Questions tagged with AWS App Runner

The database looks OK but starting from tonight no communication from any client Any ideas on what should I do to fix it?

The DNS entries for custom App Runner domains are CNAME entries. This is not specified anywhere on the Custom Domain page DNS list for the domains, which makes it challenging to implement (especially for folk without much DNS experience that may think they are TXT records or something).

``` 05-19-2022 09:29:04 PM [AppRunner] Health check on port '8080' failed. Service is rolling back. Check your configured port number. For more information, read the application logs. 05-19-2022 09:22:49 PM [AppRunner] Performing health check on port '8080'. 05-19-2022 09:22:39 PM [AppRunner] Provisioning instances and deploying image. 05-19-2022 09:22:27 PM [AppRunner] Successfully pulled image from ECR. 05-19-2022 09:19:34 PM [AppRunner] Successfully created pipeline for automatic deployments. 05-19-2022 09:19:23 PM [AppRunner] Service status is set to OPERATION_IN_PROGRESS. 05-19-2022 09:19:22 PM [AppRunner] Service creation started. ``` I try to setup a new AppRunner service, I use ecr to upload my docker image. on my local pc the docker image is running fine on http://localhost:8080/ but when I try to upload it to AppRunner it always fails. I searched online for a solution but could find something that helped me. Is there ant possibility that the issue is on aws side?

I am running a spring boot application on AWS App Runner. The application failed to connect to salesforce Marketing cloud Rest API. Here an example of sample code I am trying (which works perfectly in my machine and in another normal EC2). String query = "https://xxxxxxxx.auth.marketingcloudapis.com/v2/token"; String json = "{\n" + "\"grant_type\": \"client_credentials\",\n" + "\"client_id\": \"xxxxxx\",\n" + "\"client_secret\": \"xxxxxx\"" + "}\n"; URL url = new URL(query); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setConnectTimeout(10000); conn.setReadTimeout(10000); conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8"); conn.setDoOutput(true); conn.setDoInput(true); conn.setRequestMethod("POST"); OutputStream os = conn.getOutputStream(); os.write(json.getBytes("UTF-8")); os.close(); // read the response InputStream in = new BufferedInputStream(conn.getInputStream()); String text = new BufferedReader( new InputStreamReader(in, StandardCharsets.UTF_8)) .lines() .collect(Collectors.joining("\n")); System.out.println(text);

Good afternoon dear experts. Help solve the issue. I run the sh file (with rights) through the terminal, I get No such file or directory /.bashrc Google didn't help. I'm beating this wall for the 3rd evening). sh file content: source ~/.bashrc cd ~/data python file.py Contents of the .bashrc file: "# .bashrc" export PATH="~/.pyenv/bin:$PATH" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi "# Uncomment the following line if you don't like systemctl's auto-paging feature:" "# export SYSTEMD_PAGER=" "# User specific aliases and functi" "# >>> conda initialize >>>" "# !! Contents within this block are managed by 'conda init' !!" __conda_setup="$('/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else if [ -f "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" ]; then . "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" else export PATH="/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin:$PATH" fi fi unset __conda_setup "# <<< conda initialize <<<"

Looking at the CloudWatch metric AppRunner > Instance metrics > CPU Utilization, I see that my instance is reaching up to 1000 of an unknown unit. Well, the question here is simple - what is the unit for CPU Utilization? Here are my theories so far: - The official [docs page](https://docs.aws.amazon.com/apprunner/latest/dg/monitor-cw.html) on AppRunner metrics is not very helpful; their description is "The average CPU usage during one-minute periods." - The most obvious is percentage of CPU, but that should stop at 100%, so 1000% doesn't make much sense. - According to some other AWS products though, 100% = 1vCPU. This SageMaker [question](https://aws.amazon.com/premiumsupport/knowledge-center/sagemaker-cpu-gpu-utilization-100/) says 400% = 4 vCPUs. So 1000 would be 10 vCPUs. - But my instances are configured to use 1vCPU & 2 GB. So I'd still expect a max of 100, not 1000. Am I allowed to go above the max for brief amounts of time? Will I be charged extra if so? - Another theory is that this might be something to do with less than 1vCPU - like AWS Lambda's CPU throttling which lets you use less than 1vCPU. ie, 1000 = 1vCPU. - Finally, I might be doing something wrong. I'd be happy to share some details of my setup. I'm using maximum for aggregation statistic in Cloud Watch & only 1 instance is running. But to sum up - does anyone know what the unit is for AppRunner's CPU Utilization?

I am building an app to connect global intercultural development mentors and learners in the workplace. Do I start with Amazon CloudFront?

App Runner actions work very slow for me. create/pause/resume may take 2-5 minutes for simple demo image (`public.ecr.aws/aws-containers/hello-app-runner:latest`) and create-service when image not found takes ~10 minutes: example #1 - 5 min to deploy hello-app image ``` 04-17-2022 05:59:55 PM [AppRunner] Service status is set to RUNNING. 04-17-2022 05:59:55 PM [AppRunner] Deployment completed successfully. 04-17-2022 05:59:44 PM [AppRunner] Successfully routed incoming traffic to application. 04-17-2022 05:58:33 PM [AppRunner] Health check is successful. Routing traffic to application. 04-17-2022 05:57:01 PM [AppRunner] Performing health check on port '8000'. 04-17-2022 05:56:51 PM [AppRunner] Provisioning instances and deploying image. 04-17-2022 05:56:42 PM [AppRunner] Successfully pulled image from ECR. 04-17-2022 05:54:56 PM [AppRunner] Service status is set to OPERATION_IN_PROGRESS. 04-17-2022 05:54:55 PM [AppRunner] Deployment started. ``` example #2 - 10 min when image not found ``` 04-17-2022 05:35:41 PM [AppRunner] Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository. 04-17-2022 05:25:47 PM [AppRunner] Starting to pull your application image. ``` example #3 - 10 min when image not found ``` 04-17-2022 06:46:24 PM [AppRunner] Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository. 04-17-2022 06:36:31 PM [AppRunner] Starting to pull your application image. ``` but 404 error should be detected immediately and fail much faster. because no need to retry 404 many times for 10 min, right? additionally the error message `Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository` is very confusing. it doesn't show image name and doesn't provide the actual cause. 404 is not related to access errors like 401 or 403, correct? can App Runner actions performance and error message be improved?

I have a rails api running on AppRunner and I can't find a way to ssh into the container so I can run migrations or any other one off rake tasks that I anticipate.

This is a real pain. After configuring all the ENV variables and the service options, the deployment will fail if, for example, there is a bad source image or the source image repo is empty. Afterwards, there is no option to retry it - the "resume" is greyed out, and there is no button that will redo the deployment. Why? Why do I have to delete this now and enter everything again? This is very tedious.

Hello, I have some question about configuration App Runner Service. I have two DB instances (eg. Oracle and PostgreSQL) and I wonder if I can configure App Runner so that my Web API connects to the specified base by entering environment variables ([Key][Value]) during configuration? Without interfering with the code itself. I would like to apply one universal Docker image to several App Runner services. EG. App Runner (Key: Oracle, Value: Oracle ConnectionStrings) -> My universal Docker Image -> Oracle DB App Runner (Key: PostgreSQL, Value: PostgreSQL ConnectionStrings) -> My universal Docker Image -> PostgreSQL DB

How can to run forked barcode scanner code from github using (App runner)? I managed to connect AWS with my Github account after forking your code but with no luck receiving error in App runner (create service failed) How can i add screenshot attachments in re:post Do you mind making a 15 min zoom call to walk me through how to run the below code? https://blog.minhazav.dev/QR-and-barcode-scanner-using-html-and-javascript/

I have a containerised web application that supports HTTP2. When I run it on my PC, I can clearly see HTTP2 traffic between my web browser and that container. However, when I deploy the same container to AWS App Runner, I can see that only HTTP 1.1 is used. Does App Runner support HTTP 2? If not, will it be supported and when?

unexpected state 'CREATE_FAILED', wanted target 'RUNNING'. last error: %!s(<nil>) -> In terraform github actions steps id it : created ECR and attached the repos to AWS_APP_Runner and started to build the container all the steps finished successful through terraform but it show me this error? please do provide the solution for this

I've set up an App Runner service, which works fine. Currently for networking it's configured as public access, but I'd like to change this to a VPC so that I can connect the service to an RDS instance without having to open the database up to the world. When I change the networking config to use my default security group, the service is unable to access the Internet. Cloning a git repo from Bitbucket brings up the error: ``` ssh: Could not resolve hostname bitbucket.org: Try again ``` ... and trying to run `npm install` brings up: ``` npm ERR! network request to https://registry.npmjs.org/gulp failed, reason: connect ETIMEDOUT 104.16.24.35:443 ``` My security group has an outgoing rule allowing all traffic out to any destination. My RDS instance is in the same VPC/security group and I'm able to connect to this without issue (currently I've opened up port 3306 to the world). Everything else I've read from a bunch of Googling seems fine: route tables, internet gateways, firewall rules, etc. Any help would be much appreciated!

Hi, We're trying to use AppRunner and create a connection to github. I've created a connection via the API (terraform in particular), but when I try to complete it in the console, it just takes me to the screen to create a new connection, and doesn't let me complete the existing connection. How can I get completing connections to work?

Hello, folks please help in finding how to create a GitHub connection in cloud formation template for app runner. Actually, I want to deploy my application on apprunner from the github repo. I can find the option while creating the apprunner to connect to github. But my question is how to do that same thing in the cloudformation.

Hello, folks please help in finding how to create a GitHub connection in cloud formation template for app runner. Actually, I want to deploy my application on apprunner from the github repo. I can find the option while creating the apprunner to connect to github. But my question is how to do that same thing in the cloudformation.

Hello, folks please help in finding how to create a GitHub connection in cloud formation template for app runner. Actually, I want to deploy my application on apprunner from the github repo. I can find the option while creating the apprunner to connect to github. But my question is how to do that same thing in the cloudformation.

I'm trying to pass some environment variables to AppRunner on the command line. Here's my approximate command line: ``` aws apprunner create-service --service-name some_name --source-configuration '{"AuthenticationConfiguration": {...}, "ImageRepository": {"ImageIdentifier": "my-image:latest", "ImageConfiguration": { "Port": "8080", "RuntimeEnvironmentVariables": [ { "ITERATIONS": "2000"} ] }, "ImageRepositoryType": "ECR"}}' --region us-east-1 ``` When I call this, I get the following error: `Parameter validation failed: Invalid type for parameter SourceConfiguration.ImageRepository.ImageConfiguration.RuntimeEnvironmentVariables, value: [OrderedDict([('ITERATIONS', '2000')])], type: <class 'list'>, valid types: <class 'dict'>` Looking at the [create-service docs](https://docs.aws.amazon.com/cli/latest/reference/apprunner/create-service.html), I believe my usage is correct, so the OrderedDict error doesn't make too much sense. Can anyone spot something wrong with my CLI command, or anyone have an example of their use of the RuntimeEnvironmentVariables option?

I'm building a new application using Ruby on Rails connecting to a PostgreSQL database. Which AWS service should I use to host my application?

Hi Team, I requested for AWS certificate where i had mentioned one domain name which is a DNS name for my back end application. Now I want to add another URL to this certificate which is ELB hosted URL so that I can make back end https call using AWS ELB URl. Is it possible to edit the existing certificate? Note: when I used AWS URL for https connection I am getting err_cert_common_name_invalid.

1. Can you create a new an AppRunner service in a separate region from an ECR image? I read a bit about replication, but would like to get it working without additional complexity if possible. Does additional region introduce any additional permissions issues? Otherwise, here's my current setup: I have an AppRunner service running successfully in one region. I'm trying to spin up a service based off the same image in a second region, but I get problems similar to this [repost question](https://repost.aws/questions/QUGTq5l0sXT1S0wwlBMr8fAQ/cant-create-or-deploy-a-service-on-app-runner-since-it-cant-pull-a-private-ecr-image). Specifically, the service is created but goes into OPERATION_IN_PROGRESS for a while until it dies & goes to status "Create failed". Looking in deployment logs for event "Create service", I see: ``` 01-25-2022 01:58:36 PM [AppRunner] Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository. 01-25-2022 01:48:54 PM [AppRunner] Starting to pull your application image. ``` Following advice of the other re:Post question, I tried looking in Cloud Trail events originating from event source "ecr.amazonaws.com". I have tons of GetAuthorizationToken events, but looking at them doesn't give me much interesting information - they seem to pass & are using the role I expect them to. A bit about permissions - I'm using the default AppRunnerECRAccessRole which I created through the UI when creating an AWS service. I'm reusing it to try & create different services. It has a policy with this JSON: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:DescribeImages", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability" ], "Resource": "*" } ] } ``` Any additional debugging tips for this specific scenario? If there is more generic advice for question #1 I'll try to follow it. I would like to "create a new service with same image in a region distinct from the image's region" if possible atm (even if that is inefficient long-term).

I've noticed that App Runner instances can get into a weird state where they have no outbound connectivity (Not just DNS as mentioned in other questions, even a ping of 1.1.1.1 or a HTTP request to an AWS service such as DynamoDB fails) but still retains inbound connectivity. This seems to happen sometimes in a specific deployment scenario when using CloudFormation, but not always. **Scenario** - An App Runner service has been created via CloudFormation - The App Runner service has configured to auto-deploy from Elastic Container Registry - App Runner is configured with a status check which does not rely on outbound connectivity - Push a new container image to ECR (Or tag an existing image with a tag which will trigger the automatic deployment) - Immediately start a CloudFormation deployment (There don't have to be any changes to the AppRunner configuration) Sometimes this will cause App Runner to create an instance with no outbound connectivity. I've tested this with a .NET 6 container image but I suspect this will affect all images as even pings were failing. **Work-Around** - Disable auto-deployment of App Runner - Manually trigger a deployment of App Runner via the AWS API as part of the deployment pipeline, after the CloudFormation deployment This has worked every time for me to date.

Hello We have a problem with the App runner service. Sometime after deployment, we get: ``` 19:32:05 0|kultr | SequelizeConnectionError: getaddrinfo EAI_AGAIN xxxxxxxxxx.xxxxxxx.us-east-2.rds.amazonaws.com 19:34:17 1|kultr | Error: getaddrinfo EAI_AGAIN logs.us-east-2.amazonaws.com ``` After a couple of redeploying this problem is gone. Following https://github.com/nodejs/docker-node/issues/1030 node:12.13.0-alpine was changed to node:12.13.0-stretch but the problem still exists. Something similar was mentioned on this topic https://forums.aws.amazon.com/thread.jspa?threadID=346652&tstart=0 Could somebody advise how we could fix this error and make the service more stable? Thank you!

I've been successfully using App Runner to deploy a containerised microservice focused around uploading large files. The Docker container hosts a Gunicorn instance with a Flask web app. I've that for larger file uploads (which naturally take longer), App Runner will answer with an HTTP 503 response. This happens after 30 seconds so I'm assuming there is a built-in request timeout enforced by App Runner, probably by the SSL-terminating proxy or load balancer. Unfortunately, the App Runner documentation does not mention anything regarding request timeouts or maximum body sizes, so I can only guess. Before I change the upload to use a different mechanism (probably chunked upload), or move to a service with more control (Fargate?), I'd like to first confirm my suspicion. Also perhaps there is an undocumented way to work around this problem. And yes, I increased the timeout of the application's HTTP server (gunicorn) to 600 seconds and also tested it locally, so there is definitely something inside App Runner causing this behavior. Any help and/or pointers are greatly appreciated.

Any time my application tries to resolve a domain from within App Runner, it fails. For example, the Auth0 client fails with the following error: `requests.exceptions.ConnectionError: HTTPSConnectionPool(host=’<MY_AUTH0_ID_HERE>.us.auth0.com’, port=443): Max retries exceeded with url: /.well-known/jwks.json (Caused by NewConnectionError(’<urllib3.connection.HTTPSConnection object at 0x7fcfbf9b7eb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’)) 12-27-2021 03:35:30 PM raise ConnectionError(e, request=request)` I was experiencing the same issue calling another service running in App Runner. I don't see any VPC settings to configure. It sounds similar to the issue here: https://repost.aws/questions/QUnm9sWqVHTyKYX_UOKnpmHg/app-runner-and-rds. Thanks!

Hey! I'm having an issue with App Runner. When I'm trying to create a service with an image from a private ECR repository it fails because apparently it can't pull the image. Pulling images from public ECR works fine. When I try to create a service I choose to create the AppRunnerECRAccessRole for me. Then when it tries to deploy for the first time, it tries to pull the image. Then it does nothing for around 45 minutes. Then it fails with a message that it apparently can't pull the image. The error message is confusing since the role was created automatically and looking at the policy it looks fine to me. Both ECR repository and App Runner service are in the same region (eu-west-1). Deployment logs: 2021-11-21T14:02:26.613+01:00 Starting to pull your application image. 2021-11-21T14:42:09.236+01:00 Failed to pull your application image. Be sure you configure your service with a valid access role to your ECR repository. Event log: 11-21-2021 02:02:46 PM Successfully created pipeline for automatic deployments. 11-21-2021 02:02:26 PM Service status is set to OPERATION_IN_PROGRESS. 11-21-2021 02:02:26 PM Service creation started.

We have started using App Runner to run out container based application. Some of the services are just background jobs meaning there will be no incoming requests to those services specifically. According to the information on how App Runner scales I read this: > AWS App Runner monitors the number of concurrent requests sent to your application and automatically adds additional instances based on request volume. If your application receives no incoming requests, App Runner will scale the containers down to a provisioned instance, a **cpu throttled instance** ready that is ready to serve incoming requests within milliseconds. I understand that with the background process auto scaling will probably not work but we are ok with setting a minimum manually so that we have enough instances. What worries me though is the part that says a "cpu throttled instance". My question is: 1. Does the fact that the instance get CPU throttled mean that I will not get proper instances and App Runner is not capable of running a service that does not serve http requests? 2. Assuming question 1 is that the instances will work fine and not be throttled, is there an actual way to get auto scaling on such a service?

Hi I've tried starting up an app runner service using a custom Docker container, and it seems to be stuck. My log messages are as follows: **08-21-2021 10:51 PM \[AppRunner] Successfully created pipeline for automatic deployments.** **08-21-2021 10:51 PM \[AppRunner] Service status is set to OPERATION_IN_PROGRESS.** **08-21-2021 10:51 PM \[AppRunner] Service creation started.** Unfortunately, these were created 40 minutes ago at the time of writing and I can't see any update from here. I tried using the aws console to delete the running service, but I get the following error message: **An error occurred (InvalidStateException) when calling the DeleteService operation: Service cannot be deleted in the current state: OPERATION_IN_PROGRESS.** I can't do anything, e.g. update env variables, use the console to delete etc. Is there anything else I can do as it looks stuck. Has anyone else had this issue before? Simmy

I have a AppRunner "dev-xyz-webapp-apprunner" service which I updated (changed configuration) which triggered an update. Unfortunatelly, it failed so it rollbacked. But it has been rollbacking for almost 24 hours now so it seems to be stuck. I can't do anything through the AWS web console, no actions (pause, resume, delete) are available because status is "Operation in progress". I tried with AWS CLI (aws apprunner delete-service) and received the following error which is normal I suppose: An error occurred (InvalidStateException) when calling the DeleteService operation: Service cannot be deleted in the current state: OPERATION_IN_PROGRESS. I want to delete it, any suggestions?

I attempted to define a new App Runner web api service running on port 5000. The creation fails the health check step, but the failure message states port 8080 which is the default port number on the setup screen. Is it truly using port 8080 for the health check or is the error message string using the default port always? The event prior states health check will occur on port 5000. Log: 06-20-2021 09:34 PM \[AppRunner] Health check on port '8080' failed. Service is rolling back. Check your configured port number. For more information, read the service's logs. 06-20-2021 09:28 PM \[AppRunner] Performing health check on path '/' and port '5000'. 06-20-2021 09:28 PM \[AppRunner] Provisioning instance and deploying image. 06-20-2021 09:28 PM \[AppRunner] Successfully pulled image from ECR. 06-20-2021 09:25 PM \[AppRunner] Service status is set to OPERATION_IN_PROGRESS. 06-20-2021 09:25 PM \[AppRunner] Service creation started. Edited by: SamSan on Jun 24, 2021 7:57 AM