AWS CodeBuild — Access Resources Inside a VPC

Today we discuss how we can access AWS resources that are inside VPC and not accessible from outside of VPC.

CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. As part of the build process, developers often require access to resources that should be isolated from the public Internet. Now CodeBuild builds can be optionally configured to have VPC connectivity and access these resources directly.

Typically, resources in a VPC are not accessible by AWS CodeBuild. To enable access, you must provide additional VPC-specific configuration information as part of your CodeBuild project configuration. This includes the VPC ID, the VPC subnet IDs, and the VPC security group IDs. VPC-enabled builds are then able to access resources inside your VPC.

Use Case:

• Connect Database during the AWS CodeBuild process.
• Connect Build assets that are inside VPC.
• Interact with internal web services hosted on Amazon EC2, Amazon ECS, or services that use internally.
• Access S3 objects that allow access only through a VPC endpoint.

Let try to Access Resources under VPC during Build

First, we need to change the security group resource.

Goto this link and find CIDR range of CodeBuild for your current region

https://ip-ranges.amazonaws.com/ip-ranges.json

Let say we are in ap-south-1 So 13.127.70.136/29 is the CIDR range.

Goto Resource Security Group and add new TCP rules with this CIDR range.

Our security group is ready now we just need to attach this with CodeBuild.

Let's Create a CodeBuild project.

1. Open the CodeBuild console.
2. Choose to Create a newbuild project.
3. In Project Configuration, enter the name and description for the new build project.
4. In Source, select the source provider for your code repository.
5. In Environment image, choose a Managed image, Ubuntu, and the latest runtime version.
6. Choose the appropriate service role for your project.
7. In the Additional configuration menu, select the VPC of AWS resource > Click on Validate VPC Settings. For more information, see Use CodeBuild with Amazon Virtual Private Cloud.
8. In Security Groups, select the security group needed for the CodeBuild environment to access AWS Resource.

9. In Build Specifications, select Use a build spec file.

Click on the Save button.

If all good our CodeBuild able to access our AWS Resource that is inside VPC.

If anything goes wrong it will display this type of error —

1. CLIENT_ERROR:RequestError

This means our CodeBuild not able to Access Code.

Solution:

Just Goto VPC> NAT Gatway> Setup NAT Gateway support for our VPC.

2. If CodeBuild Run but not able to see Logs

Solution:

If Build logs not displayed that means something is missing in the security group.

Check the Security group and confirm the selected security group is the same as an AWS resource connected if not please change and connect the right security group with CodeBuild.

Thank you for reading, if you have anything to add please send a response or add a note!