Allow Amazon VPC access in your CodeBuild projects - Amazon CodeBuild
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Allow Amazon VPC access in your CodeBuild projects

Include these settings in your VPC configuration:

  • For VPC ID, choose the VPC ID that CodeBuild uses.

  • For Subnets, choose a private subnet with NAT translation that includes or has routes to the resources used by CodeBuild.

  • For Security Groups, choose the security groups that CodeBuild uses to allow access to resources in the VPCs.

To use the console to create a build project, see Create a build project (console). When you create or change your CodeBuild project, in VPC, choose your VPC ID, subnets, and security groups.

To use the Amazon CLI to create a build project, see Create a build project (Amazon CLI). If you are using the Amazon CLI with CodeBuild, the service role used by CodeBuild to interact with services on behalf of the IAM user must have a policy attached. For information, see Allow CodeBuild access to Amazon services required to create a VPC network interface.

The vpcConfig object should include your vpcId, securityGroupIds, and subnets.

  • vpcId: Required. The VPC ID that CodeBuild uses. Run this command to get a list of all Amazon VPC IDs in your Region:

    aws ec2 describe-vpcs

  • subnets: Required. The subnet IDs that include resources used by CodeBuild. Run this command obtain these IDs:

    aws ec2 describe-subnets --filters "Name=vpc-id,Values=<vpc-id>" --region us-east-1
    Note

    Replace us-east-1 with your Region.

  • securityGroupIds: Required. The security group IDs used by CodeBuild to allow access to resources in the VPCs. Run this command to obtain these IDs:

    aws ec2 describe-security-groups --filters "Name=vpc-id,Values=<vpc-id>" --region us-east-1
    Note

    Replace us-east-1 with your Region.