Here's twtech overview of AWS App Runner:
AWS App Runner –
Service Overview
AWS App Runner is a fully managed container application service that allows twtech to quickly deploy and run web apps
and APIs without managing servers,
containers, or infrastructure.
Key Features
|
Feature |
Description |
|
Fully managed. |
No servers or clusters to
manage—AWS handles scaling, load balancing, patching, and deployment. |
|
Container-based. |
Deploy directly from container
images (from ECR or public registries) or source code (from GitHub). |
|
Automatic scaling. |
Scales up and down based on
incoming traffic. |
|
HTTPS out-of-the-box. |
Automatic TLS with a custom domain
support. |
|
Built-in CI/CD. |
App Runner can rebuild and
redeploy apps on new code commits. |
|
VPC connectivity. |
Can securely connect to VPC
resources (e.g., RDS, Redis). |
|
Observability. |
Integrated with CloudWatch logs
and X-Ray tracing. |
How AWS App Runner
Works
twtech can deploy apps to App Runner
using two main sources:
- Source Code
(e.g., GitHub repo)
- App Runner builds the container using a build
pipeline and deploys it.
- Requires a configuration file (apprunner.yaml
or build settings in console).
- Container Image
- Push twtech container image to Amazon ECR or use
a public registry like Docker Hub.
- App Runner directly deploys the image.
Typical Use Cases
- Microservices & APIs
- Web apps and frontend servers
- Prototypes, MVPs, or developer previews
- Backend services that need HTTPS and autoscaling
without operational overhead
Security & Networking
- IAM roles
for deployment and runtime.
- HTTPS endpoints
by default.
- Custom domains
with TLS.
- Private VPC access
to connect to RDS, ElastiCache, etc.
- Ingress VPC connector
for private App Runner services.
Monitoring & Observability
- Amazon CloudWatch Logs: App logs.
- AWS X-Ray:
Application tracing.
- Metrics:
CPU, memory, request count, response times.
Pricing Overview
Pricing is based on usage,
including:
- vCPU and memory
provisioned during app runtime.
- Active requests
and compute time.
- Build time
(when using source-based deployment).
twtech Example:
- twtech pays per second of compute + memory while
its service is handling requests.
- App Runner automatically scales down to zero (not always zero cost, depending on idle config).
Sample Architecture
# css(Cascading Style Sheets)
[GitHub/ECR]
──> [App Runner] ──> [Internet Users]
└─> [RDS in VPC]
└─> [CloudWatch, X-Ray]
Advantages
- Very fast to go from code → deploy.
- No infra to manage.
- Autoscaling with zero config.
- Secure out-of-the-box.
Limitations
- Less control over low-level configurations (e.g., no
custom load balancer).
- Limited runtime customization (compared to
ECS/Fargate).
- Doesn't support WebSockets or long-lived connections well.
- Cold start delay when scaling from zero.
Project: Hands-On
To push an image to the ecr repo, twtech needs IAM role created: twtech-ecr-role
Prerequisite:
·
Aws configure from terminal,
·
Terraform installed and accessed
from terminal,
·
Modules with codes,
·
Elastic Container Registry..ECR (public
& private) in aws.
Install aws cli on wsl (Ubuntu)
sudo
snap install aws-cli --classic
Verify the version of aws cli installed:
aws
--version
Install terraform on system: local bin
directory
Step-by-Step
Installation via HashiCorp APT Repository (Recommended)
Run the
exe setup in the extracted folder: to intall
To install Terraform
on an Ubuntu system, follow these steps:
- Update the system and install required
packages: Curl
# bash
sudo apt update
&& sudo apt install -y gnupg software-properties-common curl
curl --version
# bash
curl -fsSL
https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o
/usr/share/keyrings/hashicorp-archive-keyring.gpg
# bash
echo "deb
[signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg]
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee
/etc/apt/sources.list.d/hashicorp.list
# bash
sudo apt update
# bash
sudo apt install
terraform
# bash
terraform –version
twtech sees something like:
# bash
Terraform v1.12.2
Alternative:
Manual Installation (Download Binary)
- Go to: https://developer.hashicorp.com/terraform/install
- Download the appropriate .zip file for
Linux.
- Extract and move it to /usr/local/bin:
# bash
unzip terraform_*.zip
sudo mv terraform
/usr/local/bin/
terraform -version
install
and configure aws cli
Naviagate
into docker module to provision a server in aws, using terraform code : while
bootstrapping the packages.
Inspect
the codes (file) : To ensure the configuration is okay
for the resources referenced.
Bootstrapped
script
Provider:
Resources:
Variables:
Initialize
the modole
Format
the codes:
Make a plan:
Verify whether that docker-trivy server is provision successfully
form aws console with : terraform code
Yes
SSH into server to Verify whether the packages were successfully
bootstrapped: docker architecture and trivy image scanner.
Asw : UI
Verify whether docker engine is running, and enabled
Verify version of trivy image scanner bootstrapped: trivy
--version
Verify version of docker bootstrapped: docker
--version
How twtech pull a docker image to the system: docker
pull devopspatemf2021/webapps:latest
Image version:
List the image pulled: docker
images
To tag the image and push to the ECR:
twtech-pub-repo
Make sure aws-cli is installed
sudo
snap install aws-cli --classic
And aws-cli configured: aws
configure
Next:
Create
IAM for ECR:
Search for the service: IAM
Create user : twtech-ecr-user
Attach a policy to the user:
AmazonEC2ContainerRegistryFullAccess
Create policy:
View
image push command for public ECR:
twtech-pub-repo
Make
sure that twtech has the latest version of the AWS CLI and Docker installed.
For more information, see Getting Started with Amazon ECR .
Use
the following steps to authenticate and push an image to twtech repository. For
additional registry authentication methods, including the Amazon ECR credential
helper, see Registry Authentication .
- Retrieve an authentication token and authenticate twtech Docker
client to its registry. Use the AWS CLI:
aws
ecr-public get-login-password --region us-east-1 | docker login --username AWS
--password-stdin public.ecr.aws/r3r4y7h7
Note:
If twtech receives an error using the AWS CLI, it should make sure that it has the
latest version of the AWS CLI and Docker installed.
docker tag
devopspatemf2021/webapps:latest public.ecr.aws/r3r4y7h7/twtech-pub-repo:latest-webapp
docker push
public.ecr.aws/r3r4y7h7/twtech-pub-repo:latest-webapp
Verify on the public ECR created: twtech-pub-ecr-repo.
Yes: successfully pushed a docker image to ECR
Commands for private ECR: twtech-priv-repo
Make
sure that twtech have the latest version of the AWS CLI and Docker installed.
For more information, see Getting Started with Amazon ECR .
Use
the following steps to authenticate and push an image to twtech repository. For
additional registry authentication methods, including the Amazon ECR credential
helper, see Registry Authentication .
- Retrieve an authentication token and authenticate twtech
Docker client to twtech registry. Use the AWS CLI:
aws ecr
get-login-password --region us-east-2 | docker login --username AWS
--password-stdin 98xxxxxxxxxx.dkr.ecr.us-east-2.amazonaws.com
docker tag
devopspatemf2021:latest: 980xxxxxx.dkr.ecr.us-east-2.amazonaws.com/twtech-priv-ecr-repo:latest-webapp
docker push
98xxxxxxxx.dkr.ecr.us-east-2.amazonaws.com/twtech-priv-ecr-repo:latest-webapp
Verify that image is pushed to the private ECR: twtech-priv-ecr-repo
Yes:
Addendum:
Youtube resource: https://www.youtube.com/watch?v=OBDiaKHK75c
How twtech eventually uses
aws app runner service to quickly deploy and access its applications
Search for aws service: aws app
runner
Create
aws app runner service name: twtech-webapp-runner-service
Source and deployment
Choose the source for your App Runner service and the way it's deployed.
Image
link: 98xxxxxxxxxxxx.dkr.ecr.us-east-2.amazonaws.com/twtech-priv-ecr-repo:latest-webapp
Source and deployment
Choose the source for your App Runner service and
the way it's deployed.
Source and deployment
Deployment
settings
Configure
service
Auto scaling
Configure automatic scaling behavior.
Health check
Configure load balancer health checks.
Networking
Configure the way your service communicates with other applications, services, and resources.
Observability: Configure
observability tooling.
Review and create
Step 1: Source and deployment
Step 2:
Configure service
Auto scaling
Health check
& Security
Networking ,
Observability & Tags
Create and deploy: twtech-app-runner
From : in progress of deployment
To:
successfully deployed
How twtech accesses the application woth the default domain: https://8bdxxxxxx.us-east-2.awsapprunner.com/
twtech-webapp has a context path that
must be added to the default domain to access the application:/twtech
To access the application event logs:
Log Events in CloudWatch:
How twtech deletes unwanted app runner : applications
Confirm
and: delete
No comments:
Post a Comment