7

When creating a Codebuild project it's possible to configure a cache in the Artifacts section to speed up subsequent builds.

Docker layer cache is one of the options there. AWS documentation says:

LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.

Note

You can use a Docker layer cache in the Linux environment only.

The privileged flag must be set so that your project has the required Docker permissions.

You should consider the security implications before you use a Docker layer cache.

The question is: What are those security implications?

1
  • 1
    We'll make it clear in the CodeBuild documentation. Enabling privileged mode gives escalated privilege to the running Docker environment (e.g. needed for accessing docker inside CodeBuild's container), but your builds themselves get VM-level isolation. If you are building say a multi-tenant solution on top of CodeBuild, you should know that the underlying environment is being granted escalated privilege if you enable the privileged mode. Privileged mode is not enabled by default and customers opt-in based on their use case needs. Apr 27, 2019 at 14:58

0

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.