# Using AWS App Runner with AWS Toolkit for Visual Studio Code
<a name="using-apprunner"></a>

[AWS App Runner](https://docs.aws.amazon.com/apprunner/latest/dg/what-is-apprunner.html) provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud. Using it, you don't need to learn new technologies, decide which compute service to use, or know how to provision and configure AWS resources.

You can use AWS App Runner to create and manage services based on a *source image* or *source code*. If you use a source image, you can choose a public or private container image that's stored in an image repository. App Runner supports the following image repository providers:
+ Amazon Elastic Container Registry (Amazon ECR): Stores private images in your AWS account.
+ Amazon Elastic Container Registry Public (Amazon ECR Public): Stores publicly readable images.

 If you choose the source code option, you can deploy from a source code repository that's maintained by a supported repository provider. Currently, App Runner supports [GitHub](https://github.com/) as a source code repository provider.

## Prerequisites
<a name="apprunner-prereqs"></a>

To interact with App Runner using the AWS Toolkit for Visual Studio Code requires the following:
+ An AWS account
+ A version of AWS Toolkit for Visual Studio Code that features AWS App Runner

 In addition to those core requirements, make sure that all relevant IAM users have permissions to interact with the App Runner service. Also you need to obtain specific information about your service source such as the container image URI or the connection to the GitHub repository. You need this information when creating your App Runner service.

### Configuring IAM permissions for App Runner
<a name="app-runner-permissions"></a>

The easiest way to grant the permissions that are required for App Runner is to attach an existing AWS managed policy to the relevant AWS Identity and Access Management (IAM) entity, specifically a user or group. App Runner provides two managed policies that you can attach to your IAM users:
+ `AWSAppRunnerFullAccess`: Allows users to perform all App Runner actions.
+ `AWSAppRunnerReadOnlyAccess`: Allow users to list and view details about App Runner resources. 

In addition, if you choose a private repository from the Amazon Elastic Container Registry (Amazon ECR) as the service source, you must create the following access role for your App Runner service:
+ `AWSAppRunnerServicePolicyForECRAccess`: Allows App Runner to access Amazon Elastic Container Registry (Amazon ECR) images in your account.

You can create this role automatically when configuring your service instance with VS Code's **Command Palette**.

**Note**  
The **AWSServiceRoleForAppRunner** service-linked role allows AWS App Runner to complete the following tasks:  
Push logs to Amazon CloudWatch Logs log groups.
Create Amazon CloudWatch Events rules to subscribe to Amazon Elastic Container Registry (Amazon ECR) image push.
You don't need to manually create the service-linked role. When you create an AWS App Runner in the AWS Management Console or by using API operations that are called by AWS Toolkit for Visual Studio Code, AWS App Runner creates this service-linked role for you. 

For more information, see [Identity and access management for App Runner](https://docs.aws.amazon.com/apprunner/latest/dg/security-iam.html) in the *AWS App Runner Developer Guide*.

### Obtaining service sources for App Runner
<a name="app-runner-sources"></a>

You can use AWS App Runner to deploy services from a source image or source code. 

------
#### [ Source image ]

If you're deploying from a source image, you can obtain a link to the repository for that image from a private or public AWS image registry. 
+ Amazon ECR private registry: Copy the URI for a private repository that uses the Amazon ECR console at [https://console.aws.amazon.com/ecr/repositories](https://console.aws.amazon.com/ecr/repositories). 
+ Amazon ECR public registry: Copy the URI for a public repository that uses the Amazon ECR Public Gallery at [https://gallery.ecr.aws/](https://gallery.ecr.aws).

**Note**  
You can also obtain the URI for a private Amazon ECR repository directly from **AWS Explorer** in Toolkit for VS Code:  
Open **AWS Explorer** and expand the **ECR** node to view the list of repositories for that AWS Region.
Right-click a repository and choose **Copy Repository URI** to copy the link to your clipboard.

You specify the URI for the image repository when configuring your service instance with VS Code's **Command Palette**

For more information, see [App Runner service based on a source image](https://docs.aws.amazon.com/apprunner/latest/dg/service-source-image.html) in the *AWS App Runner Developer Guide*.

------
#### [ Source code ]

For your source code to be deployed to an AWS App Runner service, that code must be stored in a Git repository that's maintained by a supported repository provider. App Runner supports one source code repository provider: [GitHub](https://github.com/).

For information about setting up a GitHub repository, see the [Getting started documentation](https://docs.github.com/en/github/getting-started-with-github) on GitHub.

To deploy your source code to an App Runner service from a GitHub repository, App Runner establishes a connection to GitHub. If your repository is private (that is, it isn't publicly accessible on GitHub), you must provide App Runner with connection details. 

**Important**  
To create GitHub connections, you must use the App Runner console ([https://console.aws.amazon.com/apprunner](https://console.aws.amazon.com/apprunner)) to create a connection that links GitHub to AWS. You can select the connections that are available on the **GitHub connections** page when configuring your service instance with VS Code's **Command Palette**.  
For more information, see [Managing App Runner connections](https://docs.aws.amazon.com/apprunner/latest/dg/manage-connections.html) in the *AWS App Runner Developer Guide*.

The App Runner service instance provides a managed runtime that allows your code to build and run. AWS App Runner currently supports the following runtimes:
+ Python managed runtime 
+ Node.js managed runtime

As part of your service configuration, you provide information about how the App Runner service builds and starts your service. You can enter this information using the **Command Palette** or specify a YAML-formatted [App Runner configuration file](https://docs.aws.amazon.com/apprunner/latest/dg/config-file.html). Values in this file instruct App Runner how to build and start your service, and provide runtime context. This includes relevant network settings and environment variables. The configuration file is named `apprunner.yaml`. It's automatically added to root directory of your application’s repository.

 

------

## Pricing
<a name="app-runner-pricing"></a>

You're charged for the compute and memory resources that your application uses. In addition, if you automate your deployments, you also pay a set monthly fee for each application that covers all automated deployments for that month. If you opt to deploy from source code, you additionally pay a build fee for the amount of time that it takes App Runner to build a container from your source code.

For more information, see [AWS App Runner Pricing](https://aws.amazon.com/apprunner/pricing/).

**Topics**
+ [Prerequisites](#apprunner-prereqs)
+ [Pricing](#app-runner-pricing)
+ [Creating App Runner services](creating-service-apprunner.md)
+ [Managing App Runner services](managing-service-apprunner.md)

# Creating App Runner services
<a name="creating-service-apprunner"></a>

You can create an App Runner service in Toolkit for VS Code by using the **AWS Explorer** and VS Code's **Command Palette**. After you choose to create a service in a specific AWS Region, numbered steps provided by the **Command Palette** guide you through the process of configuring the service instance where your application runs. 

Before creating an App Runner service, make sure that you've completed the [prerequisites](using-apprunner.md#apprunner-prereqs). This includes providing the relevant IAM permissions and confirming the specific source repository that you want to deploy.<a name="create-service"></a>

# To create an App Runner service
<a name="create-service"></a>

1. Open AWS Explorer, if it isn't already open.

1. Right-click the **App Runner** node and choose **Create Service**.

   The **Command Palette** displays.

1. For **Select a source code location type**, choose **ECR** or **Repository**. 

   If you choose **ECR**, you specify a container image in a repository maintained by Amazon Elastic Container Registry. If you choose **Repository**, you specify a source code repository that's maintained by a supported repository provider. Currently, App Runner supports [GitHub](https://github.com/) as a source code repository provider. 

## Deploying from ECR
<a name="deploying-from-ECR"></a>

1. For **Select or enter an image repository**, choose or enter the URL of the image repository that's maintained by your Amazon ECR private registry or the Amazon ECR Public Gallery.
**Note**  
If you specify a repository from the Amazon ECR Public Gallery, make sure that automatic deployments are turned off because App Runner doesn't support automatic deployments for an image in an ECR Public repository.  
Automatic deployments are switched off by default, and this is indicated when the icon on the **Command Palette** header features a diagonal line through it. If you chose to switch on automatic deployments, a message informs you that this option can incur additional costs. 

1. If the **Command Palette** step reports that **No tags found**, you need to go back a step to select a repository that contains a tagged container image.

1. If you're using an Amazon ECR private registry, you require the ECR access role, **AppRunnerECRAccessRole**, that allows App Runner to access Amazon Elastic Container Registry (Amazon ECR) images in your account. Choose the "\$1" icon on the **Command Palette** header to automatically create this role. (An access role isn't required if your image is stored in Amazon ECR Public, where images are publicly available.) 

1. For **Port**, enter the IP port that's used by the service (Port `8000`, for example).

1. For **Configure environment variables**, you can specify a file that contains environment variables that are used to customize behavior in your service instance. Or you can skip this step.

1. For **Name your service**, enter a unique name without spaces and press **Enter**.

1. For **Select instance configuration**, choose a combination of CPU units and memory in GB for your service instance.

   When your service is being created, its status changes from **Creating** to **Running**.

1.  After your service starts running, right-click it and choose **Copy Service URL**. 

1. To access your deployed application, paste the copied URL into the address bar of your web browser. 

## Deploying from a remote repository
<a name="deploying-from-repository"></a>

1.  For **Select a connection**, choose a connection that links GitHub to AWS. The connections that are available for selection are listed on the **GitHub connections** page on the App Runner console. 

1.  For **Select a remote GitHub repository**, choose or enter a URL for the remote repository.

    Remote repositories that are already configured with Visual Studio Code's source control management (SCM) are available for selection. You can also paste a link to the repository if it's not listed.

1. For **Select a branch**, choose which Git branch of your source code that you want to deploy.

1. For **Choose configuration source**, specify how you want to define your runtime configuration.

   If you choose **Use configuration file**, your service instance is configured by settings that are defined by the `apprunner.yaml` configuration file. This file is in the root directory of your application’s repository.

   If you choose **Configure all settings here**, use the **Command palette** to specify the following:
   + **Runtime**: Choose **Python 3** or **Nodejs 12**.
   + **Build command**: Enter the command to build your application in the runtime environment of your service instance.
   + **Start command**: Enter the command to start your application in the runtime environment of your service instance.

1. For **Port**, enter the IP port that's used by the service (Port `8000`, for example).

1. For **Configure environment variables**, you can specify a file that contains environment variables that are used to customize behavior in your service instance. Or you can skip this step.

1. For **Name your service**, enter a unique name without spaces and press **Enter**.

1. For **Select instance configuration**, choose a combination of CPU units and memory in GB for your service instance.

   When your service is being created, its status changes from **Creating** to **Running**.

1. After your service starts running, right-click it and choose **Copy Service URL**.

1. To access your deployed application, paste the copied URL into the address bar of your web browser.

**Note**  
If your attempt to create an App Runner service fails, the service shows a status of **Create failed** in **AWS Explorer**. For troubleshooting tips, see [When service creation fails](https://docs.aws.amazon.com/apprunner/latest/dg/manage-create.html#manage-create.failure) in the *App Runner Developer Guide*.

# Managing App Runner services
<a name="managing-service-apprunner"></a>

After creating an App Runner service, you can manage it by using the AWS Explorer pane to carry out the following activities:
+ [Pausing and resuming App Runner services](#pause-resume-apprunner)
+ [Deploying App Runner services](#deploying-apprunner)
+ [Viewing logs streams for App Runner](#viewing-logs-apprunner)
+ [Deleting App Runner services](#deleting-apprunner)

## Pausing and resuming App Runner services
<a name="pause-resume-apprunner"></a>

If you need to disable your web application temporarily and stop the code from running, you can pause your AWS App Runner service. App Runner reduces the compute capacity for the service to zero. When you're ready to run your application again, resume your App Runner service. App Runner provisions new compute capacity, deploys your application to it, and runs the application.

**Important**  
You're billed for App Runner only when it's running. Therefore, you can pause and resume your application as needed to manage costs. This is particularly helpful in development and testing scenarios.<a name="pause-app-runner"></a>

## To pause your App Runner service
<a name="pause-app-runner"></a>

1. Open AWS Explorer, if it isn't already open.

1. Expand **App Runner** to view the list of services.

1. Right-click your service and choose **Pause**.

1. In the dialog box that displays, choose **Confirm**.

   While the service is pausing, the service status changes from **Running** to **Pausing** and then to **Paused**.<a name="pause-app-runner"></a>

## To resume your App Runner service
<a name="pause-app-runner"></a>

1. Open AWS Explorer, if it isn't already open.

1. Expand **App Runner** to view the list of services.

1. Right-click your service and choose **Resume**.

   While the service is resuming, the service status changes from **Resuming** to **Running**.

## Deploying App Runner services
<a name="deploying-apprunner"></a>

If you choose the manual deployment option for your service, you need to explicitly initiate each deployment to your service. <a name="deploy-app-runner"></a>

1. Open AWS Explorer, if it isn't already open.

1. Expand **App Runner** to view the list of services.

1. Right-click your service and choose **Start Deployment**.

1. While your application is being deployed, the service status changes from **Deploying** to **Running**.

1. To confirm that your application is successfully deployed, right-click the same service and choose **Copy Service URL**.

1. To access your deployed web application, paste the copied URL into the address bar of your web browser.

## Viewing logs streams for App Runner
<a name="viewing-logs-apprunner"></a>

Use CloudWatch Logs to monitor, store, and access your log streams for services such as App Runner. A log stream is a sequence of log events that share the same source. <a name="view-logs-apprunner"></a>

1. Expand **App Runner** to view the list of service instances.

1. Expand a specific service instance to view the list of log groups. (A log group is a group of log streams that share the same retention, monitoring, and access control settings.) 

1. Right-click a log group and choose **View Log Streams**.

1. From the **Command Palette**, choose a log stream from the group.

   The VS Code editor displays the list of log events that make up the stream. You can choose to load older or newer events into the editor. 

## Deleting App Runner services
<a name="deleting-apprunner"></a>

**Important**  
If you delete your App Runner service, it's permanently removed and your stored data is deleted. If you need to recreate the service, App Runner needs to fetch your source again and build it if it's a code repository. Your web application gets a new App Runner domain. <a name="delete-app-runner"></a>

1. Open AWS Explorer, if it isn't already open.

1. Expand **App Runner** to view the list of services.

1. Right-click a service and choose **Delete Service**.

1. In the **Command Palette**, enter *delete* and then press **Enter** to confirm.

   The deleted service displays the **Deleting** status, and then the service disappears from the list.