Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do * not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
Currently App Runner does not work with retrieving code from private CodeArtifact repositories during the build process. To access a pip repository on CodeArtifact, one must login via aws cli, which requires the right IAM credentials. However, App Runner uses a custom created role in the build process (which cannot access CodeArtifact) and not the provided IAM role.
To fix this issue, it should be possible to supply an IAM role/policy for the build process as well.
Describe alternatives you've considered
As an alternative, one could supply access keys for an IAM user with access to CodeArtifact, however this approach has security concerns and cannot be implemented via cloudformation.
Community Note
Tell us about your request Currently App Runner does not work with retrieving code from private CodeArtifact repositories during the build process. To access a pip repository on CodeArtifact, one must login via aws cli, which requires the right IAM credentials. However, App Runner uses a custom created role in the build process (which cannot access CodeArtifact) and not the provided IAM role. To fix this issue, it should be possible to supply an IAM role/policy for the build process as well.
Describe alternatives you've considered As an alternative, one could supply access keys for an IAM user with access to CodeArtifact, however this approach has security concerns and cannot be implemented via cloudformation.