1 Answer
- Newest
- Most votes
- Most comments
1
The trick part is the Allow sts:assumeRole for service tasks.apprunner.amazonaws.com
Resources: InstanceRole: Type: AWS::IAM::Role Properties: RoleName: AppRunnerExecutionRole MaxSessionDuration: 28800 # 8h ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3FullAccess AssumeRolePolicyDocument: Statement: - Effect: Allow Action: sts:AssumeRole Principal: Service: tasks.apprunner.amazonaws.com AppRunnerService: Type: AWS::AppRunner::Service Properties: ServiceName: service SourceConfiguration: AuthenticationConfiguration: AccessRoleArn: "arn:aws:iam::xxx:role/service-role/AppRunnerECRAccessRole" AutoDeploymentsEnabled: true ImageRepository: ImageIdentifier: "xxx.dkr.ecr.us-east-1.amazonaws.com/xxx:latest" ImageRepositoryType: ECR ImageConfiguration: Port: 8080 InstanceConfiguration: Cpu: 2048 Memory: 4096 InstanceRoleArn: Fn::GetAtt: [ InstanceRole, Arn ]
answered 3 years ago
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 9 months ago