AWS CodeBuild now supports codebuild:projectArn and codebuild:buildArn as IAM condition keys, enabling more granular access control in IAM policies.
These condition keys allow administrators to restrict AWS API requests based on the ARN of the project or build that initiated the request.
CodeBuild will automatically include codebuild:projectArn and codebuild:buildArn in the request context for all AWS API calls made within a build.
You can use the Condition element in IAM policies to compare the project ARN with specified values, ensuring that permissions are granted only to requests originating from authorized builds.
This enhancement provides advanced security controls, allowing users to enforce stricter access policies. For instance, you can configure IAM policies to grant permissions only to API calls made within builds for a specific project.
This feature is now available in all AWS regions where CodeBuild is supported. For details on CodeBuild’s regional availability, refer to the AWS Regions page.
