App Runner Deployment Race Condition When Using CloudFormation - No Outbound Connectivity

I've noticed that App Runner instances can get into a weird state where they have no outbound connectivity (Not just DNS as mentioned in other questions, even a ping of 1.1.1.1 or a HTTP request to an AWS service such as DynamoDB fails) but still retains inbound connectivity.

This seems to happen sometimes in a specific deployment scenario when using CloudFormation, but not always.

Scenario

• An App Runner service has been created via CloudFormation
• The App Runner service has configured to auto-deploy from Elastic Container Registry
• App Runner is configured with a status check which does not rely on outbound connectivity
• Push a new container image to ECR (Or tag an existing image with a tag which will trigger the automatic deployment)
• Immediately start a CloudFormation deployment (There don't have to be any changes to the AppRunner configuration)

Sometimes this will cause App Runner to create an instance with no outbound connectivity. I've tested this with a .NET 6 container image but I suspect this will affect all images as even pings were failing.

Work-Around

• Disable auto-deployment of App Runner
• Manually trigger a deployment of App Runner via the AWS API as part of the deployment pipeline, after the CloudFormation deployment

This has worked every time for me to date.