AWS App Runner is a fully managed container application service provided by Amazon Web Services (AWS). It simplifies the process of building, deploying, and running containerized web applications and API services.
VPC Connector
A VPC connector in AWS App Runner enables your App Runner service to establish outbound connections to resources located within a private Amazon Virtual Private Cloud (VPC). This allows your App Runner application to securely access private resources such as databases (e.g., Amazon RDS), other services running on Amazon EC2 or ECS, or internal APIs that are not exposed to the public internet.
Fig.1 : Architecture diagram for Connection to RDS
Fig.2 : Architecture diagram for Connection to EC2
How To Create VPC Connector
You can associate your service with a VPC by creating a VPC endpoint from the App Runner console, called VPC Connector. To create a VPC Connector, specify the VPC, one or more subnets, and optionally one or more security groups. After you configure a VPC Connector, you can use it with one or more App Runner services.
Look for the Networking configuration section on the console page. For Outgoing network traffic, choose in the following:
- Public access: To associate your service with public endpoints of other AWS services.
- Custom VPC: To associate your service with a VPC from Amazon VPC. Your application can connect with and send messages to other applications that are hosted in an Amazon VPC.
To enable Custopm VPC,
Open the App Runner console, and in the Regions list, select your AWS Region.
Go to Networking section under Configure service.
Fig.3: Navigating to Networking Section
Choose Custom VPC, for Outgoing network traffic.
In the navigation pane, choose VPC connector.
If you created the VPC connectors, the console displays a list of VPC connectors in your account. You can choose an existing VPC connector and choose Next to review your configuration. Then, move to the last step. Alternatively, you can add a new VPC connector using the following steps.
Choose Add new to create a new VPC connector for your service.
Then, the Add new VPC connector dialog box opens.
Fig. 4: Creating VPC Connector
Enter a name for your VPC connector and select the required VPC from the available list.
For Subnets select one subnet for each Availability Zone that you plan to access the App Runner service from. For better availability, choose three subnets. Or, if there are less than three subnets, choose all available subnets.
Note:
Make sure you assign private subnets to the VPC connector. If you assign public subnets to VPC connector, your service fails to create or rolls back automatically during an update.
(Optional) For Security group, select the security groups to associate with the endpoint network interfaces.
(Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.
Choose Add.
The details of the VPC connector you created appear under VPC connector.
Choose Next to review your configuration, and then choose Create and deploy.
App Runner creates a VPC connector resource for you, and then associates it with your service. If the service is successfully created, the console shows the service dashboard, with a Service overview of the new service.
NOTE:
When specifying the IP address to connect AppRunner with an EC2 instance, ensure you use the Private IP and NOT the Public IP
Connecting AppRunner Service to an RDS Instance with Public Access
When an RDS instance is configured for public access, it gets a public IP address and can be reached directly over the internet. In this case, your App Runner service can connect to the RDS instance directly without needing a VPC connector, since the database is accessible from outside the VPC.
Top comments (0)