Sunday, August 3, 2025

AWS App Runner Service | Overview & Hands-On.

AWS App Runner Service - Overview & Hands-On.

Scope:

Intro,
The concept: AWS App Runner
Key Features,
How AWS App Runner Works,
Architecture,
Typical Use Cases,
Security & Networking,
Monitoring & Observability,
Pricing Overview,
Advantages,
Limitations,
Project: Hands-On.

Intro:

AWS App Runner is a fully managed container application service that allows twtech to quickly deploy and run web apps and APIs without managing servers, containers, or infrastructure.

Key Features

Feature	Description
Fully managed.	No servers or clusters to manage—AWS handles scaling, load balancing, patching, and deployment.
Container-based.	Deploy directly from container images (from ECR or public registries) or source code (from GitHub).
Automatic scaling.	Scales up and down based on incoming traffic.
HTTPS out-of-the-box.	Automatic TLS with a custom domain support.
Built-in CI/CD.	App Runner can rebuild and redeploy apps on new code commits.
VPC connectivity.	Can securely connect to VPC resources (e.g., RDS, Redis).
Observability.	Integrated with CloudWatch logs and X-Ray tracing.

How AWS App Runner Works

twtech can deploy apps to App Runner using two main sources:

Source Code (e.g., GitHub repo)

App Runner builds the container using a build pipeline and deploys it.
Requires a configuration file (apprunner.yaml or build settings in console).

Container Image

Push twtech container image to Amazon ECR or use a public registry like Docker Hub.
App Runner directly deploys the image.

Architecture

Typical Use Cases

Microservices & APIs
Web apps and frontend servers
Prototypes, MVPs, or developer previews
Backend services that need HTTPS and autoscaling without operational overhead

Security & Networking

IAM roles for deployment and runtime.
HTTPS endpoints by default.
Custom domains with TLS.
Private VPC access to connect to RDS, ElastiCache, etc.
Ingress VPC connector for private App Runner services.

Monitoring & Observability

Amazon CloudWatch Logs: App logs.
AWS X-Ray: Application tracing.
Metrics: CPU, memory, request count, response times.

Pricing Overview

Pricing is based on usage, including:

vCPU and memory provisioned during app runtime.
Active requests and compute time.
Build time (when using source-based deployment).

twtech Example:

twtech pays per second of compute + memory while its service is handling requests.
App Runner automatically scales down to zero (not always zero cost, depending on idle config).

Sample Architecture

Advantages

Very fast to go from code → deploy.
No infra to manage.
Autoscaling with zero config.
Secure out-of-the-box.

Limitations

Less control over low-level configurations (e.g., no custom load balancer).
Limited runtime customization (compared to ECS/Fargate).
Doesn't support WebSockets or long-lived connections well.
Cold start delay when scaling from zero.

Project: Hands-On

To push an image to the ecr repo, twtech needs IAM role created: twtech-ecr-role

Prerequisite:

Aws configure from terminal,
Terraform installed and accessed from terminal,
Modules with codes,
Elastic Container Registry..ECR (public & private) in aws.

Install aws cli on wsl (Ubuntu)

sudo snap install aws-cli --classic

Verify the version of aws cli installed:

aws --version

Install terraform on system: local bin directory

Step-by-Step Installation via HashiCorp APT Repository (Recommended)
Run the exe setup in the extracted folder: to intall
To install Terraform on an Ubuntu system, follow these steps:

Update the system and install required packages: Curl

# bash

sudo apt update && sudo apt install -y gnupg software-properties-common curl

Verify the version of curl package manager install:

curl --version

2, Add the HashiCorp GPG key:

# bash

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

3, Add the official HashiCorp Linux repository:

# bash

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

4, Update the package list:

# bash

sudo apt update

5, Install Terraform:

# bash

sudo apt install terraform

6, Verify the installation:

# bash

terraform –version

twtech sees something like:

# bash

Terraform v1.12.2

Alternative: Manual Installation (Download Binary)

Go to: https://developer.hashicorp.com/terraform/install
Download the appropriate .zip file for Linux.
Extract and move it to /usr/local/bin:

# bash

unzip terraform_*.zip

sudo mv terraform /usr/local/bin/

terraform -version

install and configure aws cli

Naviagate into docker module to provision a server in aws, using terraform code : while bootstrapping the packages.
Inspect the codes (file) : To ensure the configuration is okay for the resources referenced.

Bootstrapped script

Provider:

Resources:

Variables:

Initialize the modole

Format the codes:

Make a plan:

Verify whether that docker-trivy server is provision successfully form aws console with : terraform code

Yes

SSH into server to Verify whether the packages were successfully bootstrapped: docker architecture and trivy image scanner.

Asw : UI

Verify whether docker engine is running, and enabled

Verify version of trivy image scanner bootstrapped: trivy --version

Verify version of docker bootstrapped: docker --version

How twtech pull a docker image to the system:

docker pull devopspatemf2021/webapps:latest

Image version:

List the image pulled: docker images

To tag the image and push to the ECR: twtech-pub-repo
Make sure aws-cli is installed

sudo snap install aws-cli --classic

And aws-cli configured:

aws configure

Next:

Create IAM for ECR:

Search for AWS service: IAM

Create user : twtech-ecr-user

Attach a policy to the user: AmazonEC2ContainerRegistryFullAccess

Create policy:

View image push command for public ECR: twtech-pub-repo

Make sure that twtech has the latest version of the AWS CLI and Docker installed.
For more information, see Getting Started with Amazon ECR .
Use the following steps to authenticate and push an image to twtech repository.
For additional registry authentication methods, including the Amazon ECR credential helper, see Registry Authentication .

Retrieve an authentication token and authenticate twtech Docker client to its registry. Use the AWS CLI:

aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/r3r4y7h7

NB:

If twtech receives an error using the AWS CLI, it should make sure it has the latest version of the AWS CLI and Docker installed.

2, Build twtech Docker image using the following command.

For information on building a Docker file from scratch see the instructions here . twtech can skip this step if its image is already built:

# docker build -t twtech-pub-repo . // not needed if image is already in dockerhub

3, After the build completes, tag twtech image so it can push the image to this repository:

docker tag devopspatemf2021/webapps:latest public.ecr.aws/r3r4y7h7/twtech-pub-repo:latest-webapp

4, Run the following command to push this image to twtech newly created AWS repository:

docker push public.ecr.aws/r34447h7/twtech-pub-repo:latest-webapp

Verify on the public ECR created: twtech-pub-ecr-repo.

Yes: successfully pushed a docker image to ECR (Pub-repo)

Commands for private ECR: twtech-priv-repo
Make sure that twtech have the latest version of the AWS CLI and Docker installed.
For more information, see Getting Started with Amazon ECR .
Use the following steps to authenticate and push an image to twtech repository.
For additional registry authentication methods, including the Amazon ECR credential helper, see Registry Authentication .