Need integrated authentication of incoming requests

[pprahlad]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do * not help prioritize the request If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request What do you want us to build?

As a web application developer, I need to integrate with identity providers to ensure incoming requests are authenticated. I would prefer if this was available within AppRunner so only authenticated requests make it to your service.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

I will have to build in auth into the app, which is not a normal pattern - I prefer to keep application logic within the app code itself.

Additional context Anything else we should know?

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)

[amitgupta85]

Currently we don't natively support integrated authentication of incoming requests in App Runner. However, other than building authentication into the app, there is another workaround to put API Gateway in front of an App Runner service and do the authentication at API Gateway. I have added couple ways to do that here - https://github.com/aws/apprunner-roadmap/issues/13#issuecomment-1328474075. This is not a native App Runner solution however allows to do authentication at API Gateway and not build authentication into the application code.