Skip to content

Features

The S3 bucket is configured as below

  • enabled versioning of objects
  • enabled encryption using an S3 managed Key
  • disallowing public access
  • A lifecycle configuration for the archived repositories. They and their versions transistion through different storage classes
  • Infrequent Access after 30 days
  • Glacier after 90 days
  • Deep Archive 180 days
  • Expiry after 365 days
  • configurable notifications to SNS about uploaded/ expired objects

The CodeBuild projects are configured as below

  • Logging to CloudWatch
  • Configurable retention period. Default is one month.
  • Encryption using customer-managed KMS key
  • Schedule based execution.
  • The default schedule is one week and can be overriden as part of the backup configuration.