Skip to main content


Service Details

Service for executing build processes - compiling applications etc. Commonly deployed as part of a CodePipeline CI/CD set up.

Assessment Notes

Stealing CodeBuild Credentials

You can pass --debug-session-enabled to aws codebuild start-build to enable debug mode. Doing this causes the CodeBuild executable on the agent to connect to Systems Manager Session Manager for the duration of the build. You can then effectively remotely log into the build container using Systems Manager Session Manager, if you have permissions, and steal the access keys from there.

Operational Notes

Any content related to operational considerations (I.E useful to know but not directly to be checked as part of an assessment) goes here. Good examples include how the service interacts with other services within AWS, or common deployment architectures/considerations.

Exam tips

Any comments specifically related to AWS exams, for instance AWS Certified Security Specialty