Managing custom domain names for an App Runner service
When you create an AWS App Runner service, App Runner allocates a domain name for it. This is a subdomain in the awsapprunner.com
domain that's
owned by App Runner. You can use the domain name to access the web application that's running in your service.
If you own a domain name, you can associate it to your App Runner service. After App Runner validates your new domain, you can use your domain to access your application in addition to the App Runner domain. You can associate up to five custom domains.
You can optionally include the www
subdomain of your domain. However, this is currently only supported by the API. The App Runner console
doesn't support including www
subdomain of your domain.
Associate (link) a custom domain to your service
When you associate a custom domain to your service, you must add the CNAME records and DNS target records to your DNS server. The following sections provide information on CNAME records and DNS target records and how to use them.
CNAME records
When you associate a custom domain with your service, App Runner provides you with a set of CNAME records serve for certificate validation purpose. You must add these CNAME records to your Domain Name System (DNS) server. Add the certificate validation records, provided by App Runner, to your DNS server. This way, App Runner can validate that you own or control the domain.
To auto-renew your custom domain certificates, ensure that you don't delete the certificate validation records from your DNS server. For information about how to resolve issues that are related to the renewal of the certificate, see Custom domain certificate renewal.
App Runner uses ACM to verify the domain. If you're using CAA records in your DNS records, make sure that at least one CAA record references
amazon.com
. Otherwise, ACM can't verify the domain and successfully create your domain.
If you receive errors related to CAA, see the following links to learn how to resolve them:
DNS target records
Add the DNS target records to your DNS server to target the App Runner domain. Add one record for the custom domain, and another for the www
subdomain, if you chose this option. Then, wait for the custom domain status to become Active in the App Runner console. This typically
takes several minutes, but might take up to 24—48 hours (1—2 days). When your custom domain is validated, App Runner starts routing traffic from
this domain to your web application.
For better compatibility with App Runner services, we recommend that you use Amazon Route 53 as your DNS provider. If you don't use Amazon Route 53 to manage your public DNS records, contact your DNS provider to find out how to add records.
If you're using Amazon Route 53 as your DNS provider, you can add either CNAME or alias record for subdomain. For root domain, ensure that you use the alias record.
You can purchase a domain name from Amazon Route 53 or another provider. To purchase a domain name with Amazon Route 53, see Registering a new domain, in the Amazon Route 53 Developer Guide.
For instructions on how to configure a DNS target in Route 53, see Routing traffic to your resources, in the Amazon Route 53 Developer Guide.
For instructions on how to configure a DNS target on other registrars, such as GoDaddy, Shopify, Hover and so on, refer to their specific documentation on adding DNS Target records.
Specify a domain to associate with your App Runner service
You can specify a domain to associate with your App Runner service in the following ways:
-
A root domain – DNS has some inherent limitations which might block you from creating CNAME records for the root domain name. For example, if your domain name is
example.com
, you can create a CNAME record that routes traffic foracme.example.com
to your App Runner service. However, you can't create a CNAME record that routes traffic forexample.com
to your App Runner service. To create a root domain, ensure that you add an alias record.An alias record is specific to Route 53 and has the following advantages over CNAME records:
Route 53 provides you with more flexibility as alias records can be created for root domain or subdomain. For example, if your domain name is
example.com
, you can create a record that routes requests forexample.com
oracme.example.com
to your App Runner service.-
It is more cost efficient. This is because Route 53 doesn't charge for requests that use an alias record to route traffic.
-
A subdomain – For example,
login.example.com
oradmin.login.example.com
. You can optionally also associate thewww
subdomain as part of the same operation. You can add either CNAME or alias record for subdomain. -
A wildcard – For example,
*.example.com
. You can't use thewww
option in this case. You can specify a wildcard only as the immediate subdomain of a root domain and only on its own. These aren't valid specifications:login*.example.com
,*.login.example.com
. This wildcard specification associates all immediate subdomains, and doesn't associate the root domain itself. The root domain must be associated in a separate operation.
A more specific domain association overrides a less specific one. For example, login.example.com
overrides *.example.com
. The
certificate and CNAME of the more specific association are used.
The following example shows how you can use multiple custom domain associations:
-
Associate
example.com
with the home page of your service. Enable thewww
to associatewww.example.com
. -
Associate
login.example.com
with the login page of your service. -
Associate
*.example.com
with a custom "not found" page.
Disassociate (unlink) a custom domain
You can disassociate (unlink) a custom domain from your App Runner service. When you unlink a domain, App Runner stops routing traffic from this domain to your web application.
You must delete the records for the domain you disassociated from your DNS server.
App Runner internally creates certificates that track domain validity. These certificates are stored in AWS Certificate Manager (ACM). App Runner doesn't delete these certificates for 7 days after a domain is disassociated from your service or after the service is deleted.
Manage custom domains
Manage custom domains for your App Runner service using one of the following methods:
For better compatibility with App Runner services, we recommend that you use Amazon Route 53 as your DNS provider. If you don't use Amazon Route 53 to manage your public DNS records, contact your DNS provider to find out how to add records.
If you're using Amazon Route 53 as your DNS provider, you can add either CNAME or alias record for subdomain. For root domain, ensure that you use alias record.