By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AppRunner service fails to update with new ECR access role

0

I have an App Runner service that was created successfully, but fails to update if I change the ECR access role. Nothing about the role changed other than the name.

It takes 40min for the update to eventually fail, and the only error messages I receive are:

06-27-2022 03:50:43 PM [AppRunner] Service status is set to RUNNING.
06-27-2022 03:50:42 PM [AppRunner] Service update failed. For details, see service logs.
06-27-2022 03:11:04 PM [AppRunner] Service status is set to OPERATION_IN_PROGRESS.
06-27-2022 03:11:04 PM [AppRunner] Service update started.

Is this a known issue?

  • Hari
    2 years ago

    Thanks for reporting the issue, are the list of permissions assigned to both the roles is identical/same. Since you are using a ECR, the role passed in should have the required permissions to access the target ECR repository. Can you please share some insights around this, so we can look into this issue. Also, can you please share the ARN of the App Runner service? Thanks.

Topics
ComputeContainers
Tags
AWS App Runner
Language
English
Russ
asked 2 years ago679 views
1 Answer
1
Accepted Answer

Hello Russ,

Greetings for the day!

I see that changing the ECR Access Role in the AWS AppRunner service is causing the service update to fail. The list of known issues with AWS AppRunner can tracked on the AppRunner Roadmap - https://github.com/aws/apprunner-roadmap/issues?q=is%3Aissue+is%3Aopen

I was not able to find any issue related to the change in ECR Access Role leading to the failure in service update but I am able to replicate the issue in my test account as well.

I have logged the issue in the service Roadmap and the concerned team will take the necessary action on it. You can follow the issue here - https://github.com/aws/apprunner-roadmap/issues/142

If you want to add any other information related to the issue, please feel free to add it over the github issue.

Regards, Gurpreet S.

AWS
SUPPORT ENGINEER
Gurpreet Singh
answered 2 years ago
  • Hari
    2 years ago

    Thanks for reporting the issue, are the list of permissions assigned to both the roles is identical/same. Since you are using a ECR, the role passed in should have the required permissions to access the target ECR repository. Can you please share some insights around this, so we can look into this issue. Also, can you please share the ARN of the App Runner service? Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content