In order to deploy Dockerfile based services on AWS App Runner, a Docker image must be pushed to ECR.
Start by visiting the ECR console: https://console.aws.amazon.com/ecr/repositories
Select “Create Repository” to proceed.
Enter simple-express-repository
as your Repository name, and select “Private” in order to limit access to your repository. Click on “Create repository” in order to finalize creation. Once the repository is created, you’ll need to note the URI listed as you’ll need to refer to it later.
After the ECR repository is created, click the button to “View push commands” and copy the login command from step 1 (choosing your appropriate OS tab).
You will need to replace REGION and AWS_ACCOUNT_ID with the region you are using the AWS console from, and with your AWS account ID for the follow commands:
aws ecr get-login-password --region REGION | docker login --username AWS --password-stdin AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com
docker build -t simple-express-repository .
docker tag simple-express-repository:latest AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/simple-express-repository:latest
docker push AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/simple-express-repository:latest
Return to the AWS App Runner console at: https://console.aws.amazon.com/apprunner/home#/create
Select a repository type of “Container registry” and a provider of “Amazon ECR”. Enter the URI listed previously when creating the simple-express-repository
repository as the container image URI.
You’ll need a role which gives the AWS App Runner service access a Trust Relationship with ECR, and has access to required ECR resources. Create an IAM role which has the following trust relationship:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "build.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Attach a policy to this role which allows access to the ECR repository in question:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ecr:*",
"Resource": "*"
}
]
}
Once your role is created with access to ECR, return to https://console.aws.amazon.com/apprunner/home#/create to create an App Runner service using a Dockerfile.
Select “Container registry” from repository type, and “Amazon ECR” for provider. Under Container image URI, enter AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/simple-express-repository:latest
from above, substituting your AWS_ACCOUNT_ID in, along with your REGION.
Select the service role you created above, and proceed to Next.
Name your service - for example: “simple-express-docker”, and enter 3000 for your port, and proceed to Next, then click “Create & deploy” to initialise your service.
Wait for your service to be deployed. You can click on your newly created service and follow the URL to access your service.