App Runner architecture and concepts
AWS App Runner takes your source code or source image from a repository, and creates and maintains a running web service for you in the AWS Cloud. Typically, you need to call just one App Runner action, CreateService, to create your service.
With a source image repository, you provide a ready-to-use container image that App Runner can deploy to run your web service. With a source code repository, you provide your code and instructions for building and running a web service, and you target a specific runtime environment. App Runner supports several programming platforms, each with one or more managed runtimes for platform major versions.
At this time, App Runner can retrieve your source code from either a Bitbucket
The following diagram shows an overview of the App Runner service architecture. In the diagram, there are two example services: one deploys source code from GitHub, and the other deploys a source image from Amazon ECR. The same flow applies to the Bitbucket repository.
App Runner concepts
The following are key concepts related to your web service that's running in App Runner:
-
App Runner service – An AWS resource that App Runner uses to deploy and manage your application based on its source code repository or container image. An App Runner service is a running version of your application. For more information about creating a service, see Creating an App Runner service.
-
Source type – The type of source repository that you provide for deploying your App Runner service: source code or source image.
-
Repository provider – The repository service that contains your application source (for example, GitHub, Bitbucket, or Amazon ECR).
-
App Runner connection – An AWS resource that lets App Runner access a repository provider account (for example, a GitHub account or organization). For more information about connections, see Managing App Runner connections.
-
Runtime – A base image for deploying a source code repository. App Runner provides a variety of managed runtimes for different programming platforms and versions. For more information, see App Runner service based on source code.
-
Deployment – An action that applies a version of your source repository (code or image) to an App Runner service. The first deployment to the service occurs as part of service creation. Later deployments can occur in one of two ways:
-
Automatic deployment – A CI/CD capability. You can configure an App Runner service to automatically build (for source code) and deploy each version of your application as it appears in the repository. This can be a new commit in a source code repository or a new image version in a source image repository.
-
Manual deployment – A deployment to your App Runner service that you explicitly start.
-
-
Custom domain – A domain that you associate with your App Runner service. Users of your web application can use this domain to access your web service instead of the default App Runner subdomain. For more information, see Managing custom domain names for an App Runner service.
Note
To augment the security of your App Runner applications, the *.awsapprunner.com domain is registered in the Public Suffix List (PSL)
. For further security, we recommend that you use cookies with a __Host-prefix if you ever need to set sensitive cookies in the default domain name for your App Runner applications. This practice will help to defend your domain against cross-site request forgery attempts (CSRF). For more information see the Set-Cookiepage in the Mozilla Developer Network. -
Maintenance – An activity that App Runner occasionally performs on the infrastructure that runs your App Runner service. When maintenance is in progress, service status temporarily changes to
OPERATION_IN_PROGRESS(Operation in progress in the console) for a few minutes. Actions on your service (for example, deployment, configuration update, pause/resume, or deletion) are blocked during this time. Try the action again a few minutes later, when the service status returns toRUNNING.Note
If your action fails, it doesn't mean that your App Runner service is down. Your application is active and keeps handling requests. It's unlikely for your service to experience any downtime.
In particular, App Runner migrates your service if it detects issues in the underlying hardware hosting the service. To prevent any service downtime, App Runner deploys your service to a new set of instances and shifts traffic to them (a blue-green deployment). You might occasionally see a slight temporary increase in charges.
App Runner supported configurations
When you configure an App Runner service, you specify the virtual CPU and memory configuration to allocate to your service.
You pay based on the compute configuration that you select. For more information on pricing, see AWS Resource Groups
Pricing
The following table provides information on the vCPU and memory configurations that App Runner supports:
| CPU | Memory |
|---|---|
|
0.25 vCPU |
0.5 GB |
|
0.25 vCPU |
1 GB |
|
0.5 vCPU |
1 GB |
|
1 vCPU |
2 GB |
|
1 vCPU |
3 GB |
|
1 vCPU |
4 GB |
|
2 vCPU |
4 GB |
|
2 vCPU |
6 GB |
|
4 vCPU |
8 GB |
|
4 vCPU |
10 GB |
|
4 vCPU |
12 GB |
App Runner resources
When you use App Runner, you create and manage a few types of resources in your AWS account. These resources are used to access your code and manage your services.
The following table provides an overview of these resources:
| Resource name | Description |
|---|---|
|
Service |
Represents a running version of your application. Much of the rest of this guide describes service types, management, configuration, and monitoring. ARN:
|
|
Connection |
Provides your App Runner services with access to private repositories stored with third-party providers. Exists as a separate resource for sharing across multiple services. For more information about connections, see Managing App Runner connections. ARN:
|
|
AutoScalingConfiguration |
Provides your App Runner services with settings that control the automatic scaling of your application. Exists as a separate resource for sharing across multiple services. For more information about automatic scaling, see Managing App Runner automatic scaling. ARN:
|
|
ObservabilityConfiguration |
Configures additional application observability features for your App Runner services. Exists as a separate resource for sharing across multiple services. For more information about observability configuration, see Configuring observability for your service. ARN:
|
|
VpcConnector |
Configures VPC settings for your App Runner services. Exists as a separate resource for sharing across multiple services. For more information about VPC functionality, see Enabling VPC access for outgoing traffic . ARN:
|
|
VpcIngressConnection |
It's an AWS App Runner resource used to configure incoming traffic. It establishes a connection between a VPC interface endpoint and App Runner service, to make your App Runner service accessible from only within an Amazon VPC. For more information about functionality of VPCIngressConnection, see Enabling Private endpoint for incoming traffic. ARN:
|
App Runner resource quotas
AWS imposes some quotas (also known as limits) on your account for AWS resource usage in each AWS Region. The following table lists quotas related to App Runner resources. Quotas are also listed in AWS App Runner endpoints and quotas in the AWS General Reference.
| Resource quota | Description | Default value | Adjustable? | |
|---|---|---|---|---|
|
Services |
The maximum number of services that you can create in your account for each AWS Region. |
30 |
|
|
|
Connections |
The maximum number of connections that you can create in your account for each AWS Region. You can use a single connection in multiple services. |
10 |
|
|
|
Auto scaling configurations |
names |
The maximum number of unique names that you can have in auto scaling configurations that you create in your account for each AWS Region. You can use a single auto scaling configuration in multiple services. |
10 |
|
|
revisions per name |
The maximum number of auto scaling configuration revisions that you can create in your account for each AWS Region for each unique name. You can use a single auto scaling configuration revision in multiple services. |
5 |
|
|
|
Observability configurations |
names |
The maximum number of unique names that you can have in observability configurations that you create in your account for each AWS Region. You can use a single observability configuration in multiple services. |
10 |
|
|
revisions per name |
The maximum number of observability configuration revisions that you can create in your account for each AWS Region for each unique name. You can use a single observability configuration revision in multiple services. |
10 |
|
|
|
VPC connectors |
The maximum number of VPC connectors that you can create in your account for each AWS Region. You can use a single VPC connector in multiple services. |
10 |
|
|
|
VPC Ingress Connection |
The maximum number of VPC Ingress Connections that you can create in your account for each AWS Region. You can use a single VPC Ingress Connection to access multiple App Runner services. |
1 |
|
|
Most quotas are adjustable, and you can request a quota increase for them. For more information, see Requesting a quota increase in the Service Quotas User Guide.
