DNS resolution failure from App Runner

1

Any time my application tries to resolve a domain from within App Runner, it fails. For example, the Auth0 client fails with the following error:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host=’<MY_AUTH0_ID_HERE>.us.auth0.com’, port=443): Max retries exceeded with url: /.well-known/jwks.json (Caused by NewConnectionError(’<urllib3.connection.HTTPSConnection object at 0x7fcfbf9b7eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’)) 12-27-2021 03:35:30 PM raise ConnectionError(e, request=request)

I was experiencing the same issue calling another service running in App Runner. I don't see any VPC settings to configure. It sounds similar to the issue here: https://repost.aws/questions/QUnm9sWqVHTyKYX_UOKnpmHg/app-runner-and-rds.

Thanks!

asked 2 years ago1332 views
4 Answers
1

We have a similar issue with a dockerized app on AppRunner - related to DNS resolution (Temporary failure in name resolution => EAI_AGAIN error):

FetchError: request to https://via.placeholder.com/1000x640 failed, reason: getaddrinfo EAI_AGAIN via.placeholder.com

It only happens after a new deployment (new docker image to fetch) to AppRunner. After a pause/resume of the app the issue is gone. No issues when resolving AWS internal services though. Luckily we won't use placeholder images in prod (and have no other calls to the outside).

Update: In my case it seems related to alpine as base image (more details -> https://github.com/nodejs/docker-node/issues/1030). After switching from node:16-alpine to node:16-slim, the issue has gone.

answered 2 years ago
  • I'll give this a shot if it starts to happen to me again and report back.

1

We experienced the same issue, intermittent DNS lookup failures of an RDS hostname from an App Runner python microservice. For us, switching the resolver implementation to ares (GEVENT_RESOLVER="ares" environment variable) fixed these issues.

answered 2 years ago
1

That issue is more about connecting to a private entity in a VPC (which is not possible - today- given that an App Runner service does not connect to a VPC). You should be able to resolve any public DNS name however. I am wondering if the FQDN you are using is malformed in some way? Can you test something really simple like curling/getting www.google.com or anything as basic in order to validate that public name resolution inside the service works?

[UPDATE]: I built this super simple/stupid application to prove an app deployed to App Runner can resolve and connect to the Internet. You can deploy it to App Runner and see how it can connect to a public website.

AWS
EXPERT
answered 2 years ago
0

I've tried hardcoding google.com and got the same error. This isn't intermittent for me - I'm getting 100% failure. I'll see if changing the resolver works, thanks!

answered 2 years ago
  • See my updated answer above

  • I'm getting a 404 on that path - is it public? I'll definitely give it a shot.

  • Damn it, it was not. Now it is.

  • I recreated your API method in my app (also Flask) and.... it worked. Not only did the call to Google work, but the Auth0 call that was previously throwing the error I posted also worked with no other changes to the code. So now my app is working again!

    I want to know what fixed it I will keep poking at this and post if I find anything out. Thanks for your help!!

  • Cool. Glad it worked.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions