App Runner
Purpose
AWS App Runner is a fully managed service that lets you deploy web applications and APIs directly from source code or container images, without managing servers, load balancers, or scaling groups.
It abstracts away ECS, ALB, and Fargate, automatically handling all of those under the hood.
Deployment Ordering
When you create an App Runner service, you typically go through four steps:
- Select Deployment Source
- Either a Container image (from Amazon ECR or public registry) or a Source code repository (from GitHub or CodeCommit)
- Configure settings
- Set CPU & memory allocation
- Configure environment variables, build settings, VPC access, auto scaling, health checks.
- Create & Deploy
- App Runner builds (if source code) > deploys > automatically creates HTTPS endpoint (via AWS-managed ALB)
- Access the Application
- Service is accessible via a public HTTPS URL (e.g., `https://<service-id>.<region>.awsapprunner.com`)
Core Characteristics
| Feature | Description |
| Auto Scaling | Scales automatically based on concurrent request load; no manual scaling groups needed. |
| Load Balancing | Built-in at the service level -- evenly distributes HTTP(S) requests among instances. |
| Encryption | Traffic uses TLS by default; environment variables and connections to VPC resources can use AWS KMS. |
| VPC Access | You can connect your service to a VPC (via a VPC connector) to securely reach internal databases, caches, or queues. |
| Integration Targets | Supports private access to RDS databases, ElastiCache, Amazon MQ/SQS, etc. |
| Deployment Options | Supports auto-deploy on every code/image change, or manual deployment. |
| Monitoring | Integrated with Amazon CloudWatch and AWS X-Ray for metrics and tracing. |
Networking
- By default, App Runner is publicly accessible.
- When configured with a VPC connector, outbound traffic can reach private subnets (for DBs, caches, queues, etc.)
- All inbound requests still go through AWS-managed secure endpoints (App Runner manages the ALB).
Positioning
| App runner | ECS | Lambda | |
| Abstraction Level | Highest (PaaS-style) | Mid (IaaS-level control) | Highest (function-level) |
| Startup Time | Seconds | Minutes | Milliseconds |
| Use Case | Web apps / APIs | Complex container orchestration | Event-driven compute |
Extended Launch (Regional Stability)
- Each App Runner service is tied to a specific AWS Region and remains stable there.
- App Runner currently doesn't support cross-Region deployments or blue/green across Regions; you redeploy per Region.
- ALB endpoint and VPC connector remain region-bound (not global).
ECS anywhere
A feature of Amazon ECS that allows you to run ECS tasks on any infrastructure -- including on-premises servers, or other clouds.
Essentially, your external hosts join your ECS cluster and are managed by ECS control plane in AWS.
Requirements
- Install ECS Agent and AWS Systems Manager (SSM) Agent on the external machine.
- Register the machine using `aws ecs register-external-instance`.
- After registration, it behaves like an ECS container instance (but not hosted in EC2)
Benefits
- Centralized ECS control plane
- Unified deployment (same task definitions)
- Managed hybrid workloads (on-prem + AWS)
- IAM-based access and CloudWatch integration
EKS anywhere
EKS Anywhere lets you run Kubernetes clusters on your own infrastructure (on-premise or other cloud)using the same EKS-compatible tooling.
It provides an installer + management system that uses EKS Distro (the same open-source Kubernetes distribution used by EKS).
EKS Distro (EKS-D)
- AWS's open-source distribution of Kubernetes used internally by Amazon EKS.
- Includes the same tested Kubernetes versions, patches, and binaries.
- Ensures consistent Kubernetes API behavior whether you run in AWS, on-prem, or another environment.
Use Cases
- Hybrid/multi-cloud consistency
- On-prem workloads needing Kubernetes but with AWS tooling (EKS console, eksctl, ECR)
- Regulatory / data sovereignty constraints.
'클라우드 > AWS' 카테고리의 다른 글
| [AWS] AWS VPN : IPsec 프로토콜과 Site-to-Site VPN (1) | 2026.01.13 |
|---|---|
| [AWS] IAM User/Role/Policy & Service Role (0) | 2025.11.11 |
| [AWS] ECS, ECR, EKS (0) | 2025.11.05 |
| [SAP] Amazon API Gateway - REST API (0) | 2025.09.08 |
| [AWS] Networking(VPC) (0) | 2024.08.31 |
