feat(apprunner): add ipAddressType property to the Service class (#30351

)

### Issue # (if applicable)

N/A

### Reason for this change
AppRunner supported Dual Stack.

https://aws.amazon.com/about-aws/whats-new/2023/11/aws-app-runner-supports-ipv6-public-inbound-traffic/?nc1=h_ls

But current L2 Construct (alpha module) does not support it.


### Description of changes
Add ipAddressType property to the Service class



### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-apprunner-alpha/README.md

@@ -180,6 +180,26 @@ new apprunner.Service(this, 'Service', {
 });
 ```
 
+## Dual Stack
+
+To use dual stack (IPv4 and IPv6) for your incoming public network configuration, set `ipAddressType` to `IpAddressType.DUAL_STACK`.
+
+```ts
+new apprunner.Service(this, 'Service', {
+  source: apprunner.Source.fromEcrPublic({
+    imageConfiguration: { port: 8000 },
+    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
+  }),
+  ipAddressType: apprunner.IpAddressType.DUAL_STACK,
+});
+```
+
+**Note**: Currently, App Runner supports dual stack for only Public endpoint.
+Only IPv4 is supported for Private endpoint.
+If you update a service that's using dual-stack Public endpoint to a Private endpoint,
+your App Runner service will default to support only IPv4 for Private endpoint and fail
+to receive traffic originating from IPv6 endpoint.
+
 ## Secrets Manager
 
 To include environment variables integrated with AWS Secrets Manager, use the `environmentSecrets` attribute.

packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts

@@ -723,6 +723,13 @@ export interface ServiceProps {
    * @default - Use an AWS managed key
    */
   readonly kmsKey?: kms.IKey;
+
+  /**
+   * The IP address type for your incoming public network configuration.
+   *
+   * @default - IpAddressType.IPV4
+   */
+  readonly ipAddressType?: IpAddressType;
 }
 
 /**
@@ -1004,6 +1011,21 @@ export class HealthCheck {
   }
 }
 
+/**
+ * The IP address type for your incoming public network configuration.
+ */
+export enum IpAddressType {
+  /**
+   * IPV4
+   */
+  IPV4 = 'IPV4',
+
+  /**
+   * DUAL_STACK
+   */
+  DUAL_STACK = 'DUAL_STACK',
+}
+
 /**
  * Attributes for the App Runner Service
  */
@@ -1255,6 +1277,7 @@ export class Service extends cdk.Resource implements iam.IGrantable {
           egressType: this.props.vpcConnector ? 'VPC' : 'DEFAULT',
           vpcConnectorArn: this.props.vpcConnector?.vpcConnectorArn,
         },
+        ipAddressType: this.props.ipAddressType,
       },
       healthCheckConfiguration: this.props.healthCheck ?
         this.props.healthCheck.bind() :

packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ip-address-type.js.snapshot/integ-apprunner-ip-address-type.template.json

@@ -0,0 +1,104 @@
+{
+ "Resources": {
+  "ServiceInstanceRoleDFA90CEC": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "tasks.apprunner.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    }
+   }
+  },
+  "ServiceDBC79909": {
+   "Type": "AWS::AppRunner::Service",
+   "Properties": {
+    "InstanceConfiguration": {
+     "InstanceRoleArn": {
+      "Fn::GetAtt": [
+       "ServiceInstanceRoleDFA90CEC",
+       "Arn"
+      ]
+     }
+    },
+    "NetworkConfiguration": {
+     "EgressConfiguration": {
+      "EgressType": "DEFAULT"
+     },
+     "IpAddressType": "DUAL_STACK"
+    },
+    "ServiceName": "service",
+    "SourceConfiguration": {
+     "AuthenticationConfiguration": {},
+     "AutoDeploymentsEnabled": false,
+     "ImageRepository": {
+      "ImageConfiguration": {
+       "Port": "8000"
+      },
+      "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest",
+      "ImageRepositoryType": "ECR_PUBLIC"
+     }
+    }
+   }
+  }
+ },
+ "Outputs": {
+  "URL": {
+   "Value": {
+    "Fn::Join": [
+     "",
+     [
+      "https://",
+      {
+       "Fn::GetAtt": [
+        "ServiceDBC79909",
+        "ServiceUrl"
+       ]
+      }
+     ]
+    ]
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}