By using AWS re:Post, you agree to the Terms of Use
/App Runner service cannot access Internet when added to a VPC/

App Runner service cannot access Internet when added to a VPC

0

I've set up an App Runner service, which works fine. Currently for networking it's configured as public access, but I'd like to change this to a VPC so that I can connect the service to an RDS instance without having to open the database up to the world.

When I change the networking config to use my default security group, the service is unable to access the Internet. Cloning a git repo from Bitbucket brings up the error:

ssh: Could not resolve hostname bitbucket.org: Try again

... and trying to run npm install brings up:

npm ERR! network request to https://registry.npmjs.org/gulp failed, reason: connect ETIMEDOUT 104.16.24.35:443

My security group has an outgoing rule allowing all traffic out to any destination. My RDS instance is in the same VPC/security group and I'm able to connect to this without issue (currently I've opened up port 3306 to the world). Everything else I've read from a bunch of Googling seems fine: route tables, internet gateways, firewall rules, etc.

Any help would be much appreciated!

2 Answers
0

I ran into the same issue and have used the following to sort it out -

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

answered 2 months ago
0

After a lot of trial and error i have finally found the solution.

You should first make sure that you select a public subnet when creating the VPC connector

Then, when the app runner service is running follow the next steps:

  1. Go to the network interfaces section, inside VPC module, and you will find one interface with a description starting to Fargate ENI... that belongs to the public subnet you choose when creating the app runner service. That's the network interface of your app runner service. Note down the id of that network interface, eni-...
  2. Now go to elastic ip, in the VPC module aswell, and allocate a new elastic ip address.
  3. Then, select the new elastic ip and, under the actions button, select associate elastic ip. There, choose network interface and select the network interface id of the step 1.
  4. After that, deploy the app runner service again and you should have internet connectivity.
answered 2 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions