Two new features (support for cross account ECR access and private Docker registries) plus minor periodic updates

Author: Mark Iverson

doc_source/auth-and-access-control-permissions-reference.md

@@ -33,10 +33,13 @@ If you see an expand arrow \(**↗**\) in the upper\-right corner of the table,
 | CreateProject |  `codebuild:CreateProject` `iam:PassRole` Required to create build projects\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name` `arn:aws:iam:account-ID:role/role-name`  | 
 | CreateWebhook |  `codebuild:CreateWebhook` Required to create a webhook\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 
 | DeleteProject |  `codebuild:DeleteProject` Required to delete build projects\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 
+| DeleteSourceCredentials |  `codebuild:DeleteSourceCredentials` Required to delete a set of `SourceCredentialsInfo` objects that contain information about credentials for a GitHub, GitHub Enterprise, or Bitbucket repository\.  |  `*`  | 
 | DeleteWebhook |  `codebuild:DeleteWebhook` Required to delete a webhook\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 
+| ImportSourceCredentials |  `codebuild:ImportSourceCredentials` Required to import a set of `SourceCredentialsInfo` objects that contain information about credentials for a GitHub, GitHub Enterprise, or Bitbucket repository\.  |  `*`  | 
 | ListBuilds | codebuild:ListBuildsRequired to get a list of build IDs\. |  `*`  | 
 | ListBuildsForProject |  `codebuild:ListBuildsForProject` Required to get a list of build IDs for a build project\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 
 | ListCuratedEnvironmentImages |  `codebuild:ListCuratedEnvironmentImages` Required to get information about all Docker images that are managed by AWS CodeBuild\.  |  `*` \(required, but does not refer to an addressable AWS resource\)  | 
+| ListSourceCredentials |  `codebuild:ListSourceCredentials` Required to get a list of `SourceCredentialsInfo` objects that contain information about credentials for a GitHub, GitHub Enterprise, or Bitbucket repository\.  |  `*`  | 
 | ListProjects |  `codebuild:ListProjects` Required to get a list of build project names\.  |  `*`  | 
 | StartBuild |  `codebuild:StartBuild` Required to start running builds\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 
 | StopBuild |  `codebuild:StopBuild` Required to attempt to stop running builds\.  |  `arn:aws:codebuild:region-ID:account-ID:project/project-name`  | 

doc_source/build-env-ref-available.md

@@ -9,7 +9,7 @@
 AWS CodeBuild manages the following Docker images that are available in the AWS CodeBuild and AWS CodePipeline consoles\.
 
 **Note**  
-If you do not find your image on this page, it most likely contains components that are no longer supported by a vendor\. Images with one or more unsupported components are not available from the AWS CodeBuild console or the AWS CodeBuild SDK\. The images might still be available in the CLI, but they are not supported and are not updated\.
+If you do not find your image on this page, it most likely contains components that are no longer supported by a vendor\. Images with one or more unsupported components are not available from the AWS CodeBuild console or the AWS CodeBuild SDK\. The images might still be available in the CLI, but they are not supported or updated\.
 
 
 ****  

doc_source/build-env-ref-background-tasks.md

@@ -6,7 +6,7 @@
 
 # Background Tasks in Build Environments<a name="build-env-ref-background-tasks"></a>
 
-You can run background tasks in build environments\. To do this, in your build spec, use the `nohup` command to run a command as a task in the background, even if the build process exits the shell\. Use the disown command to forcibly stop a running background task\.
+You can run background tasks in build environments\. To do this, in your buildspec, use the `nohup` command to run a command as a task in the background, even if the build process exits the shell\. Use the disown command to forcibly stop a running background task\.
 
 **Examples:**
 + Start a background process and wait for it to complete later:

doc_source/build-env-ref-cmd.md

@@ -7,7 +7,7 @@
 # Shells and Commands in Build Environments<a name="build-env-ref-cmd"></a>
 
 You provide a set of commands for AWS CodeBuild to run in a build environment during the lifecycle of a build \(for example, installing build dependencies and testing and compiling your source code\)\. There are several ways to specify these commands:
-+ Create a build spec file and include it with your source code\. In this file, specify the commands you want to run in each phase of the build lifecycle\. For more information, see the [Build Specification Reference for AWS CodeBuild](build-spec-ref.md)\.
++ Create a build specification file and include it with your source code\. In this file, specify the commands you want to run in each phase of the build lifecycle\. For more information, see the [Build Specification Reference for AWS CodeBuild](build-spec-ref.md)\.
 + Use the AWS CodeBuild console to create a build project\. In **Insert build commands**, for **Build commands**, enter the commands you want to run in the `build` phase\. For more information, see [Create a Build Project \(Console\)](create-project.md#create-project-console)\.
 + Use the AWS CodeBuild console to change the settings of a build project\. In **Insert build commands**, for **Build commands**, enter the commands you want to run in the `build` phase\. For more information, see [Change a Build Project's Settings \(Console\)](change-project.md#change-project-console)\.
 + Use the AWS CLI or AWS SDKs to create a build project or change the settings of a build project\. Reference the source code that contains a build spec file with your commands, or specify a single string that includes the contents of an equivalent build spec file\. For more information, see [Create a Build Project](create-project.md) or [Change a Build Project's Settings](change-project.md)\.

doc_source/build-env-ref-compute-types.md

@@ -20,7 +20,7 @@ AWS CodeBuild provides build environments with the following available memory, v
 **Note**  
 For custom build environment images, AWS CodeBuild supports Docker images up to 20 GB uncompressed in Linux and 50 GB uncompressed in Windows, regardless of the compute type\. To check your build image's size, use Docker to run the `docker images REPOSITORY:TAG` command\.
 
-To choose one of these compute types:
+To choose a compute type:
 + In the AWS CodeBuild console, in the **Create build project** wizard or **Edit Build Project** page, in **Environment** expand **Additional configuration**, and then choose one of the options from **Compute type**\. For more information, see [Create a Build Project \(Console\)](create-project.md#create-project-console) or [Change a Build Project's Settings \(Console\)](change-project.md#change-project-console)\.
 + For the AWS CLI, run the `create-project` or `update-project` command, specifying the `computeType` value of the `environment` object\. For more information, see [Create a Build Project \(AWS CLI\)](create-project.md#create-project-cli) or [Change a Build Project's Settings \(AWS CLI\)](change-project.md#change-project-cli)\.
 + For the AWS SDKs, call the equivalent of the `CreateProject` or `UpdateProject` operation for your target programming language, specifying the equivalent of `computeType` value of the `environment` object\. For more information, see the [AWS SDKs and Tools Reference](sdk-ref.md)\.

doc_source/build-env-ref-env-vars.md

@@ -42,7 +42,7 @@ You can also provide build environments with your own environment variables\. Fo
 + [Run a Build](run-build.md)
 + [Build Spec Reference](build-spec-ref.md)
 
-To list all of the available environment variables in a build environment, you can run the `printenv` command \(for Linux\-based build environment\) or `"Get-ChildItem Env:"` \(for Windows\-based build environments\) during a build\. With the exception of those previously listed, environment variables that start with `CODEBUILD_` are for AWS CodeBuild internal use\. They should not be used in your build commands\.
+To list all of the available environment variables in a build environment, you can run the `printenv` command \(for Linux\-based build environment\) or `"Get-ChildItem Env:"` \(for Windows\-based build environments\) during a build\. Except for those previously listed, environment variables that start with `CODEBUILD_` are for AWS CodeBuild internal use\. They should not be used in your build commands\.
 
 **Important**  
 We strongly discourage the use of environment variables to store sensitive values, especially AWS access key IDs and secret access keys\. Environment variables can be displayed in plain text using tools such as the AWS CodeBuild console and the AWS CLI\.  

doc_source/build-env-ref.md

@@ -8,9 +8,9 @@
 
 When you call AWS CodeBuild to run a build, you must provide information about the build environment\. A *build environment* represents a combination of operating system, programming language runtime, and tools that AWS CodeBuild uses to run a build\. For information about how a build environment works, see [How AWS CodeBuild Works](concepts.md#concepts-how-it-works)\.
 
-A build environment contains a Docker image\. For information, see [Docker Glossary: Image](https://docs.docker.com/glossary/?term=image) on the Docker Docs website\. 
+A build environment contains a Docker image\. For information, see [the Docker glossary](https://docs.docker.com/glossary/?term=image) on the Docker Docs website\. 
 
-When you provide information to AWS CodeBuild about the build environment, you specify the identifier of a Docker image in a supported repository type\. These include the AWS CodeBuild Docker image repository, publicly available images in Docker Hub, and Amazon Elastic Container Registry \(Amazon ECR\) repositories in your AWS account:
+When you provide information to AWS CodeBuild about the build environment, you specify the identifier of a Docker image in a supported repository type\. These include the AWS CodeBuild Docker image repository, publicly available images in Docker Hub, and Amazon Elastic Container Registry \(Amazon ECR\) repositories that your AWS account has permissions to access\.
 + We recommend that you use Docker images stored in the AWS CodeBuild Docker image repository, because they are optimized for use with the service\. For more information, see [Docker Images Provided by AWS CodeBuild](build-env-ref-available.md)\. 
 + To get the identifier of a publicly available Docker image stored in Docker Hub, see [Searching for Images](https://docs.docker.com/docker-hub/repos/#searching-for-images) on the Docker Docs website\.
 + To learn how to work with Docker images stored in Amazon ECR repositories in your AWS account, see [Amazon ECR Sample](sample-ecr.md)\.

doc_source/build-spec-ref.md

@@ -349,15 +349,15 @@ artifacts:
   files:
     - target/messageUtil-1.0.jar
   discard-paths: yes
-secondary-artifacts:
-  artifact1:
-    files:
-      - target/messageUtil-1.0.jar
-    discard-paths: yes
-  artifact2:
-    files:
-      - target/messageUtil-1.0.jar
-    discard-paths: yes
+  secondary-artifacts:
+    artifact1:
+      files:
+        - target/messageUtil-1.0.jar
+      discard-paths: yes
+    artifact2:
+      files:
+        - target/messageUtil-1.0.jar
+      discard-paths: yes
 cache:
   paths:
     - '/root/.m2/**/*'

doc_source/create-project.md

@@ -56,6 +56,7 @@ Answer the questions in [Plan a Build](planning.md)\.
    For **Environment image**, do one of the following:
    + To use a Docker image managed by AWS CodeBuild, choose **Managed image**, and then make selections from **Operating system**, **Runtime**, and **Runtime version**\.
    + To use another Docker image, choose **Custom image**\. For **Environment type**, choose **Linux** or **Windows**\. For **Custom image type**, choose **Amazon ECR** or **Other location**\. If you choose **Other location**, enter the name and tag of the Docker image in Docker Hub, using the format `docker repository/docker image name`\. If you choose **Amazon ECR**, then use **Amazon ECR repository** and **Amazon ECR image** to choose the Docker image in your AWS account\.
+   + To use private Docker image, choose **Custom image**\. For **Environment type**, choose **Linux** or **Windows**\. For **Custom image type**, choose **Other location**, and then enter the Amazon Resource Name \(ARN\) of the credentials for your private Docker image\. The credentials must be created by AWS Secrets Manager\. For more information, see [What Is AWS Secrets Manager?](https://docs.aws.amazon.com/secretsmanager/latest/userguide/)
 
    \(Optional\) Select **Privileged** only if you plan to use this build project to build Docker images, and the build environment image you chose is not provided by AWS CodeBuild with Docker support\. Otherwise, all associated builds that attempt to interact with the Docker daemon fail\. You must also start the Docker daemon so that your builds can interact with it\. One way to do this is to initialize the Docker daemon in the `install` phase of your build spec by running the following build commands\. Do not run these commands if you chose a build environment image provided by AWS CodeBuild with Docker support\.
 
@@ -268,6 +269,13 @@ For information about using the AWS CLI with AWS CodeBuild, see the [Command Lin
            "type": "environmentVariable-type"
          }
        ],
+       "registryCredential": [
+         {
+           "credential": "credential-arn-or-name",
+           "credentialProvider": "credential-provider"
+         }
+       ],
+       "imagePullCredentialsType": "imagePullCredentialsType-value,
        "privilegedMode": "privilegedMode"
      },
      "badgeEnabled": "badgeEnabled"
@@ -394,6 +402,18 @@ If an environment variable with the same name is defined in multiple places, the
 The value in the start build operation call takes highest precedence\.
 The value in the build project definition takes next precedence\.
 The value in the build spec declaration takes lowest precedence\.
+     + Use the optional `registryCredential` to specify information about credentials that provide access to a private Docker registry\. 
+       + *credential\-arn\-or\-name*: Specifies the ARN or name of credentials created using AWS Managed Services \. You can use the name of the credentials only if they exist in your current region
+       + *credential\-provider*: the only valid value is `SECRETS_MANAGER`\.
+
+       When this is set: 
+       + `imagePullCredentials` must be set to `SERVICE_ROLE`\.
+       + images cannot be curated or an Amazon ECR image\.
+     + *imagePullCredentialsType\-value*: Optional value\. The type of credentials AWS CodeBuild uses to pull images in your build\. There are two valid values:
+       +  `CODEBUILD` specifies that AWS CodeBuild uses its own credentials\. This requires that you modify your Amazon ECR repository policy to trust the AWS CodeBuild service principal\. 
+       +  `SERVICE_ROLE` specifies that AWS CodeBuild uses your build project's service role\. 
+
+        When you use a cross\-account or private registry image, you must use `SERVICE_ROLE` credentials\. When you use an AWS CodeBuild curated image, you must use `CODEBUILD` credentials\. 
      + You must specify *privilegedMode* with a value of `true` only if you plan to use this build project to build Docker images, and the build environment image you specified is not provided by AWS CodeBuild with Docker support\. Otherwise, all associated builds that attempt to interact with the Docker daemon fail\. You must also start the Docker daemon so that your builds can interact with it\. One way to do this is to initialize the Docker daemon in the `install` phase of your build spec by running the following build commands\. Do not run these commands if you specified a build environment image provided by AWS CodeBuild with Docker support\.
 
        ```

doc_source/history.md

@@ -8,10 +8,12 @@
 
 The following table describes the important changes to the documentation since the last release of AWS CodeBuild\. For notification about updates to this documentation, you can subscribe to an RSS feed\.
 + **Latest API version:** 2016\-10\-06
-+ **Latest documentation update:** January 17, 2019
++ **Latest documentation update:** January 24, 2019
 
 | Change | Description | Date | 
 | --- |--- |--- |
+| [Updated topics\.](#history) |  AWS CodeBuild now supports using an Amazon ECR image that is in another AWS account\. Several topics have been updated to reflect this change, including [Amazon ECR Sample for AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html), [Create a Build Project](https://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html), and [Create an AWS CodeBuild Service Role](https://docs.aws.amazon.com/codebuild/latest/userguide/setting-up.html#setting-up-service-role)\.  | January 24, 2019 | 
+| [Support for private Docker registries\.](#history) |  AWS CodeBuild now supports using a Docker image that is stored in a private registry as your runtime environment\. For more information, see [Private Registry with AWS Secrets Manager Sample](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-private-registry.html)\.  | January 24, 2019 | 
 | [Updated topic](#history) |  AWS CodeBuild now supports using an access token to connect to GitHub \(with a personal access token\) and Bitbucket \(with an app password\) repositories\. For more information, see [Create a Build Project \(Console\)](https://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-console) and [Using Access Tokens with Your Source Provider](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html)\.  | December 6, 2018 | 
 | [Updated topic](#history) |  AWS CodeBuild now supports new build metrics that measure the duration of each phase in a build\. For more information, see [ AWS CodeBuild CloudWatch Metrics](https://docs.aws.amazon.com/codebuild/latest/userguide/monitoring-builds.html#cloudwatch_metrics-codebuild)\.  | November 15, 2018 | 
 | [VPC Endpoint Policy Topic](#history) |  Amazon VPC endpoints for AWS CodeBuild now support policies\. For more information, see [ Create a VPC Endpoint Policy for AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/use-vpc-endpoints-with-codebuild.html#creating-vpc-endpoint-policy)\.  | November 9, 2018 |