aws-apprunner: support private access from VPC

[sgrilux]

Describe the feature

App Runner now supports privately accessible services within VPC

https://aws.amazon.com/about-aws/whats-new/2022/11/aws-app-runner-supports-privately-accessible-services-amazon-vpc/

To reference the VPC interface endpoint it's needed:

• ingressConfiguration property in NetworkConfigurationProperty. At the moment there is only egressConfiguration. (https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apprunner.CfnService.NetworkConfigurationProperty.html)
• VP Ingress Connection for App Runner to associate it with the VPC interface endpoint

Use Case

I have an app running on App Runner and I need it to be available only via VPC and not publicly accessible.

Cloudformation already supports this.

Proposed Solution

No response

Other Information

Here details how it's implemented using CLI

https://docs.aws.amazon.com/apprunner/latest/dg/network-pl-manage.html

Acknowledgements

• [ ] I may be able to implement this feature request
• [ ] This feature might incur a breaking change

CDK version used

2.50.0

Environment details (OS name and version, etc.)

Linux

[pahud]

Thanks for the feature request and the details. This is an awesome feature from App Runner.

I am marking this issue as p2, which means that we are unable to work on this immediately, but we welcome pull requests from the community.

We use +1s to help prioritize our work, and are happy to revaluate this issue based on community feedback. You can reach out to the cdk.dev community on Slack to solicit support for reprioritization.

Check out our contributing guide if you're interested in contributing yourself - there's a low chance the team will be able to address this soon but we'd be happy to review a PR 🙂