There is no problem downloading code from buckets outside of your region in CodeBuild, this request will go over the internet.
The ion push command seems to directly copy objects from the datomic-releases s3 repo to your datomic-code bucket, which fails if this is cross-region. I.e, for our system in eu-west-1:
-
aws s3 cp <bucket-in-us-east-1> .works. Request goes over the internet. -
aws s3 cp <local-file> <bucket-in-eu-west-1>works. Request stays within the AWS network -
aws s3 cp <bucket-in-us-east-1> <bucket-in-eu-west-1>is a cross-region request. This fails.
Our workaround has been to create a VPC with a NAT gateway and a private subnet for CodeBuild to run in. This works for us now, although it would be nice if can be solved. Maybe with s3 cross-region replication so we can use VPC s3 endpoints.