Your team is using the AWS CodeBuild service for an application build.
As part of Integration testing during the build phase, the application needs to access an RDS instance in a private subnet.
How can you ensure that this is possible?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
This is given in the AWS Documentation.
Typically, resources in a VPC are not accessible by AWS CodeBuild.
To enable access, you must provide additional VPC-specific configuration information as part of your AWS CodeBuild project configuration.
This includes the VPC ID, the VPC subnet IDs, and the VPC security group IDs.
VPC-enabled builds are then able to access resources inside your VPC.
VPC connectivity from AWS CodeBuild builds makes it possible to:
Run integration tests from your build against data in an Amazon RDS database that's isolated on a private subnet.
Query data in an Amazon ElastiCache cluster directly from tests.
Interact with internal web services hosted on Amazon EC2, Amazon ECS, or services that use internal Elastic Load Balancing.
Since the requirements are clearly mentioned in the documentation, all other options are incorrect.
For more information on VPC support for AWS CodeBuild, please refer to the below URL-
https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.htmlWhen an application needs to access resources in a private subnet, there are several options for making the resources accessible, but the most common approach is to use a NAT gateway. Therefore, the answer to this question is D. Use a NAT gateway to relay the requests from AWS CodeBuild to the RDS Instance.
Here's a more detailed explanation:
AWS CodeBuild is a fully managed continuous integration and continuous delivery (CI/CD) service that compiles source code, runs tests, and produces software packages that are ready to deploy. During the build phase, it is common for applications to access resources in different parts of your infrastructure, including RDS instances in private subnets.
By default, resources in a private subnet cannot be accessed from outside the VPC. To enable CodeBuild to access an RDS instance in a private subnet, you need to provide a way for the traffic to leave the VPC and reach the internet. One way to do this is to use a NAT gateway, which is a managed service that enables outbound internet traffic from resources in a private subnet.
To set up a NAT gateway for CodeBuild to access an RDS instance in a private subnet, follow these steps:
Create a NAT gateway in a public subnet: The NAT gateway must be in a public subnet with a route to an internet gateway.
Create a new route table: Create a new route table for the private subnet where the RDS instance is located. This route table should have a default route to the NAT gateway created in step 1.
Modify the subnet association: Associate the private subnet with the new route table created in step 2.
Update CodeBuild project configuration: In the CodeBuild project configuration, update the VPC settings to use the private subnet and the new route table created in steps 2 and 3.
With these steps, CodeBuild will be able to access the RDS instance in the private subnet through the NAT gateway.