitbucket and GitHub source CodeBuild webhooks, the CodeBuild service will automatically create (on aws_codebuild_webhook
resource creation) and delete (on aws_codebuild_webhook
resource deletion) the Bitbucket/GitHub repository webhook using its granted OAuth permissions. This behavior cannot be controlled by Terraform.
Note: The AWS account that Terraform uses to create this resource must have authorized CodeBuild to access Bitbucket/GitHub's OAuth API in each applicable region. This is a manual step that must be done before creating webhooks with this resource. If OAuth is not configured, AWS will return an error similar to ResourceNotFoundException: Could not find access token for server type github
. More information can be found in the CodeBuild User Guide for Bitbucket and GitHub.
Note: Further managing the automatically created Bitbucket/GitHub webhook with the bitbucket_hook
/github_repository_webhook
resource is only possible with importing that resource after creation of the aws_codebuild_webhook
resource. The CodeBuild API does not ever provide the secret
attribute for the aws_codebuild_webhook
resource in this scenario.
resource "aws_codebuild_webhook" "example" {
project_name = "${aws_codebuild_project.example.name}"
}
» GitHub Enterprise
When working with GitHub Enterprise source CodeBuild webhooks, the GHE repository webhook must be separately managed (e.g. manually or with the github_repository_webhook
resource).
More information creating webhooks with GitHub Enterprise can be found in the CodeBuild User Guide.
resource "aws_codebuild_webhook" "example" {
project_name = "${aws_codebuild_project.example.name}"
}
resource "github_repository_webhook" "example" {
active = true
events = ["push"]
name = "example"
repository = "${github_repository.example.name}"
configuration {
url = "${aws_codebuild_webhook.example.payload_url}"
secret = "${aws_codebuild_webhook.example.secret}"
content_type = "json"
insecure_ssl = false
}
}
» Argument Reference
The following arguments are supported:
-
project_name
- (Required) The name of the build project. -
branch_filter
- (Optional) A regular expression used to determine which branches get built. Default is all branches are built.
» Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id
- The name of the build project. -
payload_url
- The CodeBuild endpoint where webhook events are sent. -
secret
- The secret token of the associated repository. Not returned by the CodeBuild API for all source types. -
url
- The URL to the webhook.
Note: The secret
attribute is only set on resource creation, so if the secret is manually rotated, terraform will not pick up the change on subsequent runs. In that case, the webhook resource should be tainted and re-created to get the secret back in sync.
» Import
CodeBuild Webhooks can be imported using the CodeBuild Project name, e.g.
$ terraform import aws_codebuild_webhook.example MyProjectName