Introduction

CodeBuild can run Docker builds only when the build environment is allowed to run Docker-in-Docker. Without privileged mode, Docker commands fail immediately because there is no working daemon inside the build container. Teams often misread this as an ECR login or Dockerfile problem when the build environment itself is the blocker.

Symptoms

  • docker build fails in CodeBuild before the build even starts
  • Logs report Cannot connect to the Docker daemon
  • ECR login steps succeed, but image build and tag steps still fail
  • The same Dockerfile works locally and in another CI environment

Common Causes

  • CodeBuild privileged mode is disabled
  • The chosen build image does not expose the expected Docker tooling path
  • The project is trying to run Docker commands in a non-Docker build environment
  • Teams focus on registry permissions when the daemon itself is unavailable

Step-by-Step Fix

  1. 1.Check whether privileged mode is enabled
  2. 2.This is the first thing to verify. If it is off, debugging the Dockerfile is wasted effort.
bash
aws codebuild batch-get-projects \
  --names my-project \
  --query "projects[0].environment.[image,computeType,privilegedMode]"
  1. 1.Enable privileged mode on the project
  2. 2.CodeBuild Docker builds require this for normal Docker daemon access inside the build container.
bash
aws codebuild update-project \
  --name my-project \
  --environment '{"type":"LINUX_CONTAINER","image":"aws/codebuild/standard:7.0","computeType":"BUILD_GENERAL1_MEDIUM","privilegedMode":true}'
  1. 1.Verify Docker is actually available during the build
  2. 2.Test the daemon before running the real image build so failures are obvious and early.
yaml
phases:
  pre_build:
    commands:
      - docker version
      - docker info
  1. 1.Only then validate registry login and push permissions
  2. 2.Once Docker daemon access works, ECR or other registry auth issues become the next layer to debug.

Prevention

  • Treat privileged mode as required infrastructure for Docker builds in CodeBuild
  • Use standard CodeBuild images unless you have a clear reason to customize
  • Verify Docker daemon access before build and push steps
  • Separate daemon troubleshooting from registry permission troubleshooting in runbooks