88
Terraform — Deploy docker image on AWS AppRunner from ECR Repository
In this article, we are talking about How we can deploy docker image from ECR Repository on AWS AppRunner service using terraform.
AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required.
Start with your source code or a container image. App Runner automatically builds and deploys the web application and load balances traffic with encryption.
App Runner also scales up or down automatically to meet your traffic needs. With App Runner, rather than thinking about servers or scaling, you have more time to focus on your applications.
AWS has put a lot of effort into making things easy for developers, especially for small-scale projects that don’t need beefy infrastructure. It has:
- Simple auto scaling: instances are started and stopped as demand changes, between configurable min and max limits.
- Load balancing: the service includes a transparent, non-configurable load balancer.
- SSL enabled: you get HTTPS endpoints for all your applications with AWS-managed certificates. You don’t need to issue or renew certificates.
- Build service: you can push your own images or let AWS build them for you from code.
- Persistent URLs: the service assigns randomly-generated URLs for each environment. You can optionally map them to domains of your own.
App Runner can run in two modes.
In build mode, AWS pulls code from GitHub and builds the application on every change.
In container mode, it deploys Docker-compatible images from public or private AWS ECR registries.
In this article we will using ECR public as well as private repository with App Runner deployment which mean we are using container mode
.
- We require AWS IAM API keys (access key and secret key) for creating and deleting permissions for all AWS resources.
- ECR Repository and docker image pushed on it.
- Terraform should be installed on the machine. If Terraform does not exist you can download and install it from here.
To build AWS App Runner, you need to meet the following versions:
- Terraform v0.12 or higher *Latest version of AWS provider (3.42.0) Configuring App Runner in the Terraform AWS Provider
This time I built it with the following version.
$ terraform version
Terraform v1.0.0
on linux_amd64
A Terraform module is a set of Terraform configuration files in a single directory. Even a simple configuration consisting of a single directory with one or more .tf files is a module. When you run Terraform commands directly from such a directory, it is considered the root module
- IAM Module
- IAM Role and policy
- AppRunner Module
- auto scaling configuration
- aws apprunner service
Set up an IAM role to build AWS App Runner.
The key build.apprunner.amazonaws.com
is tasks.apprunner.amazonaws.com
to specify and for the service to which AssumeRole is assigned .
After that, AWS has prepared a policy for App Runner, so attach it to the IAM role.
resource "aws_iam_role" "role" {
name = "test-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": [
"build.apprunner.amazonaws.com",
"tasks.apprunner.amazonaws.com"
]
},
"Effect": "Allow",
"Sid": ""
}
]
} EOF
}
resource "aws_iam_role_policy_attachment" "test-attach" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess"
}
Finally, create an App Runner resource in Terraform.
There are some App Runner related resources, but they are the main resources for actually creating App Runner aws_apprunner_service,
source_configuration
We have 2 ways to deploy App Runner with ECR repository.
- Deploy App Runner with ECR private repository
- Deploy App Runner with ECR public repository
resource "aws_apprunner_auto_scaling_configuration_version" "ngnix-apprunner-autoscaling" {
auto_scaling_configuration_name = "demo_auto_scalling"
max_concurrency = 100
max_size = 5
min_size = 1
tags = {
Name = "demo_auto_scalling"
}
}
resource "aws_apprunner_service" "ngnix-apprunner-service-ecr" {
service_name = "demo_apprunner"
source_configuration {
image_repository {
image_configuration {
port = "80"
}
image_identifier = "XXXXX.dkr.ecr.us-east-2.amazonaws.com/nginx-web:latest"
image_repository_type = "ECR"
}
authentication_configuration{
access_role_arn = aws_iam_role.role.arn
}
auto_deployments_enabled = true
}
auto_scaling_configuration_arn = aws_apprunner_auto_scaling_configuration_version.ngnix-apprunner-autoscaling.arn
health_check_configuration {
healthy_threshold = 1
interval = 10
path = "/"
protocol = "TCP"
timeout = 5
unhealthy_threshold = 5
}
tags = {
Name = "demo_apprunner"
}
}
Note: In this approach we don't need IAM role.
resource "aws_apprunner_auto_scaling_configuration_version" "ngnix-apprunner-autoscaling" {
auto_scaling_configuration_name = "demo_auto_scalling"
max_concurrency = 100
max_size = 5
min_size = 1
tags = {
Name = "demo_auto_scalling"
}
}
resource "aws_apprunner_service" "ngnix-apprunner-service-ecr-public" {
service_name = "demo_apprunner"
source_configuration {
image_repository {
image_configuration {
port = var.port
}
image_identifier = "public.ecr.aws/nginx/nginx:latest"
image_repository_type = "ECR_PUBLIC"
}
auto_deployments_enabled = false
}
auto_scaling_configuration_arn = aws_apprunner_auto_scaling_configuration_version.ngnix-apprunner-autoscaling.arn
health_check_configuration {
healthy_threshold = 1
interval = 10
path = "/"
protocol = "TCP"
timeout = 5
unhealthy_threshold = 5
}
tags = {
Name = "demo_apprunner"
}
}
I want to check the URL of the created App Runner as the execution result of the apply command, so output
set.
output "app_runner_url" {
value = aws_apprunner_service.example.service_url
}
After that, just run the following commands.
terraform init
terraform plan
terraform apply
it will take 2 to 3 minutes to complete the execution.
When the execution is completed, the URL will be displayed as shown below, so let’s access it.
app_runner_url = "xxxxx.us-east-2.awsapprunner.com/"
Thank you for reading, if you have anything to add please send a response or add a note!
88