Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

App Runner connection to s3

1

I have deployed my backend API to App Runner. I want this API to be able to read and write to an s3 bucket that I have, but I consistently get timeout errors when performing this operation. I have written python code to read and write from s3 using the boto3 library and locally this works using my own credentials. However when I deploy my API to App Runner the request times out. I have added a bucket policy to allow the App Runner Instance role to read and write, and I have added read / write permissions to the App Runner Instance role. What can I do to resolve this?

Thanks!

Themen
KalkulationBehälterSpeicher
Tags
AWS App RunnerS3 Select
Sprache
English
rePost-User-3735011
gefragt vor 2 Jahren1397 Aufrufe
2 Antworten
0

I had the same problem. I fixed it by creating an S3 VPCEndpoint, like this in CloudFormation:

S3VpcEndpoint:
    # We need this VPCE type=Gateway so App Runner can reach S3.
    # I'm surprised I need this, as I thought App Runner didn't operate in my VPC
    Type: AWS::EC2::VPCEndpoint
    Properties:
      RouteTableIds:
        - !Ref PublicRouteTable
      ServiceName: !Sub "com.amazonaws.${AWS::Region}.s3"
      VpcId: !Ref VPC
shentonfreude
beantwortet vor 5 Monaten
  • shentonfreude
    vor 5 Monaten

    That was in addition to IAM policies that allowed access; again, from my CloudFormation

          Policies:
      - PolicyName: net-core-instance-role-policy
        PolicyDocument:
          Statement:
          - Effect: Allow
            Action:
              - s3:ListBucket
              - s3:GetBucketLocation
              - s3:ListBucketMultipartUploads # needed?
              - s3:ListBucketVersions         # needed?
            Resource: '*'       # TODO reference our S3 BUCKET ARN
          - Effect: Allow
            Action:
            - s3:DeleteObject
            - s3:GetObject
            - s3:GetObjectAcl
            - s3:PutObject
            - s3:PutObjectAcl
            - s3:ListMultipartUploadParts # needed?
            - s3:AbortMultipartUpload     # needed?
            Resource: '*'       # TODO reference our S3 OBJECT /* ARN
0

Hi,

Because of the timeout error, I'd recommend you to check the Security Groups attached to your App Runner instances if it authorizes outbound connections with HTTP/HTTPS ports.

Thanks

AWS
Julien
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt