Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
AWS managed policies for AWS App Runner - AWS App Runner
Policy updates

AWS managed policies for AWS App Runner

PDF

An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.

For more information, see AWS managed policies in the IAM User Guide.

App Runner updates to AWS managed policies

View details about updates to AWS managed policies for App Runner since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the App Runner Document history page.

Change Description Date

AWSAppRunnerReadOnlyAccess – New policy

App Runner added a new policy to allow users to list and view details about App Runner resources.

 Feb 24, 2022

AWSAppRunnerFullAccess – Update to an existing policy

App Runner updated the resource list for the iam:CreateServiceLinkedRole action to allow creation of AWSServiceRoleForAppRunnerNetworking service-linked role.

 Feb 8, 2022

AppRunnerNetworkingServiceRolePolicy – New policy

App Runner added a new policy to allow App Runner to make calls to Amazon Virtual Private Cloud to attach a VPC to your App Runner service and manage network interfaces on behalf of App Runner services. The policy is used in the AWSServiceRoleForAppRunnerNetworking service-linked role.

 Feb 8, 2022

AWSAppRunnerFullAccess – New policy

App Runner added a new policy to allow users to perform all App Runner actions.

 Jan 10, 2022

AppRunnerServiceRolePolicy – New policy

App Runner added a new policy to allow App Runner to make calls to Amazon CloudWatch Logs and Amazon CloudWatch Events on behalf of App Runner services. The policy is used in the AWSServiceRoleForAppRunner service-linked role.

 Mar 1, 2021

AWSAppRunnerServicePolicyForECRAccess – New policy

App Runner added a new policy to allow App Runner to access Amazon Elastic Container Registry (Amazon ECR) images in your account.

 Mar 1, 2021

App Runner started tracking changes

App Runner started tracking changes for its AWS managed policies.

 Mar 1, 2021

Next topic:

Troubleshooting

Previous topic:

Networking role

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.