Running CodeBuild inside a private subnet within a vpc, and giving it outbound internet access:

We have to attach NAT gateways to private subnets we wish to give outbound internet access.

In a vpc configuration, a subnet is public if it is attached to an internet gateway (igw for short). And we do this using a subnet association in a route table: we can use the default route table that comes with the vpc; we add the route [destination: 0.0.0.0/0, target: igw-XXXX where igw-XXXX is an igw], we then move to the route table subnet association and attach the subnet we wish to make public. Of course, you can create the igw if you haven't.

Once this subnet is made public, we have to create the NAT gateway we wish to attach to private subnets, within this public subnet. So, when creating the NAT, in the form for creating the NAT, we must select this public subnet as its subnet.

Now let's move over to the private subnets. We must ensure these private subnets are not associated with our default route table since we're using this route table to route traffic to the igw. If they are, they are automatically public subnets.

We must create a new route table to manage routing for our private subnets. Now create the new route table, and select our vpc while doing that. After that, add a route to this table [destination: 0.0.0.0/0, target: nat-XXXX where nat-XXXX is the NAT you created]. Next, we move to the route table subnet association and attach all the subnets we wish to make private.

Now since this NAT's subnet (the subnet selected while creating the NAT) is a public subnet and attached to an igw, all the private subnets associated with this NAT, would have outbound internet traffic.