1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
App Runner has Access roles and instance roles.
What you are setting is an access role, which is used to retrieve container images from ECR etc.
To access AWS services from an application inside a container, you need to create and attach an instance role.
The instance role trust policy looks like this:
https://docs.aws.amazon.com/apprunner/latest/dg/security_iam_service-with-iam.html#security_iam_service-with-iam-roles
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "tasks.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Relevant content
- asked a year ago
- asked 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
Thank you for the explanation. I created a new instance role, gave it policy
AmazonSNSFullAccess
and the instance role trust policy you showed, and I am now able to see it in the dropdown when creating a new service in app runner. My application can now access SNS.