Skip to content

Commit

Permalink
feat(aws-apprunner): support the Service L2 construct (#15810)
Browse files Browse the repository at this point in the history
Support the `Service` L2 construct for App Runner.

- [x] implementation
- [x] unit testing and integ testing
- [x] README


## What's included

This PR introduces the initial L2 implementation of the `Service` construct.  We are allowed to create App Runner services with:

1.  ECR public
2. ECR(private) from any existing ECR repository
3. ECR(private) built and pushed from local assets
3. remote github repository

## Design

AWS App Runner allows us to create `Service` with `ECR_PUBLIC`, `ECR` and `Github`. We should specify the source  with the `source` property to define the source of the repository for the `Service` and conditionally create the required IAM access role for `ECR` to pull the required images([doc](https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles)).

```
source: Source.fromEcrPublic()  // To define a source from ECR Public container image.
source: Source.fromEcr()  // To define a source from ECR container image.
source: Source.fromGitHub()  // To define a source from a GitHub repository.
source: Source.fromAsset()  // To define a source from local code asset directory.
```

The [connection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-authenticationconfiguration.html#cfn-apprunner-service-authenticationconfiguration-connectionarn) for Github is required for `Source.fromGitHub()`.  However, as there's no cloudformation support to create the App Runner `connection`, an existing connection will be required for service with github as the source.

Closes: #14813 


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
pahud authored Sep 23, 2021
1 parent 7cf5676 commit 3cea941
Show file tree
Hide file tree
Showing 9 changed files with 1,814 additions and 9 deletions.
113 changes: 113 additions & 0 deletions packages/@aws-cdk/aws-apprunner/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@
>
> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)

> The APIs of higher level constructs in this module are experimental and under active development.
> They are subject to non-backward compatible changes or removal in any future version. These are
> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
> announced in the release notes. This means that while you may use them, you may need to update
> your source code when upgrading to a newer version of this package.
---

<!--END STABILITY BANNER-->
Expand All @@ -18,3 +26,108 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw
```ts
import apprunner = require('@aws-cdk/aws-apprunner');
```

## Introduction

AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required. Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption. App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.

## Service

The `Service` construct allows you to create AWS App Runner services with `ECR Public`, `ECR` or `Github` with the `source` property in the following scenarios:

- `Source.fromEcr()` - To define the source repository from `ECR`.
- `Source.fromEcrPublic()` - To define the source repository from `ECR Public`.
- `Source.fromGitHub()` - To define the source repository from the `Github repository`.
- `Source.fromAsset()` - To define the source from local asset directory.


## ECR Public

To create a `Service` with ECR Public:

```ts
new Service(stack, 'Service', {
source: Source.fromEcrPublic({
imageConfiguration: { port: 8000 },
imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
}),
});
```

## ECR

To create a `Service` from an existing ECR repository:

```ts
new Service(stack, 'Service', {
source: Source.fromEcr({
imageConfiguration: { port: 80 },
repository: ecr.Repository.fromRepositoryName(stack, 'NginxRepository', 'nginx'),
tag: 'latest',
}),
});
```

To create a `Service` from local docker image asset directory built and pushed to Amazon ECR:

```ts
const imageAsset = new assets.DockerImageAsset(stack, 'ImageAssets', {
directory: path.join(__dirname, './docker.assets'),
});
new Service(stack, 'Service', {
source: Source.fromAsset({
imageConfiguration: { port: 8000 },
asset: imageAsset,
}),
});
```

## GitHub

To create a `Service` from the GitHub repository, you need to specify an existing App Runner `Connection`.

See [Managing App Runner connections](https://docs.aws.amazon.com/apprunner/latest/dg/manage-connections.html) for more details.

```ts
new Service(stack, 'Service', {
source: Source.fromGitHub({
repositoryUrl: 'https://github.com/aws-containers/hello-app-runner',
branch: 'main',
configurationSource: ConfigurationSourceType.REPOSITORY,
connection: GitHubConnection.fromConnectionArn('CONNECTION_ARN'),
}),
});
```

Use `codeConfigurationValues` to override configuration values with the `API` configuration source type.

```ts
new Service(stack, 'Service', {
source: Source.fromGitHub({
repositoryUrl: 'https://github.com/aws-containers/hello-app-runner',
branch: 'main',
configurationSource: ConfigurationSourceType.API,
codeConfigurationValues: {
runtime: Runtime.PYTHON_3,
port: '8000',
startCommand: 'python app.py',
buildCommand: 'yum install -y pycairo && pip install -r requirements.txt',
},
connection: GitHubConnection.fromConnectionArn('CONNECTION_ARN'),
}),
});
```


## IAM Roles

You are allowed to define `instanceRole` and `accessRole` for the `Service`.

`instanceRole` - The IAM role that provides permissions to your App Runner service. These are permissions that
your code needs when it calls any AWS APIs.

`accessRole` - The IAM role that grants the App Runner service access to a source repository. It's required for
ECR image repositories (but not for ECR Public repositories). If not defined, a new access role will be generated
when required.

See [App Runner IAM Roles](https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more details.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-apprunner/lib/index.ts
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
// AWS::AppRunner CloudFormation Resources:
export * from './apprunner.generated';
export * from './service';
Loading

0 comments on commit 3cea941

Please sign in to comment.