From 49feee5561296524e4447590d0d8f66e8936cdaf Mon Sep 17 00:00:00 2001
From: AWS <>
Date: Thu, 5 Jan 2023 19:06:28 +0000
Subject: [PATCH] AWS App Runner Update: This release adds support of securely
referencing secrets and configuration data that are stored in Secrets Manager
and SSM Parameter Store by adding them as environment secrets in your App
Runner service.
---
.../feature-AWSAppRunner-1405742.json | 6 ++
.../codegen-resources/endpoint-rule-set.json | 2 +-
.../codegen-resources/endpoint-tests.json | 86 +++++++++----------
.../codegen-resources/service-2.json | 29 ++++++-
4 files changed, 77 insertions(+), 46 deletions(-)
create mode 100644 .changes/next-release/feature-AWSAppRunner-1405742.json
diff --git a/.changes/next-release/feature-AWSAppRunner-1405742.json b/.changes/next-release/feature-AWSAppRunner-1405742.json
new file mode 100644
index 000000000000..f11174b34bb1
--- /dev/null
+++ b/.changes/next-release/feature-AWSAppRunner-1405742.json
@@ -0,0 +1,6 @@
+{
+ "type": "feature",
+ "category": "AWS App Runner",
+ "contributor": "",
+ "description": "This release adds support of securely referencing secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding them as environment secrets in your App Runner service."
+}
diff --git a/services/apprunner/src/main/resources/codegen-resources/endpoint-rule-set.json b/services/apprunner/src/main/resources/codegen-resources/endpoint-rule-set.json
index 62c602ebd8b6..b5e64a69ca4f 100644
--- a/services/apprunner/src/main/resources/codegen-resources/endpoint-rule-set.json
+++ b/services/apprunner/src/main/resources/codegen-resources/endpoint-rule-set.json
@@ -3,7 +3,7 @@
"parameters": {
"Region": {
"builtIn": "AWS::Region",
- "required": false,
+ "required": true,
"documentation": "The AWS region used to dispatch the request.",
"type": "String"
},
diff --git a/services/apprunner/src/main/resources/codegen-resources/endpoint-tests.json b/services/apprunner/src/main/resources/codegen-resources/endpoint-tests.json
index 7173b9a6e0d6..07fe8077b2d7 100644
--- a/services/apprunner/src/main/resources/codegen-resources/endpoint-tests.json
+++ b/services/apprunner/src/main/resources/codegen-resources/endpoint-tests.json
@@ -8,9 +8,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-west-2"
+ "UseDualStack": true
}
},
{
@@ -21,9 +21,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -34,9 +34,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-west-2"
+ "UseDualStack": true
}
},
{
@@ -47,9 +47,9 @@
}
},
"params": {
+ "Region": "us-west-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-west-2"
+ "UseDualStack": false
}
},
{
@@ -60,9 +60,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "eu-west-1"
+ "UseDualStack": true
}
},
{
@@ -73,9 +73,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "eu-west-1"
+ "UseDualStack": false
}
},
{
@@ -86,9 +86,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "eu-west-1"
+ "UseDualStack": true
}
},
{
@@ -99,9 +99,9 @@
}
},
"params": {
+ "Region": "eu-west-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "eu-west-1"
+ "UseDualStack": false
}
},
{
@@ -112,9 +112,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "ap-northeast-1"
+ "UseDualStack": true
}
},
{
@@ -125,9 +125,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "ap-northeast-1"
+ "UseDualStack": false
}
},
{
@@ -138,9 +138,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "ap-northeast-1"
+ "UseDualStack": true
}
},
{
@@ -151,9 +151,9 @@
}
},
"params": {
+ "Region": "ap-northeast-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "ap-northeast-1"
+ "UseDualStack": false
}
},
{
@@ -164,9 +164,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -177,9 +177,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -190,9 +190,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-east-1"
+ "UseDualStack": true
}
},
{
@@ -203,9 +203,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-1"
+ "UseDualStack": false
}
},
{
@@ -216,9 +216,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": true,
- "UseDualStack": true,
- "Region": "us-east-2"
+ "UseDualStack": true
}
},
{
@@ -229,9 +229,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": true,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -242,9 +242,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": false,
- "UseDualStack": true,
- "Region": "us-east-2"
+ "UseDualStack": true
}
},
{
@@ -255,9 +255,9 @@
}
},
"params": {
+ "Region": "us-east-2",
"UseFIPS": false,
- "UseDualStack": false,
- "Region": "us-east-2"
+ "UseDualStack": false
}
},
{
@@ -268,9 +268,9 @@
}
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -280,9 +280,9 @@
"error": "Invalid Configuration: FIPS and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": true,
"UseDualStack": false,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
},
@@ -292,9 +292,9 @@
"error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
},
"params": {
+ "Region": "us-east-1",
"UseFIPS": false,
"UseDualStack": true,
- "Region": "us-east-1",
"Endpoint": "https://example.com"
}
}
diff --git a/services/apprunner/src/main/resources/codegen-resources/service-2.json b/services/apprunner/src/main/resources/codegen-resources/service-2.json
index 75f58ab6700f..8095b3e3b8e7 100644
--- a/services/apprunner/src/main/resources/codegen-resources/service-2.json
+++ b/services/apprunner/src/main/resources/codegen-resources/service-2.json
@@ -786,7 +786,11 @@
},
"RuntimeEnvironmentVariables":{
"shape":"RuntimeEnvironmentVariables",
- "documentation":"The environment variables that are available to your running App Runner service. An array of key-value pairs. Keys with a prefix of AWSAPPRUNNER are reserved for system use and aren't valid.
"
+ "documentation":"The environment variables that are available to your running App Runner service. An array of key-value pairs.
"
+ },
+ "RuntimeEnvironmentSecrets":{
+ "shape":"RuntimeEnvironmentSecrets",
+ "documentation":"An array of key-value pairs representing the secrets and parameters that get referenced to your service as an environment variable. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.
-
If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Amazon Web Services Region as the service that you're launching, you can use either the full ARN or name of the secret. If the parameter exists in a different Region, then the full ARN must be specified.
-
Currently, cross account referencing of Amazon Web Services Systems Manager Parameter Store parameter is not supported.
"
}
},
"documentation":"Describes the basic configuration needed for building and running an App Runner service. This type doesn't support the full set of possible configuration options. Fur full configuration capabilities, use a apprunner.yaml file in the source code repository.
"
@@ -1606,7 +1610,7 @@
"members":{
"RuntimeEnvironmentVariables":{
"shape":"RuntimeEnvironmentVariables",
- "documentation":"Environment variables that are available to your running App Runner service. An array of key-value pairs. Keys with a prefix of AWSAPPRUNNER are reserved for system use and aren't valid.
"
+ "documentation":"Environment variables that are available to your running App Runner service. An array of key-value pairs.
"
},
"StartCommand":{
"shape":"StartCommand",
@@ -1615,6 +1619,10 @@
"Port":{
"shape":"String",
"documentation":"The port that your application listens to in the container.
Default: 8080
"
+ },
+ "RuntimeEnvironmentSecrets":{
+ "shape":"RuntimeEnvironmentSecrets",
+ "documentation":"An array of key-value pairs representing the secrets and parameters that get referenced to your service as an environment variable. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.
-
If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Amazon Web Services Region as the service that you're launching, you can use either the full ARN or name of the secret. If the parameter exists in a different Region, then the full ARN must be specified.
-
Currently, cross account referencing of Amazon Web Services Systems Manager Parameter Store parameter is not supported.
"
}
},
"documentation":"Describes the configuration that App Runner uses to run an App Runner service using an image pulled from a source image repository.
"
@@ -2229,6 +2237,23 @@
"RUBY_31"
]
},
+ "RuntimeEnvironmentSecrets":{
+ "type":"map",
+ "key":{"shape":"RuntimeEnvironmentSecretsName"},
+ "value":{"shape":"RuntimeEnvironmentSecretsValue"}
+ },
+ "RuntimeEnvironmentSecretsName":{
+ "type":"string",
+ "max":2048,
+ "min":1,
+ "sensitive":true
+ },
+ "RuntimeEnvironmentSecretsValue":{
+ "type":"string",
+ "max":2048,
+ "min":1,
+ "sensitive":true
+ },
"RuntimeEnvironmentVariables":{
"type":"map",
"key":{"shape":"RuntimeEnvironmentVariablesKey"},