Setting up networking configurations for incoming traffic - AWS App Runner

Setting up networking configurations for incoming traffic

You can configure your service to receive incoming traffic from private or public endpoint.

A Public Endpoint is the default configuration. It opens your service to any incoming traffic from the public internet. It also provides you with the flexibility to choose between Internet Protocol version 4 (IPv4) or dual-stack (IPv4 and IPv6) address type for your service.

A Private endpoint only allows traffic from an Amazon VPC to access your App Runner service. This is achieved by setting up a VPC interface endpoint, an AWS PrivateLink resource, for your App Runner service. Thereby, creating a private connection between the Amazon VPC and your App Runner service.


App Runner currently supports dual-stack (IPv4 and IPv6) address type only for Public endpoint. For Private endpoint, only IPv4 is supported.

The following are the topics that are covered as part of setting up your network configurations for incoming traffic:


With App Runner you can access the original source IPv4 and IPv6 addresses of the traffic entering your application. The original source IP addresses are preserved by assigning the X-Forwarded-For request header to them. This enables your applications to fetch the original source IP addresses when needed.


If your service is configured to use private endpoint, then X-Forwarded-For request header cannot be used to access original source IP addresses. If used, it retrieves false values.