AWS cli medium security documentation change
Summary
Added pull-request-build-policy parameter with comment approval requirements
Security assessment
Mirrors the create-webhook security controls by adding approval requirements for pull request builds. This provides consistent security controls across webhook operations, mitigating risks of unauthorized build execution through updated configurations.
Diff
diff --git a/cli/latest/reference/codebuild/update-webhook.md b/cli/latest/reference/codebuild/update-webhook.md index f05d07ee7..d16ccba2f 100644 --- a//cli/latest/reference/codebuild/update-webhook.md +++ b//cli/latest/reference/codebuild/update-webhook.md @@ -15 +15 @@ - * [AWS CLI 2.28.4 Command Reference](../../index.html) » + * [AWS CLI 2.28.6 Command Reference](../../index.html) » @@ -76,0 +77 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/codebu + [--pull-request-build-policy <value>] @@ -268,0 +270,35 @@ JSON Syntax: +`--pull-request-build-policy` (structure) + +> A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows. +> +> requiresCommentApproval -> (string) +> +>> Specifies when comment-based approval is required before triggering a build on pull requests. This setting determines whether builds run automatically or require explicit approval through comments. +>> +>> * _DISABLED_ : Builds trigger automatically without requiring comment approval +>> * _ALL_PULL_REQUESTS_ : All pull requests require comment approval before builds execute (unless contributor is one of the approver roles) +>> * _FORK_PULL_REQUESTS_ : Only pull requests from forked repositories require comment approval (unless contributor is one of the approver roles) +>> + +> +> approverRoles -> (list) +> +>> List of repository roles that have approval privileges for pull request builds when comment approval is required. Only users with these roles can provide valid comment approvals. If a pull request contributor is one of these roles, their pull request builds will trigger automatically. This field is only applicable when `requiresCommentApproval` is not _DISABLED_ . +>> +>> (string) + +Shorthand Syntax: + + + requiresCommentApproval=string,approverRoles=string,string + + +JSON Syntax: + + + { + "requiresCommentApproval": "DISABLED"|"ALL_PULL_REQUESTS"|"FORK_PULL_REQUESTS", + "approverRoles": ["GITHUB_READ"|"GITHUB_TRIAGE"|"GITHUB_WRITE"|"GITHUB_MAINTAIN"|"GITHUB_ADMIN"|"GITLAB_GUEST"|"GITLAB_PLANNER"|"GITLAB_REPORTER"|"GITLAB_DEVELOPER"|"GITLAB_MAINTAINER"|"GITLAB_OWNER"|"BITBUCKET_READ"|"BITBUCKET_WRITE"|"BITBUCKET_ADMIN", ...] + } + + @@ -637 +673 @@ webhook -> (structure) - * [AWS CLI 2.28.4 Command Reference](../../index.html) » + * [AWS CLI 2.28.6 Command Reference](../../index.html) »