By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Guide to creating an instance role that will allow my App Runner service to use values from SSM Parameter Store?

1

I have an existing App Runner service. In the 'Security' configuration section of my service, the 'Instance role' is blank. All is good, but....

I want to add a new environment variable to my service that uses a 'SSM Parameter Store' source. Doing so seems to make the 'Instance role' field required - just leaving it blank is no longer an option. However, when I click on the drop-down there are no roles listed.

So, I assume that I need to create an instance role in IAM. I've tried doing that, but I'm really confused. I've tried various ways of creating a new role, but none of them feel quite right, and the 'Instance role' continues to remain empty (even after refreshing).

Is there a simple walkthrough guide that explains how to create (using the AWS web console) the instance role that will allow my App Runner service to use values from the SSM Parameter Store?

Topics
ComputeContainersManagement & Governance
Tags
AWS App RunnerParameter Store
Language
English
Simon
asked a year ago973 views
2 Answers
2

Hi @Simon, You need to provide this as a trust policy for a App Runner instance role, then this new role would start showing up in the App Runner console

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "tasks.apprunner.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Once you have the new role, just make sure to assign the required permission to read data from SSM parameter store. Here is a blog that talks about this integration with a sample app that you can try it out - https://aws.amazon.com/blogs/containers/aws-app-runner-now-integrates-with-aws-secrets-manager-and-aws-systems-manager-parameter-store/. Hope this helps, let us know if you have any further questions. thanks

AWS
Hari
answered a year ago
  • Simon
    a year ago

    Thanks for your reply @Hari. It didn't tell me how to an instance role using the web console, but budged me towards a solution.

0
Accepted Answer

I didn't work out how to create the instance role that I needed using the web console. However, I was able to take the CloudFormation template from Hari's response and tweak it to fit my needs.

Simon
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content