Closed cwensel closed 4 months ago
Hi @cwensel,
Thank you for reaching out. Creating a "private" Service (one where isPubliclyAccessible
is set to false) will intentionally omit any ServiceUrl
from the Service response.
As you mentioned, you'll need to create a VpcIngressConnection in order to reach the Service. This should not yield any errors from a missing ServiceUrl
. Could you share more about where you see your error?
The VpcIngressConnection resource will then contain a DomainName
with which you can access your private Service.
You may also optionally associate a Custom Domain with the Service which will contain VpcDNSTargets
.
@ThomasFahrner-Amazon thanks for the quick feedback.
I'll follow up on your references.
Quick note, via the CDK, if I set isPubliclyAccessible
false (via L1 constructs), the AppRunner deploy fails with the above error.
I originally attributed the failure to my creating a custom VPC Ingress Connection, but after commenting that out, the stack still failed to deploy.
To summarize my new findings, simply creating a "private" AppRunner instance fails on deploy with Attribute 'ServiceUrl' does not exist.
Sorry, the CloudFormation logs may have led me astray.. There is an Output construct that references the URL, removing this and re-testing.
Yeah, that was it..
an Output Construct was attempting to export the URL, which (per your comments) doesn't exist by design.
Sorry for the fire-drill, and thanks for the additional references!
Awesome, no problem.
When attempting to create a VPC Ingress Connection for an Interface VPC Endpoint, it is required the AppRunner instance have isPubliclyAccessible set to
false
on the Network Configuration.But a domain name is never allocated to the new instance after startup (aws console shows a
_
link).This prevents the VPC Ingress Connection from being created with the following error:
Attribute 'ServiceUrl' does not exist.
It is presumed creating a VPC Ingress Connection for a VPC Endpoint is the only way to have another AppRunner access an AppRunner instance (e.g via REST). If there is an alternative, please advise.
FWIW, CloudFormation is missing the ability to attach a Custom Domain, so this path hasn't been attempted.