Periodic update, April-2018, with new advanced topic file explaining how to specify a FIPS or a non-FIPS endpoint.

Author: markiver

doc_source/advanced-topics.md

@@ -6,5 +6,6 @@ This section includes several advanced topics that are useful to more experience
 + [Advanced Setup](setting-up.md)
 + [Command Line Reference for AWS CodeBuild](cmd-ref.md)
 + [AWS SDKs and Tools Reference for AWS CodeBuild](sdk-ref.md)
++ [Specify the AWS CodeBuild Endpoint](endpoint-specify.md)
 + [Authentication and Access Control for AWS CodeBuild](auth-and-access-control.md)
 + [Logging AWS CodeBuild API Calls with AWS CloudTrail](cloudtrail.md)

doc_source/auth-and-access-control-iam-identity-based-access-control.md

@@ -85,7 +85,7 @@ You can use the following sample IAM policies to limit AWS CodeBuild access for
 + [Allow a User to Attempt to Stop Builds](#customer-managed-policies-example-stop-build)
 + [Allow a User to Attempt to Delete Builds](#customer-managed-policies-example-delete-builds)
 + [Allow a User to Get Information About Docker Images that Are Managed by AWS CodeBuild](#customer-managed-policies-example-list-curated-environment-images)
-+ [Allow a User to Create a VPC Network Interface](#customer-managed-policies-example-create-vpc-network-interface)
++ [Allow AWS CodeBuild Access to AWS Services Required to Create a VPC Network Interface](#customer-managed-policies-example-create-vpc-network-interface)
 
 ### Allow a User to Get Information About Build Projects<a name="customer-managed-policies-example-batch-get-projects"></a>
 
@@ -307,9 +307,9 @@ The following example policy statement allows a user to get information about al
 }
 ```
 
-### Allow a User to Create a VPC Network Interface<a name="customer-managed-policies-example-create-vpc-network-interface"></a>
+### Allow AWS CodeBuild Access to AWS Services Required to Create a VPC Network Interface<a name="customer-managed-policies-example-create-vpc-network-interface"></a>
 
-The following example policy statement allows a user to create a network interface in an Amazon VPC:
+The following example policy statement grants AWS CodeBuild permission to create a network interface in an Amazon VPC:
 
 ```
 {

doc_source/cloudformation-vpc-template.md

@@ -2,7 +2,7 @@
 
 AWS CloudFormation enables you to create and provision AWS infrastructure deployments predictably and repeatedly, by using template files to create and delete a collection of resources together as a single unit \(a stack\)\. For more information, see the [AWS CloudFormation User Guide](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide//Welcome.html)\.
 
-The following is a AWS CloudFormation YAML template for configuring an Amazon VPC to use AWS CodeBuild VPC feature\.
+The following is an AWS CloudFormation YAML template for configuring an Amazon VPC to use the AWS CodeBuild VPC feature\. It is available for download from [https://s3.amazonaws.com/codebuild-cloudformation-templates-public/vpc_cloudformation_template.yml](https://s3.amazonaws.com/codebuild-cloudformation-templates-public/vpc_cloudformation_template.yml)\.
 
 ```
 Description: 

doc_source/cmd-ref.md

@@ -6,21 +6,7 @@ Not what you're looking for? If you want to use the AWS SDKs to call AWS CodeBui
 
 To use the information in this topic, you should have already installed the AWS CLI and configured it for use with AWS CodeBuild, as described in [Install and Configure the AWS CLI](setting-up.md#setting-up-cli)\.
 
-**Topics**
-+ [Specify the AWS CodeBuild Endpoint](#acb-cli-endpoints)
-+ [AWS CLI Commands for AWS CodeBuild](#acb-cli-commands)
-
-## Specify the AWS CodeBuild Endpoint<a name="acb-cli-endpoints"></a>
-
-You can use the AWS CLI to specify the endpoint through which AWS CodeBuild is accessed by using the `--endpoint-url` argument on any AWS CodeBuild command\. For example, to get a list of project build names using a the Federal Information Processing Standards \(FIPS\) endpoint in the US East \(N\. Virginia\) Region, run this command\.
-
-```
-aws codebuild list-projects --endpoint-url https://codebuild-fips.us-east-1.amazonaws.com
-```
-
-To see the endpoints that can be used with AWS CodeBuild, see [AWS CodeBuild Regions and Endpoints](http://docs.aws.amazon.com/general/latest/gr/rande.html#codebuild_region)\.
-
-## AWS CLI Commands for AWS CodeBuild<a name="acb-cli-commands"></a>
+ To use the AWS CLI to specify the endpoint for AWS CodeBuild, see [Specify the AWS CodeBuild Endpoint \(AWS CLI\)](endpoint-specify.md#endpoint-specify-cli)\. 
 
 Run this command to get a list of AWS CodeBuild commands\.
 

doc_source/endpoint-specify.md

@@ -0,0 +1,82 @@
+# Specify the AWS CodeBuild Endpoint<a name="endpoint-specify"></a>
+
+ You can use the AWS Command Line Interface \(AWS CLI\) or one of the AWS SDKs to specify the endpoint used by AWS CodeBuild\. There is an endpoint for each region in which AWS CodeBuild is available\. In addition to a regional endpoint, four regions also have a Federal Information Processing Standards \(FIPS\) endpoint\. For more information about FIPS endpoints, see [FIPS 140\-2 Overview](https://aws.amazon.com/compliance/fips/)\. 
+
+ Specifying an endpoint is optional\. If you don't explicitly tell AWS CodeBuild which endpoint to use, the service uses the endpoint associated with the region your AWS account uses\. AWS CodeBuild never defaults to a FIPS endpoint\. If you want to use a FIPS endpoint, you must associate AWS CodeBuild with it using one of the following methods\. 
+
+**Note**  
+ You can use an alias or region name to specify an endpoint using an AWS SDK\. If you use the AWS CLI, then you must use the full endpoint name\. 
+
+ For endpoints that can be used with AWS CodeBuild, see [AWS CodeBuild Regions and Endpoints](http://docs.aws.amazon.com/general/latest/gr/rande.html#codebuild_region)\. 
+
+**Topics**
++ [Specify the AWS CodeBuild Endpoint \(AWS CLI\)](#endpoint-specify-cli)
++ [Specify the AWS CodeBuild Endpoint \(AWS SDK\)](#endpoint-specify-sdk)
+
+## Specify the AWS CodeBuild Endpoint \(AWS CLI\)<a name="endpoint-specify-cli"></a>
+
+ You can use the AWS CLI to specify the endpoint through which AWS CodeBuild is accessed by using the `--endpoint-url` argument in any AWS CodeBuild command\. For example, run this command to get a list of project build names using the Federal Information Processing Standards \(FIPS\) endpoint in the US East \(N\. Virginia\) Region: 
+
+```
+aws codebuild list-projects --endpoint-url https://codebuild-fips.us-east-1.amazonaws.com
+```
+
+Include the `https://` at the begining of the endpoint\.
+
+ The `--endpoint-url` AWS CLI argument is available to all AWS services\. For more information about this and other AWS CLI arguments, see [AWS CLI Command Reference](http://docs.aws.amazon.com/cli/latest/reference/)\. 
+
+## Specify the AWS CodeBuild Endpoint \(AWS SDK\)<a name="endpoint-specify-sdk"></a>
+
+ You can use an AWS SDK to specify the endpoint through which AWS CodeBuild is accessed\. Although this example uses the [AWS SDK for Java](https://aws.amazon.com/sdk-for-java/), you can specify the endpoint with the other AWS SDKs\. 
+
+ Use the `withEndpointConfiguration` method when constructing the AWSCodeBuild client\. Here is format to use: 
+
+```
+AWSCodeBuild awsCodeBuild = AWSCodeBuildClientBuilder.standard().
+    withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("endpoint", "region")).
+    withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).
+    build();
+```
+
+ For information about `AWSCodeBuildClientBuilder`, see [Class AWSCodeBuildClientBuilder](http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/services/codebuild/AWSCodeBuildClientBuilder.html)\. 
+
+ The credentials used in `withCredentials` must be of type `AWSCredentialsProvider`\. For more information, see [Working with AWS Credentials](http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html)\. 
+
+ Do not include `https://` at the begining of the endpoint\.
+
+ If you want to specify a non\-FIPS endpoint, you can use the region instead of the actual endpoint\. For example, to specify the endpoint in the US East \(N\. Virginia\) region, you can use `us-east-1` instead of the full endpoint name, `codebuild.us-east-1.amazonaws.com`\. 
+
+If you want to specify a FIPS endpoint, you can use an alias to simplify your code\. Only FIPS endpoints have an alias\. Other endpoints must be specified using their region or full name\. 
+
+The following table lists the alias for each of the four available FIPS endpoints:
+
+
+****  
+[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/codebuild/latest/userguide/endpoint-specify.html)
+
+ To specify use of the FIPS endpoint in the US West \(Oregon\) region using an alias: 
+
+```
+AWSCodeBuild awsCodeBuild = AWSCodeBuildClientBuilder.standard().
+    withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("us-west-2-fips", "us-west-2")).
+    withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).
+    build();
+```
+
+ To specify use of the non\-FIPS endpoint in the US East \(N\. Virginia\) region: 
+
+```
+AWSCodeBuild awsCodeBuild = AWSCodeBuildClientBuilder.standard().
+    withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("us-east-1", "us-east-1")).
+    withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).
+    build();
+```
+
+ To specify use of the non\-FIPS endpoint in the Asia Pacific \(Mumbai\) region: 
+
+```
+AWSCodeBuild awsCodeBuild = AWSCodeBuildClientBuilder.standard().
+    withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("ap-south-1", "ap-south-1")).
+    withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).
+    build();
+```

doc_source/index.md

@@ -71,6 +71,7 @@ Amazon's trademarks and trade dress may not be used in
    + [Advanced Setup](setting-up.md)
    + [Command Line Reference for AWS CodeBuild](cmd-ref.md)
    + [AWS SDKs and Tools Reference for AWS CodeBuild](sdk-ref.md)
+   + [Specify the AWS CodeBuild Endpoint](endpoint-specify.md)
    + [Authentication and Access Control for AWS CodeBuild](auth-and-access-control.md)
       + [Overview of Managing Access Permissions to Your AWS CodeBuild Resources](auth-and-access-control-iam-access-control-identity-based.md)
       + [Using Identity-Based Policies (IAM Policies) for AWS CodeBuild](auth-and-access-control-iam-identity-based-access-control.md)

doc_source/jenkins-plugin.md

@@ -1,23 +1,10 @@
 # Use AWS CodeBuild with Jenkins<a name="jenkins-plugin"></a>
 
-Jenkins is a continuous integration and continuous delivery application that you can use to continuously build and test your software projects\. For more information, see [Meet Jenkins](https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins) on the Jenkins website\.
-
-At a functional level, there are two components to Jenkins: 
-+ A scheduler that creates and runs your build jobs\.
-+ A build platform, namely, a set of distributed build nodes\.
-
-For more information, see [Distributed builds](https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds) on the Jenkins website\.
-
 The Jenkins plugin for AWS CodeBuild enables you to integrate AWS CodeBuild with your Jenkins build jobs\. Instead of sending your build jobs to Jenkins build nodes, you use the plugin to send your build jobs to AWS CodeBuild\. This eliminates the need for you to provision, configure, and manage Jenkins build nodes\.
 
-**Topics**
-+ [Setting Up Jenkins](#setup-jenkins)
-+ [Installing the Plugin](#plugin-installation)
-+ [Using the Plugin](#plugin-usage)
-
 ## Setting Up Jenkins<a name="setup-jenkins"></a>
 
-For information about setting up Jenkins with the AWS CodeBuild plugin, see the [Simplify Your Jenkins Builds with AWS CodeBuild](https://aws.amazon.com/blogs/devops/simplify-your-jenkins-builds-with-aws-codebuild/) blog post on the AWS DevOps Blog\.
+For information about setting up Jenkins with the AWS CodeBuild plugin, see the [ Simplify Your Jenkins Builds with AWS CodeBuild](https://aws.amazon.com/blogs/devops/simplify-your-jenkins-builds-with-aws-codebuild/) blog post on the AWS DevOps Blog\. You can download the AWS CodeBuild Jenkins from [ https://github\.com/awslabs/aws\-codebuild\-jenkins\-plugin](https://github.com/awslabs/aws-codebuild-jenkins-plugin)\.
 
 ## Installing the Plugin<a name="plugin-installation"></a>
 

doc_source/setting-up.md

@@ -205,7 +205,10 @@ You need an AWS CodeBuild service role so that AWS CodeBuild can interact with d
 + [Add an AWS CodeBuild Build Action to a Pipeline \(AWS CodePipeline Console\)](how-to-create-pipeline.md#how-to-create-pipeline-add)
 + [Change a Build Project's Settings \(Console\)](change-project.md#change-project-console)
 
-If you do not plan to use these consoles, this section describes how to create an AWS CodeBuild service role with the IAM console or the AWS CLI\. <a name="setting-up-service-role-console"></a>
+If you do not plan to use these consoles, this section describes how to create an AWS CodeBuild service role with the IAM console or the AWS CLI\. 
+
+**Note**  
+The service role described on this page contains a policy that grants the minimum permissions required to use AWS CodeBuild\. You might need to add additional permissions depending on your use case\. For example, if you want to use AWS CodeBuild with Amazon Virtual Private Cloud, then the service role you create requires the permissions in the following policy: [Create an AWS CodeBuild Service Role](#setting-up-service-role)\.<a name="setting-up-service-role-console"></a>
 
 **To create an AWS CodeBuild service role \(console\)**
 

doc_source/vpc-support.md

@@ -34,7 +34,7 @@ For information about creating a build project, see [Create a Build Project \(Co
 
 **Create a build project \(AWS CLI\)**
 
-For information about creating a build project, see [Create a Build Project \(AWS CLI\)](create-project.md#create-project-cli)\. If you are using the AWS CLI with AWS CodeBuild, the service role used by AWS CodeBuild to interact with services on behalf of the IAM user must have the following policy attached: [Allow a User to Create a VPC Network Interface](auth-and-access-control-iam-identity-based-access-control.md#customer-managed-policies-example-create-vpc-network-interface)\.
+For information about creating a build project, see [Create a Build Project \(AWS CLI\)](create-project.md#create-project-cli)\. If you are using the AWS CLI with AWS CodeBuild, the service role used by AWS CodeBuild to interact with services on behalf of the IAM user must have the following policy attached: [Allow AWS CodeBuild Access to AWS Services Required to Create a VPC Network Interface](auth-and-access-control-iam-identity-based-access-control.md#customer-managed-policies-example-create-vpc-network-interface)\.
 
 The *vpcConfig* object should include your *vpcId*, *securityGroupIds*, and *subnets*\.
 + *vpcId*: Required value\. The VPC ID that AWS CodeBuild uses\. To get a list of all Amazon VPC IDs in your region, run this command:
@@ -90,4 +90,6 @@ The following are some guidelines to assist you when troubleshooting a common AW
 
 1. [Make sure that the route table for private subnets points to the NAT gateway](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide//VPC_Route_Tables.html#route-tables-nat)\.
 
-1. Make sure that the service role used by AWS CodeBuild to interact with services on behalf of the IAM user has the following policy attached to it: [Allow a User to Create a VPC Network Interface](auth-and-access-control-iam-identity-based-access-control.md#customer-managed-policies-example-create-vpc-network-interface)\.
+1. Make sure that the service role used by AWS CodeBuild to interact with services on behalf of the IAM user has the permissions in [ this policy](http://docs.aws.amazon.com/codebuild/latest/userguide/auth-and-access-control-iam-identity-based-access-control.html#customer-managed-policies-example-create-vpc-network-interface)\. For more information, see [Create an AWS CodeBuild Service Role](setting-up.md#setting-up-service-role)\. 
+
+   If AWS CodeBuild is missing permissions, you might receive an error that says, "Unexpected EC2 error: UnauthorizedOperation\." This error can occur if AWS CodeBuild does not have the Amazon EC2 permissions required to work with an Amazon VPC\.