Private Subnets on AWS

Private subnets on AWS are supported, but please make sure to use the following settings:

  • Enable VPC Endpoint for S3. This should significantly improve S3 operations for CircleCI and other nodes within your subnet
  • Ensure that your NAT is adequately powered for heavy network operations. Highly parallel builds using Docker and external network resources can strain your NATs. This is very deployment-specific - but if you notice slowness in network and cache operations later, it’s time to upgrade your NATs.
  • If you are integrating with, ensure that your network ACL whitelists webhooks. When integrating with GitHub, we recommend setting up CircleCI in a public subnet, or setup a public load balancer to forward traffic.
  • Ensure that DNS is enabled for your VPC. Specifically, enableDnsSupport must be enabled, or you must otherwise ensure that DNS is configured correctly on your instances.