Does Image Builder support build and test an image in a private VPC subnet without internet access?

Question

Hi I tried to setup an Image Builder Pipeline with **a private subnet without internet connection** in a VPC. It failed with failure message = '**Unable to bootstrap TOE**'. I searched the AWS documentation and the TOE installation clearly needs a HTTPS connection to an internet address.

Has anyone run image builder in a private subnet without internet access successfully here? I have enabled the "VPC network interface" so the instance in my VPC can communicate with Image builder, SSM, S3 and Cloudwatch in a private connection but not with AWS TOE installation HTTP URL. Thanks.

Accepted Answer

HTTP URL is essentially an S3 Bucket. So if you create an VPC Endpoint for S3 the connection to download the files should work .
Below is an article that goes through the steps of creating VPC Endpoints for S3. You can skip the bucket policy step  
[https://aws.amazon.com/premiumsupport/knowledge-center/s3-private-connection-no-authentication/]()

Answer

After I created an S3 bucket URI for that AWS TOE repo `"arn:aws:s3:::ec2imagebuilder-toe-${AWS::Region}-prod/*"` it works like a charm and Image Builder is able to bootstrap AWS TOE and proceed with its functions.  Thanks.

Does Image Builder support build and test an image in a private VPC subnet without internet access?

Relevanter Inhalt