Package software.amazon.awscdk.services.apprunner.alpha
AWS::AppRunner Construct Library
---
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
This module is part of the AWS Cloud Development Kit project.
import software.amazon.awscdk.services.apprunner.alpha.*;
Introduction
AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required. Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption. App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.
Service
The Service construct allows you to create AWS App Runner services with ECR Public, ECR or Github with the source property in the following scenarios:
Source.fromEcr()- To define the source repository fromECR.Source.fromEcrPublic()- To define the source repository fromECR Public.Source.fromGitHub()- To define the source repository from theGithub repository.Source.fromAsset()- To define the source from local asset directory.
The Service construct implements IGrantable.
ECR Public
To create a Service with ECR Public:
Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.build();
ECR
To create a Service from an existing ECR repository:
import software.amazon.awscdk.services.ecr.*;
Service.Builder.create(this, "Service")
.source(Source.fromEcr(EcrProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(80).build())
.repository(Repository.fromRepositoryName(this, "NginxRepository", "nginx"))
.tagOrDigest("latest")
.build()))
.build();
To create a Service from local docker image asset directory built and pushed to Amazon ECR:
You can specify whether to enable continuous integration from the source repository with the autoDeploymentsEnabled flag.
import software.amazon.awscdk.services.ecr.assets.*;
DockerImageAsset imageAsset = DockerImageAsset.Builder.create(this, "ImageAssets")
.directory(join(__dirname, "docker.assets"))
.build();
Service.Builder.create(this, "Service")
.source(Source.fromAsset(AssetProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.asset(imageAsset)
.build()))
.autoDeploymentsEnabled(true)
.build();
GitHub
To create a Service from the GitHub repository, you need to specify an existing App Runner Connection.
See Managing App Runner connections for more details.
Service.Builder.create(this, "Service")
.source(Source.fromGitHub(GithubRepositoryProps.builder()
.repositoryUrl("https://github.com/aws-containers/hello-app-runner")
.branch("main")
.configurationSource(ConfigurationSourceType.REPOSITORY)
.connection(GitHubConnection.fromConnectionArn("CONNECTION_ARN"))
.build()))
.build();
Use codeConfigurationValues to override configuration values with the API configuration source type.
Service.Builder.create(this, "Service")
.source(Source.fromGitHub(GithubRepositoryProps.builder()
.repositoryUrl("https://github.com/aws-containers/hello-app-runner")
.branch("main")
.configurationSource(ConfigurationSourceType.API)
.codeConfigurationValues(CodeConfigurationValues.builder()
.runtime(Runtime.PYTHON_3)
.port("8000")
.startCommand("python app.py")
.buildCommand("yum install -y pycairo && pip install -r requirements.txt")
.build())
.connection(GitHubConnection.fromConnectionArn("CONNECTION_ARN"))
.build()))
.build();
IAM Roles
You are allowed to define instanceRole and accessRole for the Service.
instanceRole - The IAM role that provides permissions to your App Runner service. These are permissions that
your code needs when it calls any AWS APIs. If not defined, a new instance role will be generated
when required.
To add IAM policy statements to this role, use addToRolePolicy():
import software.amazon.awscdk.services.iam.*;
Service service = Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.build();
service.addToRolePolicy(PolicyStatement.Builder.create()
.effect(Effect.ALLOW)
.actions(List.of("s3:GetObject"))
.resources(List.of("*"))
.build());
accessRole - The IAM role that grants the App Runner service access to a source repository. It's required for
ECR image repositories (but not for ECR Public repositories). If not defined, a new access role will be generated
when required.
See App Runner IAM Roles for more details.
Auto Scaling Configuration
To associate an App Runner service with a custom Auto Scaling Configuration, define autoScalingConfiguration for the service.
AutoScalingConfiguration autoScalingConfiguration = AutoScalingConfiguration.Builder.create(this, "AutoScalingConfiguration")
.autoScalingConfigurationName("MyAutoScalingConfiguration")
.maxConcurrency(150)
.maxSize(20)
.minSize(5)
.build();
Service.Builder.create(this, "DemoService")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.autoScalingConfiguration(autoScalingConfiguration)
.build();
VPC Connector
To associate an App Runner service with a custom VPC, define vpcConnector for the service.
import software.amazon.awscdk.services.ec2.*;
Vpc vpc = Vpc.Builder.create(this, "Vpc")
.ipAddresses(IpAddresses.cidr("10.0.0.0/16"))
.build();
VpcConnector vpcConnector = VpcConnector.Builder.create(this, "VpcConnector")
.vpc(vpc)
.vpcSubnets(vpc.selectSubnets(SubnetSelection.builder().subnetType(SubnetType.PUBLIC).build()))
.vpcConnectorName("MyVpcConnector")
.build();
Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.vpcConnector(vpcConnector)
.build();
VPC Ingress Connection
To make your App Runner service private and only accessible from within a VPC use the isPubliclyAccessible property and associate it to a VpcIngressConnection resource.
To set up a VpcIngressConnection, specify a VPC, a VPC Interface Endpoint, and the App Runner service.
Also you must set isPubliclyAccessible property in ther Service to false.
For more information, see Enabling Private endpoint for incoming traffic.
import software.amazon.awscdk.services.ec2.*;
Vpc vpc;
InterfaceVpcEndpoint interfaceVpcEndpoint = InterfaceVpcEndpoint.Builder.create(this, "MyVpcEndpoint")
.vpc(vpc)
.service(InterfaceVpcEndpointAwsService.APP_RUNNER_REQUESTS)
.privateDnsEnabled(false)
.build();
Service service = Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder()
.port(8000)
.build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.isPubliclyAccessible(false)
.build();
VpcIngressConnection.Builder.create(this, "VpcIngressConnection")
.vpc(vpc)
.interfaceVpcEndpoint(interfaceVpcEndpoint)
.service(service)
.build();
Dual Stack
To use dual stack (IPv4 and IPv6) for your incoming public network configuration, set ipAddressType to IpAddressType.DUAL_STACK.
Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.ipAddressType(IpAddressType.DUAL_STACK)
.build();
Note: Currently, App Runner supports dual stack for only Public endpoint. Only IPv4 is supported for Private endpoint. If you update a service that's using dual-stack Public endpoint to a Private endpoint, your App Runner service will default to support only IPv4 for Private endpoint and fail to receive traffic originating from IPv6 endpoint.
Secrets Manager
To include environment variables integrated with AWS Secrets Manager, use the environmentSecrets attribute.
You can use the addSecret method from the App Runner Service class to include secrets from outside the
service definition.
import software.amazon.awscdk.services.secretsmanager.*;
import software.amazon.awscdk.services.ssm.*;
Stack stack;
Secret secret = new Secret(stack, "Secret");
IStringParameter parameter = StringParameter.fromSecureStringParameterAttributes(stack, "Parameter", SecureStringParameterAttributes.builder()
.parameterName("/name")
.version(1)
.build());
Service service = Service.Builder.create(stack, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder()
.port(8000)
.environmentSecrets(Map.of(
"SECRET", Secret.fromSecretsManager(secret),
"PARAMETER", Secret.fromSsmParameter(parameter),
"SECRET_ID", Secret.fromSecretsManagerVersion(secret, SecretVersionInfo.builder().versionId("version-id").build()),
"SECRET_STAGE", Secret.fromSecretsManagerVersion(secret, SecretVersionInfo.builder().versionStage("version-stage").build())))
.build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.build();
service.addSecret("LATER_SECRET", Secret.fromSecretsManager(secret, "field"));
Use a customer managed key
To use a customer managed key for your source encryption, use the kmsKey attribute.
import software.amazon.awscdk.services.kms.*;
IKey kmsKey;
Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.kmsKey(kmsKey)
.build();
HealthCheck
To configure the health check for the service, use the healthCheck attribute.
You can specify it by static methods HealthCheck.http or HealthCheck.tcp.
Service.Builder.create(this, "Service")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder()
.healthyThreshold(5)
.interval(Duration.seconds(10))
.path("/")
.timeout(Duration.seconds(10))
.unhealthyThreshold(10)
.build()))
.build();
Observability Configuration
To associate an App Runner service with a custom observability configuration, use the observabilityConfiguration property.
ObservabilityConfiguration observabilityConfiguration = ObservabilityConfiguration.Builder.create(this, "ObservabilityConfiguration")
.observabilityConfigurationName("MyObservabilityConfiguration")
.traceConfigurationVendor(TraceConfigurationVendor.AWSXRAY)
.build();
Service.Builder.create(this, "DemoService")
.source(Source.fromEcrPublic(EcrPublicProps.builder()
.imageConfiguration(ImageConfiguration.builder().port(8000).build())
.imageIdentifier("public.ecr.aws/aws-containers/hello-app-runner:latest")
.build()))
.observabilityConfiguration(observabilityConfiguration)
.build();
-
ClassDescription(experimental) Properties of the image repository for
Source.fromAsset().A builder forAssetPropsAn implementation forAssetProps(experimental) Represents the source from local assets.(experimental) A fluent builder forAssetSource.(experimental) The App Runner Auto Scaling Configuration.(experimental) A fluent builder forAutoScalingConfiguration.(experimental) Attributes for the App Runner Auto Scaling Configuration.A builder forAutoScalingConfigurationAttributesAn implementation forAutoScalingConfigurationAttributes(experimental) Properties of the App Runner Auto Scaling Configuration.A builder forAutoScalingConfigurationPropsAn implementation forAutoScalingConfigurationProps(experimental) Describes the configuration that AWS App Runner uses to build and run an App Runner service from a source code repository.A builder forCodeConfigurationAn implementation forCodeConfiguration(experimental) Describes the basic configuration needed for building and running an AWS App Runner service.A builder forCodeConfigurationValuesAn implementation forCodeConfigurationValues(experimental) Properties of the CodeRepository.A builder forCodeRepositoryPropsAn implementation forCodeRepositoryProps(experimental) The source of the App Runner configuration.(experimental) The number of CPU units reserved for each instance of your App Runner service.(experimental) Properties of the image repository forSource.fromEcr().A builder forEcrPropsAn implementation forEcrProps(experimental) Properties of the image repository forSource.fromEcrPublic().A builder forEcrPublicPropsAn implementation forEcrPublicProps(experimental) Represents the service source from ECR Public.(experimental) A fluent builder forEcrPublicSource.(experimental) Represents the service source from ECR.(experimental) A fluent builder forEcrSource.(experimental) Represents the App Runner connection that enables the App Runner service to connect to a source repository.(experimental) Properties of the Github repository forSource.fromGitHub().A builder forGithubRepositoryPropsAn implementation forGithubRepositoryProps(experimental) Represents the service source from a Github repository.(experimental) A fluent builder forGithubSource.(experimental) Contains static factory methods for creating health checks for different protocols.(experimental) The health check protocol type.(experimental) Properties used to define HTTP Based healthchecks.A builder forHttpHealthCheckOptionsAn implementation forHttpHealthCheckOptions(experimental) Represents the App Runner Auto Scaling Configuration.Internal default implementation forIAutoScalingConfiguration.A proxy class which represents a concrete javascript instance of this type.(experimental) Describes the configuration that AWS App Runner uses to run an App Runner service using an image pulled from a source image repository.A builder forImageConfigurationAn implementation forImageConfiguration(experimental) Describes a source image repository.A builder forImageRepositoryAn implementation forImageRepository(experimental) The image repository types.(experimental) Represents the App Runner Observability configuration.Internal default implementation forIObservabilityConfiguration.A proxy class which represents a concrete javascript instance of this type.(experimental) The IP address type for your incoming public network configuration.(experimental) Represents the App Runner Service.Internal default implementation forIService.A proxy class which represents a concrete javascript instance of this type.(experimental) Represents the App Runner VPC Connector.Internal default implementation forIVpcConnector.A proxy class which represents a concrete javascript instance of this type.(experimental) Represents the App Runner VPC Ingress Connection.Internal default implementation forIVpcIngressConnection.A proxy class which represents a concrete javascript instance of this type.(experimental) The amount of memory reserved for each instance of your App Runner service.(experimental) The App Runner Observability configuration.(experimental) A fluent builder forObservabilityConfiguration.(experimental) Attributes for the App Runner Observability configuration.A builder forObservabilityConfigurationAttributesAn implementation forObservabilityConfigurationAttributes(experimental) Properties of the AppRunner Observability configuration.A builder forObservabilityConfigurationPropsAn implementation forObservabilityConfigurationProps(experimental) The code runtimes.(experimental) A secret environment variable.(experimental) Specify the secret's version id or version stage.A builder forSecretVersionInfoAn implementation forSecretVersionInfo(experimental) The App Runner Service.(experimental) A fluent builder forService.(experimental) Attributes for the App Runner Service.A builder forServiceAttributesAn implementation forServiceAttributes(experimental) Properties of the AppRunner Service.A builder forServicePropsAn implementation forServiceProps(experimental) Represents the App Runner service source.(experimental) Identifies a version of code that AWS App Runner refers to within a source code repository.A builder forSourceCodeVersionAn implementation forSourceCodeVersion(experimental) Result of bindingSourceinto aService.A builder forSourceConfigAn implementation forSourceConfig(experimental) Properties used to define TCP Based healthchecks.A builder forTcpHealthCheckOptionsAn implementation forTcpHealthCheckOptions(experimental) The implementation provider chosen for tracing App Runner services.(experimental) The App Runner VPC Connector.(experimental) A fluent builder forVpcConnector.(experimental) Attributes for the App Runner VPC Connector.A builder forVpcConnectorAttributesAn implementation forVpcConnectorAttributes(experimental) Properties of the AppRunner VPC Connector.A builder forVpcConnectorPropsAn implementation forVpcConnectorProps(experimental) The App Runner VPC Ingress Connection.(experimental) A fluent builder forVpcIngressConnection.(experimental) Attributes for the App Runner VPC Ingress Connection.A builder forVpcIngressConnectionAttributesAn implementation forVpcIngressConnectionAttributes(experimental) Properties of the AppRunner VPC Ingress Connection.A builder forVpcIngressConnectionPropsAn implementation forVpcIngressConnectionProps