AWS CodeBuild 可以管理 secret 了：「AWS CodeBuild Now Provides Ability To Manage Secrets」。
AWS CodeBuild now further enhances securing your build environment. CodeBuild can now store sensitive information as secrets, which can now get directly passed to your build jobs. This can be achieved by modifying the parameter store directly in your buildspec.yml, or via the CodeBuild console.
We strongly discourage using environment variables to store sensitive values, especially AWS access key IDs and secret access keys. Environment variables can be displayed in plain text using tools such as the AWS CodeBuild console and the AWS CLI. For sensitive values, we recommend you use the parameter-store mapping instead, as described later in this section.
不過在找資料的時候，發現 AWS CodeBuild 提供了每個月一百分鐘的 free quota，不論是新帳號還是現有帳號都一直有？(這點是之前沒注意到的...)
The AWS CodeBuild free tier includes 100 build minutes of build.general1.small per month. The CodeBuild free tier does not expire automatically at the end of your 12-month AWS Free Tier term. It is available to new and existing AWS customers.