Namespace Amazon.CDK.AWS.AppRunner.Alpha
AWS::AppRunner Construct Library
---
The APIs of higher level constructs in this module are experimental and under active development.
They are subject to non-backward compatible changes or removal in any future version. These are
not subject to the <a href="https://semver.org/">Semantic Versioning</a> model and breaking changes will be
announced in the release notes. This means that while you may use them, you may need to update
your source code when upgrading to a newer version of this package.
This module is part of the AWS Cloud Development Kit project.
using Amazon.CDK.AWS.AppRunner.Alpha;Introduction
AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required. Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption. App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.
Service
The Service construct allows you to create AWS App Runner services with ECR Public, ECR or Github with the source property in the following scenarios:
The Service construct implements IGrantable.
ECR Public
To create a Service with ECR Public:
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
})
});ECR
To create a Service from an existing ECR repository:
using Amazon.CDK.AWS.ECR;
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcr(new EcrProps {
ImageConfiguration = new ImageConfiguration { Port = 80 },
Repository = Repository.FromRepositoryName(this, "NginxRepository", "nginx"),
TagOrDigest = "latest"
})
});To create a Service from local docker image asset directory built and pushed to Amazon ECR:
You can specify whether to enable continuous integration from the source repository with the autoDeploymentsEnabled flag.
using Amazon.CDK.AWS.Ecr.Assets;
var imageAsset = new DockerImageAsset(this, "ImageAssets", new DockerImageAssetProps {
Directory = Join(__dirname, "docker.assets")
});
new Service(this, "Service", new ServiceProps {
Source = Source.FromAsset(new AssetProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
Asset = imageAsset
}),
AutoDeploymentsEnabled = true
});GitHub
To create a Service from the GitHub repository, you need to specify an existing App Runner Connection.
See Managing App Runner connections for more details.
new Service(this, "Service", new ServiceProps {
Source = Source.FromGitHub(new GithubRepositoryProps {
RepositoryUrl = "https://github.com/aws-containers/hello-app-runner",
Branch = "main",
ConfigurationSource = ConfigurationSourceType.REPOSITORY,
Connection = GitHubConnection.FromConnectionArn("CONNECTION_ARN")
})
});Use codeConfigurationValues to override configuration values with the API configuration source type.
new Service(this, "Service", new ServiceProps {
Source = Source.FromGitHub(new GithubRepositoryProps {
RepositoryUrl = "https://github.com/aws-containers/hello-app-runner",
Branch = "main",
ConfigurationSource = ConfigurationSourceType.API,
CodeConfigurationValues = new CodeConfigurationValues {
Runtime = Runtime.PYTHON_3,
Port = "8000",
StartCommand = "python app.py",
BuildCommand = "yum install -y pycairo && pip install -r requirements.txt"
},
Connection = GitHubConnection.FromConnectionArn("CONNECTION_ARN")
})
});IAM Roles
You are allowed to define instanceRole and accessRole for the Service.
instanceRole - The IAM role that provides permissions to your App Runner service. These are permissions that
your code needs when it calls any AWS APIs. If not defined, a new instance role will be generated
when required.
To add IAM policy statements to this role, use addToRolePolicy():
using Amazon.CDK.AWS.IAM;
var service = new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
})
});
service.AddToRolePolicy(new PolicyStatement(new PolicyStatementProps {
Effect = Effect.ALLOW,
Actions = new [] { "s3:GetObject" },
Resources = new [] { "*" }
}));accessRole - The IAM role that grants the App Runner service access to a source repository. It's required for
ECR image repositories (but not for ECR Public repositories). If not defined, a new access role will be generated
when required.
See App Runner IAM Roles for more details.
Auto Scaling Configuration
To associate an App Runner service with a custom Auto Scaling Configuration, define autoScalingConfiguration for the service.
var autoScalingConfiguration = new AutoScalingConfiguration(this, "AutoScalingConfiguration", new AutoScalingConfigurationProps {
AutoScalingConfigurationName = "MyAutoScalingConfiguration",
MaxConcurrency = 150,
MaxSize = 20,
MinSize = 5
});
new Service(this, "DemoService", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
AutoScalingConfiguration = autoScalingConfiguration
});VPC Connector
To associate an App Runner service with a custom VPC, define vpcConnector for the service.
using Amazon.CDK.AWS.EC2;
var vpc = new Vpc(this, "Vpc", new VpcProps {
IpAddresses = IpAddresses.Cidr("10.0.0.0/16")
});
var vpcConnector = new VpcConnector(this, "VpcConnector", new VpcConnectorProps {
Vpc = vpc,
VpcSubnets = vpc.SelectSubnets(new SubnetSelection { SubnetType = SubnetType.PUBLIC }),
VpcConnectorName = "MyVpcConnector"
});
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
VpcConnector = vpcConnector
});VPC Ingress Connection
To make your App Runner service private and only accessible from within a VPC use the isPubliclyAccessible property and associate it to a VpcIngressConnection resource.
To set up a VpcIngressConnection, specify a VPC, a VPC Interface Endpoint, and the App Runner service.
Also you must set isPubliclyAccessible property in ther Service to false.
For more information, see Enabling Private endpoint for incoming traffic.
using Amazon.CDK.AWS.EC2;
Vpc vpc;
var interfaceVpcEndpoint = new InterfaceVpcEndpoint(this, "MyVpcEndpoint", new InterfaceVpcEndpointProps {
Vpc = vpc,
Service = InterfaceVpcEndpointAwsService.APP_RUNNER_REQUESTS,
PrivateDnsEnabled = false
});
var service = new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration {
Port = 8000
},
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
IsPubliclyAccessible = false
});
new VpcIngressConnection(this, "VpcIngressConnection", new VpcIngressConnectionProps {
Vpc = vpc,
InterfaceVpcEndpoint = interfaceVpcEndpoint,
Service = service
});Dual Stack
To use dual stack (IPv4 and IPv6) for your incoming public network configuration, set ipAddressType to IpAddressType.DUAL_STACK.
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
IpAddressType = IpAddressType.DUAL_STACK
});Note: Currently, App Runner supports dual stack for only Public endpoint. Only IPv4 is supported for Private endpoint. If you update a service that's using dual-stack Public endpoint to a Private endpoint, your App Runner service will default to support only IPv4 for Private endpoint and fail to receive traffic originating from IPv6 endpoint.
Secrets Manager
To include environment variables integrated with AWS Secrets Manager, use the environmentSecrets attribute.
You can use the addSecret method from the App Runner Service class to include secrets from outside the
service definition.
using Amazon.CDK.AWS.SecretsManager;
using Amazon.CDK.AWS.SSM;
Stack stack;
var secret = new Secret(stack, "Secret");
var parameter = StringParameter.FromSecureStringParameterAttributes(stack, "Parameter", new SecureStringParameterAttributes {
ParameterName = "/name",
Version = 1
});
var service = new Service(stack, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration {
Port = 8000,
EnvironmentSecrets = new Dictionary<string, Secret> {
{ "SECRET", Secret.FromSecretsManager(secret) },
{ "PARAMETER", Secret.FromSsmParameter(parameter) },
{ "SECRET_ID", Secret.FromSecretsManagerVersion(secret, new SecretVersionInfo { VersionId = "version-id" }) },
{ "SECRET_STAGE", Secret.FromSecretsManagerVersion(secret, new SecretVersionInfo { VersionStage = "version-stage" }) }
}
},
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
})
});
service.AddSecret("LATER_SECRET", Secret.FromSecretsManager(secret, "field"));Use a customer managed key
To use a customer managed key for your source encryption, use the kmsKey attribute.
using Amazon.CDK.AWS.KMS;
IKey kmsKey;
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
KmsKey = kmsKey
});HealthCheck
To configure the health check for the service, use the healthCheck attribute.
You can specify it by static methods HealthCheck.http or HealthCheck.tcp.
new Service(this, "Service", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
HealthCheck = HealthCheck.Http(new HttpHealthCheckOptions {
HealthyThreshold = 5,
Interval = Duration.Seconds(10),
Path = "/",
Timeout = Duration.Seconds(10),
UnhealthyThreshold = 10
})
});Observability Configuration
To associate an App Runner service with a custom observability configuration, use the observabilityConfiguration property.
var observabilityConfiguration = new ObservabilityConfiguration(this, "ObservabilityConfiguration", new ObservabilityConfigurationProps {
ObservabilityConfigurationName = "MyObservabilityConfiguration",
TraceConfigurationVendor = TraceConfigurationVendor.AWSXRAY
});
new Service(this, "DemoService", new ServiceProps {
Source = Source.FromEcrPublic(new EcrPublicProps {
ImageConfiguration = new ImageConfiguration { Port = 8000 },
ImageIdentifier = "public.ecr.aws/aws-containers/hello-app-runner:latest"
}),
ObservabilityConfiguration = observabilityConfiguration
});Classes
| AssetProps | (experimental) Properties of the image repository for |
| AssetSource | (experimental) Represents the source from local assets. |
| AutoScalingConfiguration | (experimental) The App Runner Auto Scaling Configuration. |
| AutoScalingConfigurationAttributes | (experimental) Attributes for the App Runner Auto Scaling Configuration. |
| AutoScalingConfigurationProps | (experimental) Properties of the App Runner Auto Scaling Configuration. |
| CodeConfiguration | (experimental) Describes the configuration that AWS App Runner uses to build and run an App Runner service from a source code repository. |
| CodeConfigurationValues | (experimental) Describes the basic configuration needed for building and running an AWS App Runner service. |
| CodeRepositoryProps | (experimental) Properties of the CodeRepository. |
| ConfigurationSourceType | (experimental) The source of the App Runner configuration. |
| Cpu | (experimental) The number of CPU units reserved for each instance of your App Runner service. |
| EcrProps | (experimental) Properties of the image repository for |
| EcrPublicProps | (experimental) Properties of the image repository for |
| EcrPublicSource | (experimental) Represents the service source from ECR Public. |
| EcrSource | (experimental) Represents the service source from ECR. |
| GitHubConnection | (experimental) Represents the App Runner connection that enables the App Runner service to connect to a source repository. |
| GithubRepositoryProps | (experimental) Properties of the Github repository for |
| GithubSource | (experimental) Represents the service source from a Github repository. |
| HealthCheck | (experimental) Contains static factory methods for creating health checks for different protocols. |
| HealthCheckProtocolType | (experimental) The health check protocol type. |
| HttpHealthCheckOptions | (experimental) Properties used to define HTTP Based healthchecks. |
| ImageConfiguration | (experimental) Describes the configuration that AWS App Runner uses to run an App Runner service using an image pulled from a source image repository. |
| ImageRepository | (experimental) Describes a source image repository. |
| ImageRepositoryType | (experimental) The image repository types. |
| IpAddressType | (experimental) The IP address type for your incoming public network configuration. |
| Memory | (experimental) The amount of memory reserved for each instance of your App Runner service. |
| ObservabilityConfiguration | (experimental) The App Runner Observability configuration. |
| ObservabilityConfigurationAttributes | (experimental) Attributes for the App Runner Observability configuration. |
| ObservabilityConfigurationProps | (experimental) Properties of the AppRunner Observability configuration. |
| Runtime | (experimental) The code runtimes. |
| Secret | (experimental) A secret environment variable. |
| SecretVersionInfo | (experimental) Specify the secret's version id or version stage. |
| Service | (experimental) The App Runner Service. |
| ServiceAttributes | (experimental) Attributes for the App Runner Service. |
| ServiceProps | (experimental) Properties of the AppRunner Service. |
| Source | (experimental) Represents the App Runner service source. |
| SourceCodeVersion | (experimental) Identifies a version of code that AWS App Runner refers to within a source code repository. |
| SourceConfig | (experimental) Result of binding |
| TcpHealthCheckOptions | (experimental) Properties used to define TCP Based healthchecks. |
| TraceConfigurationVendor | (experimental) The implementation provider chosen for tracing App Runner services. |
| VpcConnector | (experimental) The App Runner VPC Connector. |
| VpcConnectorAttributes | (experimental) Attributes for the App Runner VPC Connector. |
| VpcConnectorProps | (experimental) Properties of the AppRunner VPC Connector. |
| VpcIngressConnection | (experimental) The App Runner VPC Ingress Connection. |
| VpcIngressConnectionAttributes | (experimental) Attributes for the App Runner VPC Ingress Connection. |
| VpcIngressConnectionProps | (experimental) Properties of the AppRunner VPC Ingress Connection. |
Interfaces
| IAssetProps | (experimental) Properties of the image repository for |
| IAutoScalingConfiguration | (experimental) Represents the App Runner Auto Scaling Configuration. |
| IAutoScalingConfigurationAttributes | (experimental) Attributes for the App Runner Auto Scaling Configuration. |
| IAutoScalingConfigurationProps | (experimental) Properties of the App Runner Auto Scaling Configuration. |
| ICodeConfiguration | (experimental) Describes the configuration that AWS App Runner uses to build and run an App Runner service from a source code repository. |
| ICodeConfigurationValues | (experimental) Describes the basic configuration needed for building and running an AWS App Runner service. |
| ICodeRepositoryProps | (experimental) Properties of the CodeRepository. |
| IEcrProps | (experimental) Properties of the image repository for |
| IEcrPublicProps | (experimental) Properties of the image repository for |
| IGithubRepositoryProps | (experimental) Properties of the Github repository for |
| IHttpHealthCheckOptions | (experimental) Properties used to define HTTP Based healthchecks. |
| IImageConfiguration | (experimental) Describes the configuration that AWS App Runner uses to run an App Runner service using an image pulled from a source image repository. |
| IImageRepository | (experimental) Describes a source image repository. |
| IObservabilityConfiguration | (experimental) Represents the App Runner Observability configuration. |
| IObservabilityConfigurationAttributes | (experimental) Attributes for the App Runner Observability configuration. |
| IObservabilityConfigurationProps | (experimental) Properties of the AppRunner Observability configuration. |
| ISecretVersionInfo | (experimental) Specify the secret's version id or version stage. |
| IService | (experimental) Represents the App Runner Service. |
| IServiceAttributes | (experimental) Attributes for the App Runner Service. |
| IServiceProps | (experimental) Properties of the AppRunner Service. |
| ISourceCodeVersion | (experimental) Identifies a version of code that AWS App Runner refers to within a source code repository. |
| ISourceConfig | (experimental) Result of binding |
| ITcpHealthCheckOptions | (experimental) Properties used to define TCP Based healthchecks. |
| IVpcConnector | (experimental) Represents the App Runner VPC Connector. |
| IVpcConnectorAttributes | (experimental) Attributes for the App Runner VPC Connector. |
| IVpcConnectorProps | (experimental) Properties of the AppRunner VPC Connector. |
| IVpcIngressConnection | (experimental) Represents the App Runner VPC Ingress Connection. |
| IVpcIngressConnectionAttributes | (experimental) Attributes for the App Runner VPC Ingress Connection. |
| IVpcIngressConnectionProps | (experimental) Properties of the AppRunner VPC Ingress Connection. |