If you are not familiar with AWS App Runner - It builds and deploys web applications automatically, load balances traffic with encryption, scales to meet your traffic needs, and allows for the configuration of how services are accessed and communicate with other AWS applications in a private Amazon VPC - it is designed to simplify the entire application lifecycle, from development to deployment.

Back in 2022 after the launch of VPC-integration for AWS App Runner, we decided to move one of our customer's NodeJS/Angular Web application to the service for experimental purposes. Before that we were running the application on EC2 and Application Load Balancer with DocumentDB for MongoDB as the primary database.

Fast forward two years, we are still running the application in the App Runner and it works as expected. Over the time, we have achieved almost 70% monthly cost savings primarily as we don't need to manage EC2 and Application Load Balancer together.

This is the baseline cost estimates for a small EC2 instance with Application Load Balancer. We did check the ECS + Fargate option, but it was too expensive compared to EC2 option.

We used Terraform for the deployment of this application, the screenshots used are just for the illustration of different features related to our use case.

Let's look at different configurations of the setup.

Resource Configuration and Auto Scaling

The application is a MEAN (MongoDB, ExpressJS, Angular and NodeJS) stack application and it's well written. It has complex features but most of those features are request-based.

The application is dependent on data from customer Postgres database that runs in their private environment and we connect to the Postgres database using AWS Site-to-Site VPN.

We have kept basic auto-scaling configuration and this is rarely spikes. Considering this setup is primarily a QA environment the overall request load is fairly consistent.

AWS App Runner also monitors the health of your web service by performing health checks. The default health check protocol is TCP. You can alternatively set the health check protocol to HTTP. App Runner sends health check HTTP requests to your web application.

VPC Connectivity

One of the basic requirement for us was the ability to connect to VPC-based MongoDB database in Amazon DocumentDB and using the Postgres database through AWS Site-to-Site VPN. Both of these requires the VPC integration and we can not rely on the public access on these resources. Even though the application is primarily meant for QA purposes, but the actual data is still critical and sensitive.

The incoming network traffic is for the App Runner service to be accessible over Internet. By default when you create an AWS App Runner service, the service is accessible over the internet. However, you can also make your App Runner service private and only accessible from within an Amazon Virtual Private Cloud (Amazon VPC).

Custom Domain and HTTPS

When you create an App Runner service, by default, App Runner allocates a domain name to your service. Almost every application requires a custom-domain and HTTPS integration. Our application is data-sensitive and we wanted to only use the secure channel for the endpoint. App Runner has simple and direct integration with Certificate Manager and enabling the custom domain is very easy.

When associating a custom domain to an App Runner service, you need to add the certificate validation and DNS target records to your DNS provider. App Runner validates the ownership of the domain name and makes your service accessible from the associated domain.

Releasing Changes

App Runner service can be created based on source code or through ECR image integration. In our case, we are using ECR integration as we use the same for production release as well.

We have AWS CodePipeline that is triggered through the AWS CodeCommit code push and builds a Docker image and push to the ECR repository.

Performance

Let's look at the requests and resource consumptions of last 3 months. As this is a business-centric application, primary usage is US day time across different time zones. The following metrics are hourly basis and we usually process average 100 requests per hour in the day time.

Summary

Overall, it does a fairly good job at such a low price point with a lot of features combined together. There are some obvious down sides of the service and if you are planning to use, please do check the feature set.

This is the App Runner service road map.

https://github.com/aws/apprunner-roadmap/projects/1

Many web applications do require Web Socket integration as well, but App Runner is not designed for the long-running persistent connections. Our application also requires Web Socket and we found another way to support that. Instead of using EC2 or Fargate we used the AppSync Generic Pub/Sub feature to simulate the Web Socket experience.

https://github.com/aws/apprunner-roadmap/issues/13