AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Is it possible to connect CodeBuild to CodeCommit over PrivateLink ?

0

I am able to connect CodeBuild with CodeCommit via NAT gateway in public subnet -> Internet Gateway. As both CodeCommit & CodeBuild are on AWS, I am trying to avoid using Internet Gateway.

Here's what I have done so far

  • Created endpoint for CodeCommit
  • Attached it to private subnet
  • Configured CodeBuild to use the same subnet

I am curious on what can be done here to avoid using Internet Gateway.

주제
개발자 도구네트워킹 및 콘텐츠 전송
태그
AWS CodeCommitAWS 프라이빗 링크
언어
English
rePost-User-2082718
질문됨 2년 전1049회 조회
2개 답변
0
수락된 답변

So long as CodeBuild has network connectivity to your CodeCommit endpoint, and the DNS resolution that CodeBuild sees for the CodeCommit service is overridden to point to that endpoint, then CodeCommit will be accessed without using the IGW. DNS resolution is overridden via a Private Hosted Zone (PHZ). The way it works within a single VPC is that you set PrivateDnsEnabled=true for the VPC Endpoint when you create it, which sets up an AWS-managed PHZ associated with the VPC.

See https://www.linkedin.com/pulse/how-share-interface-vpc-endpoints-across-aws-accounts-steve-kinsman/ for more info.

전문가
skinsman
답변함 2년 전
profile picture
전문가
Antonio_Lagrotteria
검토됨 한 달 전
  • rePost-User-2082718
    2년 전
    • Created PHZ for git-codecommit.us-east-1.amazonaws.com
    • Added DNS "A" record for *.git-codecommit.us-east-1.amazonaws.com and pointed it to the endpoint - 10.10.10.229 in my case
    • On CodeBuild now I get "CLIENT_ERROR: Get "https:// git-codecommit.us-east-1.amazonaws.com/v1/xxxxxk": dial tcp: lookup git-codecommit.us-east-1.amazonaws.com on 10.10.10.2:53: no such host for primary source and source version refs/heads/master"

    I must have misconfigured something here.

  • skinsman 전문가
    2년 전

    If you're not sharing across VPCs, it's easiest to set PrivateDnsEnabled=true and let AWS manage the PHZ for you. Though of course you can set "false" instead and do your own as it sounds like you're doing. The PHZ would normally contain an Alias record mapping the service DNS name to the VPC Endpoint name rather than a regular A record mapping to an IP address. For example an SMS PHZ of ours has:

    Record name = sms.ap-southeast-2.amazonaws.com

    Value = vpce-xxxxxxxxxxxxxxxxx-xxxxxxxx.sms.ap-southeast-2.vpce.amazonaws.com.

    Alias = Yes

    You don't need "*." on the front of the record name.

  • rePost-User-2082718
    2년 전

    VPC has "DNS hostnames" & "DNS resolution" enabled. Can I set "PrivateDnsEnabled=true" using console?

    So far I have tried following:

    • Created Private Hosted Zone in Route 53 for git-codecommit.us-east-1.amazonaws.com

    • Added A record using alias to point to the endpoint

    • Getting "CLIENT_ERROR: Get "https:// git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/info/refs?service=git-upload-pack": x509: certificate is valid for codecommit.us-east-1.amazonaws.com, *.codecommit.us-east-1.vpce.amazonaws.com, not git-codecommit.us-east-1.amazonaws.com for primary source and source version refs/heads/master"

    • Deleted old private hosted Zone

    • Created new private hosted Zone for codecommit.us-east-1.amazonaws.com

    • Added A record using alias to point to the endpoint

    • Getting "CLIENT_ERROR: Get "https:// git-codecommit.us-east-1.amazonaws.com/v1/repos/Test/info/refs?service=git-upload-pack": dial tcp 52.94.226.180:443: i/o timeout for primary source and source version refs/heads/master"

0

I chose wrong endpoint CodeCommit. After choosing "git-codecommit" in Endpoint.

rePost-User-2082718
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠