After configuring Identity and Access Management (IAM) settings for a CodeBuild project, a key can be configured to encrypt the build artifact data. By default an AWS managed key is used, however it is recommended to use a customer managed key for this process. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/codebuild/latest/userguide/setting-up.html
Data at-rest, which can include build artifacts and results, is encrypted by default using AWS provided/managed keys. To use customer managed keys, follow the AWS documentation for creating, storing, and selecting these keys.
In Terraform -
References:
https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project