- Newest
- Most votes
- Most comments
Hello.
If your EC2 is in a private subnet, the following VPC endpoints are required for communication with CodeDeploy.
https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html
com.amazonaws.region.codedeploy
com.amazonaws.region.codedeploy-commands-secure
Also, ":enable_auth_policy:" must be set to "true" in the CodeDeploy Agent settings.
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-agent-configuration.html
https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html#vpc-codedeploy-agent-configuration
To use Amazon VPC endpoints with CodeDeploy, you must set the value of :enable_auth_policy: to true in the agent configuration file located on your EC2 or on-premises instances. For more information on the agent configuration file, see CodeDeploy agent configuration reference.
When installing CodeDeploy Agent with Systems Manager, the following VPC endpoints are required.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html
ssm.region.amazonaws.com
ssmmessages.region.amazonaws.com
ec2messages.region.amazonaws.com
Since you should be accessing S3, try setting up a gateway VPC endpoint for S3.
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
I think it would be easier to set up a NAT Gateway than using so many VPC endpoints.
Use VPC endpoints if you don't want to send communication outside of AWS.
If there are no special communication requirements, I think one method is to use a NAT Gateway.
Relevant content
- asked 10 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
Thank you, the issue about the NAT is the cost which is 0.45 per hour and 0.45 per g, VPC endpoints is 0.01 per hour, and 0.01 per g. And I think you missed code pipeline i mentioned above. So i don’t need that right, and could you help me take a close look and is there anything else what i’m missing, since i’m also using ec2 template, auto scaling group and app load balancer. Thank you. Just want to make sure that’s everything i need to set up for, and i will compare combined endpoint price with a nat
Basically, there should be no problem as long as EC2 can communicate with CodeDeploy and S3, so I don't think CodePipeline's VPC endpoint is necessary.