AppRunner Does Not Utilize Custom IAM Instance Role

0

I've got a container that I'm trying to have executed by AppRunner. When I don't specify an instance role, the service fails as expected due to lack of permissions to access AWS resources, in this case SecretsManager.

When I link a custom role with the required IAM permissions, the service fails to start altogether after halting for about 5 minutes. Here are the logs:

11-01-2022 03:11:49 PM npm ERR!     /root/.npm/_logs/2022-11-01T22_08_00_359Z-debug-0.log
11-01-2022 03:11:49 PM npm ERR! A complete log of this run can be found in:
11-01-2022 03:11:49 PM npm ERR! command sh -c -- npx prisma migrate deploy && node ./dist/src/api.host/main
11-01-2022 03:11:49 PM npm ERR! signal SIGTERM
11-01-2022 03:11:49 PM npm ERR! command failed
11-01-2022 03:11:49 PM npm ERR! path /
11-01-2022 03:08:06 PM No pending migrations to apply.
11-01-2022 03:08:05 PM 33 migrations found...
11-01-2022 03:08:05 PM Datasource "db": PostgreSQL database "... schema "public" at "..."
11-01-2022 03:08:05 PM Prisma schema loaded from prisma/schema.prisma
11-01-2022 03:08:00 PM > npx prisma migrate deploy && node ./dist/.../main
11-01-2022 03:08:00 PM > backend@0.0.1 start:prod

I've verified that the app runner service is connected to the relevant IAM role with aws apprunner describe-service --service-arn ... which shows that

{
  "Service": {
    "InstanceConfiguration": {
      "InstanceRoleArn": "...what_I_expect..."
    }
   }
}

But when I look at the IAM role in the console, it shows that it's never been used. Any thoughts?

1 Answer
0

Hello, the error you have mentioned does not seems to be related to IAM instance role not being used for the AppRunner service. To troubleshoot more on why the error is occurring and whether the IAM instance role is being used in the AppRunner service or not we would have to check your AppRunner service. Thus I would request you to open a new Support case with us and also share the AppRunner service ARN in the new case.

Thank you !

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions