Skip to content

Resource: awsApprunnerService

Manages an App Runner Service.

Example Usage

Service with a Code Repository Source

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apprunnerService.ApprunnerService(this, "example", {
  networkConfiguration: {
    egressConfiguration: {
      egressType: "VPC",
      vpcConnectorArn: "${aws_apprunner_vpc_connector.connector.arn}",
    },
  },
  serviceName: "example",
  sourceConfiguration: {
    authenticationConfiguration: {
      connectionArn: "${aws_apprunner_connection.example.arn}",
    },
    codeRepository: {
      codeConfiguration: {
        codeConfigurationValues: {
          buildCommand: "python setup.py develop",
          port: "8000",
          runtime: "PYTHON_3",
          startCommand: "python runapp.py",
        },
        configurationSource: "API",
      },
      repositoryUrl: "https://github.com/example/my-example-python-app",
      sourceCodeVersion: {
        type: "BRANCH",
        value: "main",
      },
    },
  },
  tags: {
    Name: "example-apprunner-service",
  },
});

Service with an Image Repository Source

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apprunnerService.ApprunnerService(this, "example", {
  serviceName: "example",
  sourceConfiguration: {
    autoDeploymentsEnabled: false,
    imageRepository: {
      imageConfiguration: {
        port: "8000",
      },
      imageIdentifier: "public.ecr.aws/aws-containers/hello-app-runner:latest",
      imageRepositoryType: "ECR_PUBLIC",
    },
  },
  tags: {
    Name: "example-apprunner-service",
  },
});

Service with Observability Configuration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApprunnerObservabilityConfigurationExample =
  new aws.apprunnerObservabilityConfiguration.ApprunnerObservabilityConfiguration(
    this,
    "example",
    {
      observabilityConfigurationName: "example",
      traceConfiguration: {
        vendor: "AWSXRAY",
      },
    }
  );
const awsApprunnerServiceExample = new aws.apprunnerService.ApprunnerService(
  this,
  "example_1",
  {
    observabilityConfiguration: {
      observabilityConfigurationArn:
        awsApprunnerObservabilityConfigurationExample.arn,
      observabilityEnabled: true,
    },
    serviceName: "example",
    sourceConfiguration: {
      autoDeploymentsEnabled: false,
      imageRepository: {
        imageConfiguration: {
          port: "8000",
        },
        imageIdentifier:
          "public.ecr.aws/aws-containers/hello-app-runner:latest",
        imageRepositoryType: "ECR_PUBLIC",
      },
    },
    tags: {
      Name: "example-apprunner-service",
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApprunnerServiceExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • serviceName - (Forces new resource) Name of the service.
  • sourceConfiguration - The source to deploy to the App Runner service. Can be a code or an image repository. See Source Configuration below for more details.

The following arguments are optional:

  • autoScalingConfigurationArn - ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.
  • encryptionConfiguration - (Forces new resource) An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an AWS managed CMK. See Encryption Configuration below for more details.
  • healthCheckConfiguration - (Forces new resource) Settings of the health check that AWS App Runner performs to monitor the health of your service. See Health Check Configuration below for more details.
  • instanceConfiguration - The runtime configuration of instances (scaling units) of the App Runner service. See Instance Configuration below for more details.
  • networkConfiguration - Configuration settings related to network traffic of the web application that the App Runner service runs. See Network Configuration below for more details.
  • observabilityConfiguration - The observability configuration of your service. See Observability Configuration below for more details.
  • tags - Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Encryption Configuration

The encryptionConfiguration block supports the following argument:

  • kmsKey - (Required) ARN of the KMS key used for encryption.

Health Check Configuration

The healthCheckConfiguration block supports the following arguments:

  • healthyThreshold - (Optional) Number of consecutive checks that must succeed before App Runner decides that the service is healthy. Defaults to 1. Minimum value of 1. Maximum value of 20.
  • interval - (Optional) Time interval, in seconds, between health checks. Defaults to 5. Minimum value of 1. Maximum value of 20.
  • path - (Optional) URL to send requests to for health checks. Defaults to /. Minimum length of 0. Maximum length of 51200.
  • protocol - (Optional) IP protocol that App Runner uses to perform health checks for your service. Valid values: tcp, http. Defaults to tcp. If you set protocol to http, App Runner sends health check requests to the HTTP path specified by path.
  • timeout - (Optional) Time, in seconds, to wait for a health check response before deciding it failed. Defaults to 2. Minimum value of 1. Maximum value of 20.
  • unhealthyThreshold - (Optional) Number of consecutive checks that must fail before App Runner decides that the service is unhealthy. Defaults to 5. Minimum value of 1. Maximum value of 20.

Instance Configuration

The instanceConfiguration block supports the following arguments:

  • cpu - (Optional) Number of CPU units reserved for each instance of your App Runner service represented as a String. Defaults to 1024. Valid values: 1024|2048|(1|2)VCpu.
  • instanceRoleArn - (Optional) ARN of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.
  • memory - (Optional) Amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to 2048. Valid values: 2048|3072|4096|(2|3|4)Gb.

Source Configuration

The sourceConfiguration block supports the following arguments:

\~>Note: Either codeRepository or imageRepository must be specified (but not both).

  • authenticationConfiguration - (Optional) Describes resources needed to authenticate access to some source repositories. See Authentication Configuration below for more details.
  • autoDeploymentsEnabled - (Optional) Whether continuous integration from the source repository is enabled for the App Runner service. If set to true, each repository change (source code commit or new image version) starts a deployment. Defaults to true.
  • codeRepository - (Optional) Description of a source code repository. See Code Repository below for more details.
  • imageRepository - (Optional) Description of a source image repository. See Image Repository below for more details.

Authentication Configuration

The authenticationConfiguration block supports the following arguments:

  • accessRoleArn - (Optional) ARN of the IAM role that grants the App Runner service access to a source repository. Required for ECR image repositories (but not for ECR Public)
  • connectionArn - (Optional) ARN of the App Runner connection that enables the App Runner service to connect to a source repository. Required for GitHub code repositories.

Network Configuration

The networkConfiguration block supports the following arguments:

  • ingressConfiguration - (Optional) Network configuration settings for inbound network traffic. See Ingress Configuration below for more details.
  • egressConfiguration - (Optional) Network configuration settings for outbound message traffic. See Egress Configuration below for more details.
  • egressType - (Optional) Type of egress configuration.Set to DEFAULT for access to resources hosted on public networks.Set to VPC to associate your service to a custom VPC specified by VpcConnectorArn.
  • vpcConnectorArn - ARN of the App Runner VPC connector that you want to associate with your App Runner service. Only valid when EgressType = VPC.

Ingress Configuration

The ingressConfiguration block supports the following argument:

  • isPubliclyAccessible - (Required) Specifies whether your App Runner service is publicly accessible. To make the service publicly accessible set it to True. To make the service privately accessible, from only within an Amazon VPC set it to False.

Egress Configuration

The egressConfiguration block supports the following argument:

  • egressType - The type of egress configuration. Valid values are: default and vpc.
  • vpcConnectorArn - The Amazon Resource Name (ARN) of the App Runner VPC connector that you want to associate with your App Runner service. Only valid when egressType =Vpc.

Observability Configuration

The observabilityConfiguration block supports the following arguments:

  • observabilityEnabled - (Required) When true, an observability configuration resource is associated with the service.
  • observabilityConfigurationArn - (Optional) ARN of the observability configuration that is associated with the service. Specified only when observabilityEnabled is true.

Code Repository

The codeRepository block supports the following arguments:

  • codeConfiguration - (Optional) Configuration for building and running the service from a source code repository. See Code Configuration below for more details.
  • repositoryUrl - (Required) Location of the repository that contains the source code.
  • sourceCodeVersion - (Required) Version that should be used within the source code repository. See Source Code Version below for more details.

Image Repository

The imageRepository block supports the following arguments:

  • imageConfiguration - (Optional) Configuration for running the identified image. See Image Configuration below for more details.
  • imageIdentifier - (Required) Identifier of an image. For an image in Amazon Elastic Container Registry (Amazon ECR), this is an image name. For the image name format, see Pulling an image in the Amazon ECR User Guide.
  • imageRepositoryType - (Required) Type of the image repository. This reflects the repository provider and whether the repository is private or public. Valid values: ecr , ECR_PUBLIC.

Code Configuration

The codeConfiguration block supports the following arguments:

  • codeConfigurationValues - (Optional) Basic configuration for building and running the App Runner service. Use this parameter to quickly launch an App Runner service without providing an apprunner.yaml file in the source code repository (or ignoring the file if it exists). See Code Configuration Values below for more details.
  • configurationSource - (Required) Source of the App Runner configuration. Valid values: repository, api. Values are interpreted as follows:
  • repository - App Runner reads configuration values from the apprunner.yaml file in the source code repository and ignores the CodeConfigurationValues parameter.
  • api - App Runner uses configuration values provided in the CodeConfigurationValues parameter and ignores the apprunner.yaml file in the source code repository.

Code Configuration Values

The codeConfigurationValues blocks supports the following arguments:

  • buildCommand - (Optional) Command App Runner runs to build your application.
  • port - (Optional) Port that your application listens to in the container. Defaults to "8080".
  • runtime - (Required) Runtime environment type for building and running an App Runner service. Represents a programming language runtime. Valid values: PYTHON_3, NODEJS_12, NODEJS_14, NODEJS_16, CORRETTO_8, CORRETTO_11, GO_1, DOTNET_6, PHP_81, RUBY_31.
  • runtimeEnvironmentSecrets - (Optional) Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store.
  • runtimeEnvironmentVariables - (Optional) Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of awsapprunner are reserved for system use and aren't valid.
  • startCommand - (Optional) Command App Runner runs to start your application.

Image Configuration

The imageConfiguration block supports the following arguments:

  • port - (Optional) Port that your application listens to in the container. Defaults to "8080".
  • runtimeEnvironmentSecrets - (Optional) Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store.
  • runtimeEnvironmentVariables - (Optional) Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of awsapprunner are reserved for system use and aren't valid.
  • startCommand - (Optional) Command App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command.

Source Code Version

The sourceCodeVersion block supports the following arguments:

  • type - (Required) Type of version identifier. For a git-based repository, branches represent versions. Valid values: branch.
  • value- (Required) Source code version. For a git-based repository, a branch name maps to a specific version. App Runner uses the most recent commit to the branch.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - ARN of the App Runner service.
  • serviceId - An alphanumeric ID that App Runner generated for this service. Unique within the AWS Region.
  • serviceUrl - Subdomain URL that App Runner generated for this service. You can use this URL to access your service web application.
  • status - Current state of the App Runner service.
  • tagsAll - Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

App Runner Services can be imported by using the arn, e.g.,

$ terraform import aws_apprunner_service.example arn:aws:apprunner:us-east-1:1234567890:service/example/0a03292a89764e5882c41d8f991c82fe