Posted On: Nov 1, 2022

AWS App Runner now supports private services which enables access to App Runner services from within an Amazon Virtual Private Cloud (VPC). App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without having to manage infrastructure. By default, App Runner services are accessible publicly over the internet. Now, with private services you can restrict network access to your internal websites, APIs, and applications to originate from within your VPC.

Private services in App Runner leverages AWS PrivateLink Interface VPC Endpoints, which provides highly available and scalable networking technology. You can specify which Amazon VPC you would like your App Runner service to be accessible in by passing an Interface VPC Endpoint. You can also add security groups, which act like a virtual firewall, to your Interface VPC Endpoints to further restrict network traffic. This also enables you to monitor your network traffic via VPC Flow logs.

You can create both the Interface VPC Endpoint and App Runner service in a single workflow using the App Runner console. By default, you get a domain name to access your App Runner service that can be customized based on your needs. To learn more about App Runner private services, see Networking section in the developer guide, feature deep dive blog post, and this blog post. To learn more about App Runner, see the AWS App Runner Developer Guide.