Reputation: 145
AWS CodeBuild Fails on DOWNLOAD_SOURCE - CLIENT_ERROR
I am now getting a Failure for CodeBuild on the DOWNLOAD_SOURCE phase.
CLIENT_ERROR: RequestError: send request failed caused by: Get "https://codepipeline-us-east-1-215861945190.s3.amazonaws.com/diag-upload-pipe/SourceArti/jiUJWyf": dial tcp 52.217.106.244:443: i/o timeout for primary source and source version arn:aws:s3:::codepipeline-us-east-1-215861945190/diag-upload-pipe/SourceArti/jiUJWyf
I have tried adding S3 permissions for full access to no avail. I've also tried following the advice from Ryan Williams in the comments here: DOWNLOAD_SOURCE Failed AWS CodeBuild
Still unable to get past this error.
I have my VPC
- Main route table for the VPC(rtb05b) Routes - 10.0.0.0/16 with a local target and 0.0.0.0/0 with nat-0ad target
- Subnet associations - subnet-0a7
- subnet-0a7 routes 10.0.0.0/16 with a local target and 0.0.0.0/0 with nat-0ad target
- Mixed route route table - rtb-026 routes 10.0.0.0/16 with a local target and 0.0.0.0/0 with internet gateway igw-0305 target
- Associated subnets for the mixed route table are a Private and Public subnet
I feel like there has to be a problem with the routing since there's an i/o timeout but I can't for the life of me figure out where I went wrong.
Upvotes: 5
Views: 7244
Answers (2)
Reputation: 361
Your build project environment should belongs to ONLY private subnet, which has 0.0.0.0/0 route to NAT in the route table. Also check their security group to allow https requests.
Upvotes: 0
Reputation: 11
I faced exactly the same problem. In my case, it was due to the Security Group Egress setting in CodeBuild.
Here is what I did when I built the resource using CloudFormation.
Step 1: Create a SecurityGroup for CodeBuild
CodeBuildSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
Step 2: Set up an Egress to allow all outbound traffic to the SecurityGroup created in Step 1.
CodeBuildEgressAllAccess:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref CodeBuildSecurityGroup
CidrIp: '0.0.0.0/0'
FromPort: -1
ToPort: -1
IpProtocol: '-1'
Step 3: Set up an egress to allow outbound traffic to connect to RDS MySQL.
CodeBuildEgressToMySQL:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref CodeBuildSecurityGroup
DestinationSecurityGroupId: !Ref RdsMySQLSecurityGroup
FromPort: 3306
ToPort: 3306
IpProtocol: tcp
When I deployed the stack with this content, the only outbound traffic allowed to the SecurityGroup for CodeBuild is RDS MySQL.
All allowed Egress Rule created in Step 2 was ignored. So outbound traffic such as Internet, S3 and others will be denied.
Upvotes: 1
Related Questions
- CodeBuild cannot find the 0.0.0.0/0 destination for the target internet gateway
- AWS CodeBuild failed CLIENT_ERROR: authorization failed for primary source and source version
- DOWNLOAD_SOURCE Failed AWS CodeBuild
- AWS Codebuild error in DOWNLOAD_SOURCE Phase
- AWS CodeBuild DOWNLOAD_SOURCE failed
- Aws codebuild failed
- CodeBuild (AWS) from CodePipeline (AWS) is not working
- AWS codebuild fails cant download source when initiated from codepipeline
- I try to build an AWS CodeBuild, but failed
- AWS Codebuild fails while downloading source. Message: reference not found