This lab is provided as part of AWS Innovate Modern Applications Edition.
ℹ️ You will run this lab in your own AWS account. Please follow directions at the end of the lab to remove resources to avoid future costs.
AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required. Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption. App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.
In this lab, we will build a container image which we will push to Amazon Elastic Container Registry (ECR), a fully managed container registry. The container image we have built will then be deployed to AWS App Runner.
- Log in your AWS Account
- Click this link and open a new browser tab
- Click Next again to the stack review page, tick I acknowledge that AWS CloudFormation might create IAM resources box and click Create stack.
- Wait for a few minutes for stack creation to complete.
- Select the stack and note down the outputs (Cloud9EnvironmentId & InstanceProfile) on outputs tab for next step.
- Launch AWS EC2 Console.
- Use stack output value of Cloud9EnvironmentId as filter to find the Cloud9 instance.
- Right click the instance, Security -> Modify IAM Role.
- Choose the profile name matches to the InstanceProfile value from the stack output, and click Apply.
- Launch AWS Cloud9 Console
- Locate the Cloud9 environment created for this lab and click "Open IDE". The environment title should start with AppRunnerCloud9.
- At top menu of Cloud9 IDE, click AWS Cloud9 and choose Preferences.
- At left menu AWS SETTINGS, click Credentials.
- Disable AWS managed temporary credentials:
Run commands below on Cloud9 Terminal to clone this lab repository:
git clone https://github.com/phonghuule/aws-app-runner.git
Run commands below on Cloud9 Terminal to configure the settings that AWS Cli will use to interact with AWS:
aws configure
Provide inputs as follows:
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [us-west-2]: us-west-2
Default output format [≈]:
Our first step will be to create a repository in ECR, this is where we later will store our container image once it’s been built.
Use the following command:
aws ecr create-repository --repository-name hello-app-runner
We are interested in using the repositoryUri later, so that we can tag and push images to the repository, let’s go ahead and store that as an environment variable for easy access later on.
export ECR_REPOSITORY_URI=$(aws ecr describe-repositories --repository-names hello-app-runner --query 'repositories[?repositoryName==`hello-app-runner`].repositoryUri' --output text)
echo $ECR_REPOSITORY_URI
Expected Output:
948779419420.dkr.ecr.us-west-2.amazonaws.com/hello-app-runner
Note down the ECR_REPOSITORY_URI
It’s time to build our image, but before we can do that, we need to retrieve login credentials for our local container engine, so that we can push the image
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)
export AWS_REGION=us-west-2 # Change this to the region you are using, for example eu-west-1
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com
The Dockerfile contains the instructions for assembling our container image. Ours is relatively straight forward, it contains a basic splash page with links to relevant App Runner content. Let's have a look
cd ~/environment/aws-app-runner/hello-app-runner
cat Dockerfile
Let’s go ahead and build our image.
cd ~/environment/aws-app-runner/hello-app-runner
docker build -t hello-app-runner:demo .
Let's tag the image and push it to ECR:
docker tag hello-app-runner:demo $ECR_REPOSITORY_URI:demo
docker push $ECR_REPOSITORY_URI:demo
Before we create our App Runner service, we need to setup permissions so that App Runner can read from our ECR repository. Let’s start by creating an IAM role that App Runner will use, and the roles corresponding trust policy.
export TP_FILE=$(mktemp)
export ROLE_NAME=AppRunnerWorkshopAccessRole
cat <<EOF | tee $TP_FILE
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "build.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
aws iam create-role --role-name $ROLE_NAME --assume-role-policy-document file://$TP_FILE
rm $TP_FILE
Now we need to attach a policy to the IAM role which grants access to ECR. We will be using a managed policy which will grant the appropriate access. Let’s attach the policy to our role:
aws iam attach-role-policy --role-name $ROLE_NAME --policy-arn arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess
Now that we have configured our IAM role and policy, let’s go to App Runner and create our service.
Go to the AWS App Runner console and click Create an App Runner service.
For Repository type, select Container registry, and for Provider, select Amazon ECR, as we will be using the image we have previously built and pushed to our private ECR repository.
In the Container image URI input, enter the full URI for our image, you can get it by typing the following command in your terminal:
echo $ECR_REPOSITORY_URI:demo
In the Deployment settings section, select Automatic as the deployment trigger. And for ECR access role, select the role name we’ve previously created
Next, select a name for your service, enter hello-app-runner, and leave the rest with default values
Review our settings, and if everything looks good, click Create & Deploy. Your application will be deployed behind a managed load balancer with a TLS certificate. Automatic scaling is based on concurrent requests. Each service also provides CloudWatch metrics and logs for your container. You can focus on building your application while AWS handles the infrastructure.
Once status has moved to “Complete", you can click on the url listed below “Default domain” in order to view the actual web application you have just deployed.
In this section, we will introduce a change to app, build a new version of our container image, and see how AWS App Runner automatically the change, and deploys the new version.
Let’s introduce a change to our code that we will be able to visually inspect. Open templates/index.html in the Cloud9 editor, and change some text.
Before:
After, added "And we have automatic deployment":
Let’s build a new image with our code changes:
cd ~/environment/aws-app-runner/hello-app-runner
docker build -t hello-app-runner:demo .
docker tag hello-app-runner:demo $ECR_REPOSITORY_URI:demo
docker push $ECR_REPOSITORY_URI:demo
Our service will now transition into Operation in progress while the deployment occurs, once it is finished, the status will transtion to Running.
We can then validate that our deployment have succeeded, as we should now see different text when visiting the url
Navigate to Amazon ECR Console and delete hello-app-runner repository
Navigate to AWS App Runner Console and delete hello-app-runner service
Delete the Cloud 9 CloudFormation stack named AWS-App-Runner from AWS Console:
- Launch AWS CloudFormation Console
- Select stack AWS-App-Runner.
- In the stack details pane, choose Delete.
- Select Delete stack when prompted.