Package software.amazon.awscdk.services.apprunner.alpha


@Stability(Experimental) package software.amazon.awscdk.services.apprunner.alpha

AWS::AppRunner Construct Library

---

cdk-constructs: Experimental

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.


This module is part of the AWS Cloud Development Kit project.

 import software.amazon.awscdk.services.apprunner.alpha.*;
 

Introduction

AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required. Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption. App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.

Service

The Service construct allows you to create AWS App Runner services with ECR Public, ECR or Github with the source property in the following scenarios:

  • Source.fromEcr() - To define the source repository from ECR.
  • Source.fromEcrPublic() - To define the source repository from ECR Public.
  • Source.fromGitHub() - To define the source repository from the Github repository.
  • Source.fromAsset() - To define the source from local asset directory.

The Service construct implements IGrantable.

ECR Public

To create a Service with ECR Public:

 Service.Builder.create(this, "Service")
         .source(Source.fromEcrPublic(EcrPublicProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(8000).build())
                 .imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
                 .build()))
         .build();
 

ECR

To create a Service from an existing ECR repository:

 import software.amazon.awscdk.services.ecr.*;
 
 
 Service.Builder.create(this, "Service")
         .source(Source.fromEcr(EcrProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(80).build())
                 .repository(Repository.fromRepositoryName(this, "NginxRepository", "nginx"))
                 .tagOrDigest("latest")
                 .build()))
         .build();
 

To create a Service from local docker image asset directory built and pushed to Amazon ECR:

You can specify whether to enable continuous integration from the source repository with the autoDeploymentsEnabled flag.

 import software.amazon.awscdk.services.ecr.assets.*;
 
 
 DockerImageAsset imageAsset = DockerImageAsset.Builder.create(this, "ImageAssets")
         .directory(join(__dirname, "docker.assets"))
         .build();
 Service.Builder.create(this, "Service")
         .source(Source.fromAsset(AssetProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(8000).build())
                 .asset(imageAsset)
                 .build()))
         .autoDeploymentsEnabled(true)
         .build();
 

GitHub

To create a Service from the GitHub repository, you need to specify an existing App Runner Connection.

See Managing App Runner connections for more details.

 Service.Builder.create(this, "Service")
         .source(Source.fromGitHub(GithubRepositoryProps.builder()
                 .repositoryUrl("https://github.com/aws-containers/hello-app-runner")
                 .branch("main")
                 .configurationSource(ConfigurationSourceType.REPOSITORY)
                 .connection(GitHubConnection.fromConnectionArn("CONNECTION_ARN"))
                 .build()))
         .build();
 

Use codeConfigurationValues to override configuration values with the API configuration source type.

 Service.Builder.create(this, "Service")
         .source(Source.fromGitHub(GithubRepositoryProps.builder()
                 .repositoryUrl("https://github.com/aws-containers/hello-app-runner")
                 .branch("main")
                 .configurationSource(ConfigurationSourceType.API)
                 .codeConfigurationValues(CodeConfigurationValues.builder()
                         .runtime(Runtime.PYTHON_3)
                         .port("8000")
                         .startCommand("python app.py")
                         .buildCommand("yum install -y pycairo && pip install -r requirements.txt")
                         .build())
                 .connection(GitHubConnection.fromConnectionArn("CONNECTION_ARN"))
                 .build()))
         .build();
 

IAM Roles

You are allowed to define instanceRole and accessRole for the Service.

instanceRole - The IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs. If not defined, a new instance role will be generated when required.

To add IAM policy statements to this role, use addToRolePolicy():

 import software.amazon.awscdk.services.iam.*;
 
 
 Service service = Service.Builder.create(this, "Service")
         .source(Source.fromEcrPublic(EcrPublicProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(8000).build())
                 .imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
                 .build()))
         .build();
 
 service.addToRolePolicy(PolicyStatement.Builder.create()
         .effect(Effect.ALLOW)
         .actions(List.of("s3:GetObject"))
         .resources(List.of("*"))
         .build());
 

accessRole - The IAM role that grants the App Runner service access to a source repository. It's required for ECR image repositories (but not for ECR Public repositories). If not defined, a new access role will be generated when required.

See App Runner IAM Roles for more details.

VPC Connector

To associate an App Runner service with a custom VPC, define vpcConnector for the service.

 import software.amazon.awscdk.services.ec2.*;
 
 
 Vpc vpc = Vpc.Builder.create(this, "Vpc")
         .ipAddresses(IpAddresses.cidr("10.0.0.0/16"))
         .build();
 
 VpcConnector vpcConnector = VpcConnector.Builder.create(this, "VpcConnector")
         .vpc(vpc)
         .vpcSubnets(vpc.selectSubnets(SubnetSelection.builder().subnetType(SubnetType.PUBLIC).build()))
         .vpcConnectorName("MyVpcConnector")
         .build();
 
 Service.Builder.create(this, "Service")
         .source(Source.fromEcrPublic(EcrPublicProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(8000).build())
                 .imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
                 .build()))
         .vpcConnector(vpcConnector)
         .build();
 

Secrets Manager

To include environment variables integrated with AWS Secrets Manager, use the environmentSecrets attribute. You can use the addSecret method from the App Runner Service class to include secrets from outside the service definition.

 import software.amazon.awscdk.services.secretsmanager.*;
 import software.amazon.awscdk.services.ssm.*;
 
 Stack stack;
 
 
 Secret secret = new Secret(stack, "Secret");
 IStringParameter parameter = StringParameter.fromSecureStringParameterAttributes(stack, "Parameter", SecureStringParameterAttributes.builder()
         .parameterName("/name")
         .version(1)
         .build());
 
 Service service = Service.Builder.create(stack, "Service")
         .source(Source.fromEcrPublic(EcrPublicProps.builder()
                 .imageConfiguration(ImageConfiguration.builder()
                         .port(8000)
                         .environmentSecrets(Map.of(
                                 "SECRET", Secret.fromSecretsManager(secret),
                                 "PARAMETER", Secret.fromSsmParameter(parameter),
                                 "SECRET_ID", Secret.fromSecretsManagerVersion(secret, SecretVersionInfo.builder().versionId("version-id").build()),
                                 "SECRET_STAGE", Secret.fromSecretsManagerVersion(secret, SecretVersionInfo.builder().versionStage("version-stage").build())))
                         .build())
                 .imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
                 .build()))
         .build();
 
 service.addSecret("LATER_SECRET", Secret.fromSecretsManager(secret, "field"));
 

HealthCheck

To configure the health check for the service, use the healthCheck attribute.

You can specify it by static methods HealthCheck.http or HealthCheck.tcp.

 Service.Builder.create(this, "Service")
         .source(Source.fromEcrPublic(EcrPublicProps.builder()
                 .imageConfiguration(ImageConfiguration.builder().port(8000).build())
                 .imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
                 .build()))
         .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder()
                 .healthyThreshold(5)
                 .interval(Duration.seconds(10))
                 .path("/")
                 .timeout(Duration.seconds(10))
                 .unhealthyThreshold(10)
                 .build()))
         .build();