App Runner: Container access to AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

Question

Hi,

I have an app runner instance with NodeJS14 + Strapi from a container, for some of the plugins I'm using they require an access key id, secret access key. How do I handle this situation? it doesn't look like they are set as environment variables by default?

Thanks.

Answer

Hello,

You will need to provide an **Instance Role** during the App Runner service creation. The instance role is an optional role that App Runner uses to provide permissions to AWS API actions that your App Runner service would like to make.

Before creating the App Runner service, create an IAM role with the required custom or managed IAM policies and attach the below trust relationship to it.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "tasks.apprunner.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
```

After the IAM role is created and the trust-relationship added, specify this IAM role as the Instance Role during the AppRunner service creation. Please refer this [document](https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more info on how to use the App Runner Instance Role.

If you are using the [AWS SDK](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/getting-started-nodejs.html) to perform AWS API calls, the SDK will use the credentials provided by your Instance Role and perform the required AWS API calls.

App Runner: Container access to AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

相关内容