{ "$schema": "./aws-deploy-recipe-schema.json", "Id": "AspNetAppAppRunner", "Version": "1.0.2", "Name": "ASP.NET Core App to AWS App Runner", "DeploymentType": "CdkProject", "DeploymentBundle": "Container", "CdkProjectTemplate": "../CdkTemplates/AspNetAppAppRunner", "CdkProjectTemplateId": "netdeploy.AspNetAppAppRunner", "ShortDescription": "Deploys as Linux container image to a fully managed environment. Dockerfile will be automatically generated if needed.", "Description": "This ASP.NET Core application will be built as a container image on Linux and deployed to AWS App Runner, a fully managed service for web applications and APIs. If your project does not contain a Dockerfile, it will be automatically generated, otherwise an existing Dockerfile will be used. Recommended if you want to deploy your web application as a Linux container image on a fully managed environment.", "TargetService": "AWS App Runner", "TargetPlatform": "Linux", "DisplayedResources": [ { "LogicalId": "RecipeAppRunnerServiceDA9A12DF", "Description": "Application Endpoint" } ], "RecipePriority": 105, "RecommendationRules": [ { "Tests": [ { "Type": "MSProjectSdkAttribute", "Condition": { "Value": "Microsoft.NET.Sdk.Web" } }, { "Type": "MSProperty", "Condition": { "PropertyName": "TargetFramework", "AllowedValues": [ "netcoreapp3.1", "net5.0", "net6.0", "net7.0" ] } } ] }, { "Tests": [ { "Type": "MSPropertyExists", "Condition": { "PropertyName": "AWSProjectType" } } ], "Effect": { "Pass": { "Include": false }, "Fail": { "Include": true } } } ], "Categories": [ { "Id": "General", "DisplayName": "General", "Order": 10 }, { "Id": "Compute", "DisplayName": "Compute", "Order": 20 }, { "Id": "Health", "DisplayName": "Health", "Order": 30 }, { "Id": "Permissions", "DisplayName": "Permissions", "Order": 40 }, { "Id": "VPC", "DisplayName": "VPC", "Order": 50 }, { "Id": "EnvVariables", "DisplayName": "Environment Variables", "Order": 60 } ], "Validators": [ { "ValidatorType": "ValidDockerfilePath" } ], "OptionSettings": [ { "Id": "ServiceName", "Name": "Service Name", "Category": "General", "Description": "The name of the AWS App Runner service.", "Type": "String", "TypeHint": "AppRunnerService", "AdvancedSetting": false, "Updatable": false, "DefaultValue": "{StackName}-service", "Validators": [ { "ValidatorType": "Regex", "Configuration": { "Regex": "^([A-Za-z0-9][A-Za-z0-9_-]{3,39})$", "ValidationFailedMessage": "Invalid service name. The service name must be between 4 and 40 characters in length and can contain uppercase and lowercase letters, numbers, hyphen(-) and underscore(_). It must start with a letter or a number." } } ] }, { "Id": "Port", "Name": "Port", "Category": "General", "Description": "The port the container is listening for requests on.", "Type": "Int", "DefaultValue": 80, "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Range", "Configuration": { "Min": 0, "Max": 51200 } } ] }, { "Id": "StartCommand", "Name": "Start Command", "Category": "General", "Description": "Override the start command from the image's default start command.", "Type": "String", "AdvancedSetting": true, "Updatable": true }, { "Id": "ApplicationIAMRole", "Name": "Application IAM Role", "Category": "Permissions", "Description": "The Identity and Access Management (IAM) role that provides AWS credentials to the application to access AWS services.", "Type": "Object", "TypeHint": "IAMRole", "TypeHintData": { "ServicePrincipal": "tasks.apprunner.amazonaws.com" }, "AdvancedSetting": false, "Updatable": true, "ChildOptionSettings": [ { "Id": "CreateNew", "Name": "Create New Role", "Description": "Do you want to create a new role?", "Type": "Bool", "DefaultValue": true, "AdvancedSetting": false, "Updatable": true }, { "Id": "RoleArn", "Name": "Existing Role ARN", "Description": "The ARN of the existing role to use.", "Type": "String", "TypeHint": "ExistingIAMRole", "TypeHintData": { "ServicePrincipal": "tasks.apprunner.amazonaws.com" }, "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Regex", "Configuration": { "Regex": "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::[0-9]{12}:(role|role/service-role)/[\\w+=,.@\\-/]{1,1000}", "ValidationFailedMessage": "Invalid IAM Role ARN. The ARN should contain the arn:[PARTITION]:iam namespace, followed by the account ID, and then the resource path. For example - arn:aws:iam::123456789012:role/S3Access is a valid IAM Role ARN. For more information visit https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-authenticationconfiguration.html" } } ], "DependsOn": [ { "Id": "ApplicationIAMRole.CreateNew", "Value": false } ] } ] }, { "Id": "ServiceAccessIAMRole", "Name": "Service Access IAM Role", "Category": "Permissions", "Description": "The Identity and Access Management (IAM) role that provides gives the AWS App Runner service access to pull the container image from ECR.", "Type": "Object", "TypeHint": "IAMRole", "TypeHintData": { "ServicePrincipal": "build.apprunner.amazonaws.com" }, "AdvancedSetting": true, "Updatable": true, "ChildOptionSettings": [ { "Id": "CreateNew", "Name": "Create New Role", "Description": "Do you want to create a new role?", "Type": "Bool", "DefaultValue": true, "AdvancedSetting": false, "Updatable": true }, { "Id": "RoleArn", "Name": "Existing Role ARN", "Description": "The ARN of the existing role to use.", "Type": "String", "TypeHint": "ExistingIAMRole", "TypeHintData": { "ServicePrincipal": "build.apprunner.amazonaws.com" }, "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Regex", "Configuration": { "Regex": "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::[0-9]{12}:(role|role/service-role)/[\\w+=,.@\\-/]{1,1000}", "ValidationFailedMessage": "Invalid IAM Role ARN. The ARN should contain the arn:[PARTITION]:iam namespace, followed by the account ID, and then the resource path. For example - arn:aws:iam::123456789012:role/S3Access is a valid IAM Role ARN. For more information visit https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-authenticationconfiguration.html" } } ], "DependsOn": [ { "Id": "ServiceAccessIAMRole.CreateNew", "Value": false } ] } ] }, { "Id": "Cpu", "Name": "CPU", "Category": "Compute", "Description": "The number of CPU units reserved for each instance of your App Runner service.", "Type": "String", "AdvancedSetting": false, "Updatable": true, "DefaultValue": "1024", "AllowedValues": [ "1024", "2048" ], "ValueMapping": { "1024": "1 vCPU", "2048": "2 vCPU" } }, { "Id": "Memory", "Name": "Memory", "Category": "Compute", "Description": "The amount of memory reserved for each instance of your App Runner service.", "Type": "String", "AdvancedSetting": false, "Updatable": true, "DefaultValue": "2048", "AllowedValues": [ "2048", "3072", "4096" ], "ValueMapping": { "2048": "2 GB", "3072": "3 GB", "4096": "4 GB" } }, { "Id": "EncryptionKmsKey", "Name": "Encryption KMS Key", "Category": "Permissions", "Description": "The ARN of the KMS key that's used for encryption of application logs.", "Type": "String", "AdvancedSetting": true, "Updatable": false, "Validators": [ { "ValidatorType": "Regex", "Configuration": { "Regex": "arn:aws(-[\\w]+)*:kms:[a-z\\-]+-[0-9]{1}:[0-9]{12}:key/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", "AllowEmptyString": true, "ValidationFailedMessage": "Invalid KMS key ARN. The ARN should contain the arn:[PARTITION]:kms namespace, followed by the region, account ID, and then the key-id. For example - arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab is a valid KMS key ARN. For more information visit https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apprunner-service-encryptionconfiguration.html" } } ] }, { "Id": "HealthCheckProtocol", "Name": "Health Check Protocol", "Category": "Health", "Description": "The IP protocol that App Runner uses to perform health checks for your service.", "Type": "String", "DefaultValue": "TCP", "AdvancedSetting": true, "Updatable": true, "AllowedValues": [ "HTTP", "TCP" ] }, { "Id": "HealthCheckPath", "Name": "Health Check Path", "Category": "Health", "Description": "The URL that health check requests are sent to.", "Type": "String", "AdvancedSetting": true, "Updatable": true, "DependsOn": [ { "Id": "HealthCheckProtocol", "Value": "HTTP" } ] }, { "Id": "HealthCheckInterval", "Name": "Health Check Interval", "Category": "Health", "Description": "The time interval, in seconds, between health checks.", "Type": "Int", "DefaultValue": 5, "AdvancedSetting": true, "Updatable": true, "Validators": [ { "ValidatorType": "Range", "Configuration": { "Min": 1, "Max": 20 } } ] }, { "Id": "HealthCheckTimeout", "Name": "Health Check Timeout", "Category": "Health", "Description": "The time, in seconds, to wait for a health check response before deciding it failed.", "Type": "Int", "DefaultValue": 2, "AdvancedSetting": true, "Updatable": true, "Validators": [ { "ValidatorType": "Range", "Configuration": { "Min": 1, "Max": 20 } } ] }, { "Id": "HealthCheckHealthyThreshold", "Name": "Health Check Healthy Threshold", "Category": "Health", "Description": "The number of consecutive checks that must succeed before App Runner decides that the service is healthy.", "Type": "Int", "DefaultValue": 3, "AdvancedSetting": true, "Updatable": true, "Validators": [ { "ValidatorType": "Range", "Configuration": { "Min": 1, "Max": 20 } } ] }, { "Id": "HealthCheckUnhealthyThreshold", "Name": "Health Check Unhealthy Threshold", "Category": "Health", "Description": "The number of consecutive checks that must fail before App Runner decides that the service is unhealthy.", "Type": "Int", "DefaultValue": 3, "AdvancedSetting": true, "Updatable": true, "Validators": [ { "ValidatorType": "Range", "Configuration": { "Min": 1, "Max": 20 } } ] }, { "Id": "VPCConnector", "Name": "VPC Connector", "Category": "VPC", "Description": "App Runner requires this resource when you want to associate your App Runner service to a custom Amazon Virtual Private Cloud (Amazon VPC).", "Type": "Object", "TypeHint": "VPCConnector", "AdvancedSetting": true, "Updatable": true, "ChildOptionSettings": [ { "Id": "UseVPCConnector", "Name": "Use VPC Connector", "Description": "Do you want to use a VPC Connector to connect to a VPC?", "Type": "Bool", "DefaultValue": false, "AdvancedSetting": false, "Updatable": true }, { "Id": "CreateNew", "Name": "Create New VPC Connector", "Description": "Do you want to create a new VPC Connector?", "Type": "Bool", "DefaultValue": false, "AdvancedSetting": false, "Updatable": true, "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true } ] }, { "Id": "VpcConnectorId", "Name": "Existing VPC Connector ID", "Description": "The ID of the existing VPC Connector to use.", "Type": "String", "TypeHint": "ExistingVpcConnector", "DefaultValue": null, "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Required" }, { "ValidatorType": "Regex", "Configuration": { "Regex": "arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):apprunner:\\w+(?:-\\w+)+:[0-9]{12}:vpcconnector/[\\w+=,.@\\-/]{1,1000}", "ValidationFailedMessage": "Invalid VPC Connector ARN. The ARN should contain the arn:[PARTITION]:apprunner namespace, followed by the AWS region and account ID, and then the resource path. For example - arn:aws:apprunner:us-west-2:123456789012:vpcconnector/RecipeVPCConnector is a valid VPC Connector ARN." } } ], "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true }, { "Id": "VPCConnector.CreateNew", "Value": false } ] }, { "Id": "CreateNewVpc", "Name": "Create New VPC", "Description": "Do you want to create a new VPC to use for the VPC Connector?", "Type": "Bool", "DefaultValue": "{HasNotVpcs}", "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "VpcExists", "Configuration": { "FailValue": false, "DefaultVpc": false, "ValueType": "Bool", "ValidationFailedMessage": "You must create a new VPC since there are no existing VPCs to be used." } } ], "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true }, { "Id": "VPCConnector.CreateNew", "Value": true } ] }, { "Id": "VpcId", "Name": "VPC ID", "Description": "A list of VPC IDs that App Runner should use when it associates your service with a custom Amazon VPC.", "Type": "String", "TypeHint": "ExistingVpc", "DefaultValue": "{DefaultVpcId}", "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Regex", "Configuration": { "Regex": "^vpc-([0-9a-f]{8}|[0-9a-f]{17})$", "ValidationFailedMessage": "Invalid VPC ID. The VPC ID must start with the \"vpc-\" prefix, followed by either 8 or 17 characters consisting of digits and letters(lower-case) from a to f. For example vpc-abc88de9 is a valid VPC ID." } } ], "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true }, { "Id": "VPCConnector.CreateNew", "Value": true }, { "Id": "VPCConnector.CreateNewVpc", "Value": false } ] }, { "Id": "Subnets", "Name": "Subnets", "Description": "A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify.", "Type": "List", "TypeHint": "ExistingSubnets", "ParentSettingId": "VPCConnector.VpcId", "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Required" }, { "ValidatorType": "Regex", "Configuration": { "Regex": "^subnet-([0-9a-f]{8}|[0-9a-f]{17})$", "ValidationFailedMessage": "Invalid Subnet ID. The Subnet ID must start with the \"subnet-\" prefix, followed by either 8 or 17 characters consisting of digits and letters(lower-case) from a to f. For example subnet-abc88de9 is a valid Subnet ID." } }, { "ValidatorType": "SubnetsInVpc", "Configuration": { "VpcId": "VPCConnector.VpcId" } } ], "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true }, { "Id": "VPCConnector.CreateNew", "Value": true }, { "Id": "VPCConnector.CreateNewVpc", "Value": false }, { "Id": "VPCConnector.VpcId", "Operation": "NotEmpty" } ] }, { "Id": "SecurityGroups", "Name": "Security Groups", "Description": "A list of IDs of security groups that App Runner should use for access to AWS resources under the specified subnets. If not specified, App Runner uses the default security group of the Amazon VPC. The default security group allows all outbound traffic.", "Type": "List", "TypeHint": "ExistingSecurityGroups", "ParentSettingId": "VPCConnector.VpcId", "AdvancedSetting": false, "Updatable": true, "Validators": [ { "ValidatorType": "Required" }, { "ValidatorType": "Regex", "Configuration": { "Regex": "^sg-([0-9a-f]{8}|[0-9a-f]{17})$", "ValidationFailedMessage": "Invalid Security Group ID. The Security Group ID must start with the \"sg-\" prefix, followed by either 8 or 17 characters consisting of digits and letters(lower-case) from a to f. For example sg-abc88de9 is a valid Security Group ID." } }, { "ValidatorType": "SecurityGroupsInVpc", "Configuration": { "VpcId": "VPCConnector.VpcId" } } ], "DependsOn": [ { "Id": "VPCConnector.UseVPCConnector", "Value": true }, { "Id": "VPCConnector.CreateNew", "Value": true }, { "Id": "VPCConnector.CreateNewVpc", "Value": false }, { "Id": "VPCConnector.VpcId", "Operation": "NotEmpty" } ] } ] }, { "Id": "AppRunnerEnvironmentVariables", "Name": "Environment Variables", "Category": "EnvVariables", "Description": "Configure environment properties for your application.", "Type": "KeyValue", "AdvancedSetting": false, "Updatable": true } ] }