I have a codebuild project that I'm launching inside a VPC. When outside of the VPC, the project runs and logs into Cloudwatch logs. I need to move inside the VPC so that it can access the database. When inside the VPC, the install stage fails and codebuild fails to write anything to Cloudwatch logs. The console page for the build says:
Error: The specified log stream does not exist.
I expect that security groups are the problem, but flow logs are on, and they aren't showing blocked traffic for the codebuild ENI.
There is an internet gateway for the VPC, and the subnet has routes to the internet using the gateway.
The codebuild project is built by cloudformation. Logs are written when the VpcConfig of the codebuild project is commented out, but not when it is included. I believe that demonstrates that IAM permissions are not the problem.
Any suggestions are appreciated.
