Managing custom domain names for an App Runner service
When you create an AWS App Runner service, App Runner allocates a domain name for it. This is a subdomain in the awsapprunner.com
domain that's
owned by App Runner. It can be used to access the web application that's running in your service.
If you own a domain name, you can associate it to your App Runner service. After App Runner validates your new domain, it can be used to access your application in addition to the App Runner domain. You can associate up to five custom domains.
You can optionally include the www
subdomain of your domain. However, this is currently only supported in the API. The App Runner console
doesn't support it.
When you associate a custom domain with your service, App Runner provides you with a set of CNAME records to add to your Domain Name System (DNS). Add
certificate validation records to your DNS. This way, App Runner can validate that you own or control the domain. App Runner uses ACM to verify the domain. If you're
using CAA records in your DNS records, make sure that at least one CAA record references to amazon.com
. Otherwise, ACM can't verify the
domain and successfully create your domain.
For auto-renewal of your custom domain certificates, ensure that you do not delete the certificate validation records from your DNS server. For information on how to resolve issues related to the renewal of the certificate, see Custom domain certificate renewal.
For information about how to resolve CAA errors, see:
In addition, add DNS target records to your DNS to target the App Runner domain. Add one record for the custom domain, and another for the www
subdomain, if you chose this option. Then, wait for the custom domain status to become Active in the App Runner console. This typically takes
several minutes, but might take up to 24—48 hours (1—2 days). At this point, your custom domain is validated, and App Runner starts routing traffic
from this domain to your web application.
If you're using Amazon Route 53 as your DNS provider, you can add a subdomain, but support for adding a root domain isn't available at this time.
You can specify a domain to associate with your App Runner service in the following ways:
-
A root domain – For example,
example.com
. You can optionally associatewww.example.com
too as part of the same operation. -
A subdomain – For example,
login.example.com
oradmin.login.example.com
. You can optionally associate thewww
subdomain too as part of the same operation. -
A wildcard – For example,
*.example.com
. You can't use thewww
option in this case. You can specify a wildcard only as the immediate subdomain of a root domain and only on its own. These aren't valid specifications:login*.example.com
,*.login.example.com
. This wildcard specification associates all immediate subdomains, and doesn't associate the root domain itself. The root domain must be associated in a separate operation.
A more specific domain association overrides a less specific one. For example, login.example.com
overrides *.example.com
. The
certificate and CNAME of the more specific association are used.
The following example shows how you can use multiple custom domain associations:
-
Associate
example.com
with the home page of your service. Enable thewww
to associatewww.example.com
. -
Associate
login.example.com
with the login page of your service. -
Associate
*.example.com
with a custom "not found" page.
You can disassociate (unlink) a custom domain from your App Runner service. When you unlink a domain, App Runner stops routing traffic from this domain to your web application. You must delete the records for this domain from your DNS.
App Runner internally creates certificates that track domain validity. They're stored in AWS Certificate Manager (ACM). App Runner doesn't delete these certificates for seven days after a domain is disassociated from your service or after the service is deleted.
Manage custom domains
Manage custom domains for your App Runner service using one of the following methods:
If you're using Amazon Route 53 as your DNS provider, you can add a subdomain, but support for adding a root domain isn't available at this time.