13

I've been struggling with this for hours. So, I created my VPC, along with 4 different subnets. The first three are attached to a regular Internet Gateway. The last one is attached to a NAT Gateway (with 0.0.0.0/0 as Destination). My CodeBuild project is set to use this VPC and the last subnet.

When I click "Validate VPC Settings" in the CodeBuild Project Environment, I get this warning:

"The VPC with ID * might not have an internet connection. CodeBuild cannot find the 0.0.0.0/0 destination for the target internet gateway with subnet ID *."

If I try to run the CodeBuild project, it will timeout because it has no internet access and cannot download sources from CodeCommit...

What am I missing here? The Routing Table for my subnet is attached to the NAT Gateway and the Destination is 0.0.0.0/0, so the error message above doesn't make any sense to me.

Thank you!

Marian Busoi
  • 1,047
  • 2
  • 9
  • 17

2 Answers2

22

So, in case anyone else has the same issue, the reason was that I mistakenly placed my NAT Gateway on a private subnet instead of a public one.

Marian Busoi
  • 1,047
  • 2
  • 9
  • 17
  • 1
    can you please elaborate a little further, in your answer, maybe with some screenshots.. of your SGs and nat gateway and your setup? You have an upvoted question and answer here and I'm still struggling to replicate this. thanks! – Tommy May 11 '21 at 00:11
  • My understanding is that to have proper internet routing from private subnets you also need at least one public subnet, and the NAT gateway(s) used by the private subnets needs to go in the public subnet(s) – Alexander Fortin Sep 17 '21 at 19:04
0

I have faced the same issue and below is the fix that I have applied to make it work:

  1. Yes, even I had mapped the private subnet on NAT Gateway. So, the first correction was to map the public subnet.
  2. Created an "internet gateway" and attached it to the created VPC.
  3. Navigate to the created VPC, and ensured that it has the default main route table mapped.
  4. Click on the default mapped route table, and attach the created "internet gateway" from step2. Don't map any subnet.
  5. Navigate to the Route table, select the private route table, and map the created NAT Gateway, and private subnet.
  6. Navigate to the Code Build, select the created VPC, private subnet, and security group and finally click on "Validate VPC Setting".

Note: Both the route table must be attached to the same VPC.

Actual output: I got the message "VPC with ID {{vpc-xyz}} has the internet connection".

A reference that has helped to try the above steps: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-internet-connectivity/

I hope this helps.

Vikash Choudhary
  • 1,439
  • 12
  • 9