1. Overview
Managed build service: compile, test, produce artifacts. No servers. Pay per build-minute.
Core
buildspec.yml defines build phases. Runs in Docker container. Serverless.
2. buildspec.yml
version: 0.2
env:
secrets-manager: { DB_PASS: prod/db:password }
parameter-store: { API_KEY: /app/key }
phases:
install: { commands: [npm install] }
pre_build: { commands: [npm test] }
build: { commands: [npm run build] }
post_build: { commands: [echo Done] }
artifacts: { files: ["**/*"], base-directory: dist }
cache: { paths: [node_modules/**/*] }3. Key Features
- Managed images: Amazon Linux/Ubuntu/Windows + Node/Python/Java/Go/.NET/Docker
- Custom Docker image from ECR or Docker Hub
- Compute: Small(3GB), Medium(7GB), Large(15GB), 2XLarge(145GB)
- Secrets: reference Secrets Manager + Parameter Store in buildspec (never hardcode)
- Caching: S3 cache, Docker layer cache, local cache
- VPC support: access private resources (needs NAT GW for internet)
- Docker builds: build + push to ECR. Pattern: Pipeline → CodeBuild → ECR → ECS
Exam Tip
CodeBuild: buildspec.yml = build config. Secrets via secrets-manager/parameter-store. VPC for private resources. Docker to ECR.