AWS App Runner Update: This release adds support of securely referencing secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding them as environment secrets in your App Runner service.

Author: AWS

.changes/next-release/feature-AWSAppRunner-1405742.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS App Runner",
+    "contributor": "",
+    "description": "This release adds support of securely referencing secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding them as environment secrets in your App Runner service."
+}

services/apprunner/src/main/resources/codegen-resources/endpoint-rule-set.json

@@ -3,7 +3,7 @@
     "parameters": {
         "Region": {
             "builtIn": "AWS::Region",
-            "required": false,
+            "required": true,
             "documentation": "The AWS region used to dispatch the request.",
             "type": "String"
         },

services/apprunner/src/main/resources/codegen-resources/endpoint-tests.json

@@ -8,9 +8,9 @@
                 }
             },
             "params": {
+                "Region": "us-west-2",
                 "UseFIPS": true,
-                "UseDualStack": true,
-                "Region": "us-west-2"
+                "UseDualStack": true
             }
         },
         {
@@ -21,9 +21,9 @@
                 }
             },
             "params": {
+                "Region": "us-west-2",
                 "UseFIPS": true,
-                "UseDualStack": false,
-                "Region": "us-west-2"
+                "UseDualStack": false
             }
         },
         {
@@ -34,9 +34,9 @@
                 }
             },
             "params": {
+                "Region": "us-west-2",
                 "UseFIPS": false,
-                "UseDualStack": true,
-                "Region": "us-west-2"
+                "UseDualStack": true
             }
         },
         {
@@ -47,9 +47,9 @@
                 }
             },
             "params": {
+                "Region": "us-west-2",
                 "UseFIPS": false,
-                "UseDualStack": false,
-                "Region": "us-west-2"
+                "UseDualStack": false
             }
         },
         {
@@ -60,9 +60,9 @@
                 }
             },
             "params": {
+                "Region": "eu-west-1",
                 "UseFIPS": true,
-                "UseDualStack": true,
-                "Region": "eu-west-1"
+                "UseDualStack": true
             }
         },
         {
@@ -73,9 +73,9 @@
                 }
             },
             "params": {
+                "Region": "eu-west-1",
                 "UseFIPS": true,
-                "UseDualStack": false,
-                "Region": "eu-west-1"
+                "UseDualStack": false
             }
         },
         {
@@ -86,9 +86,9 @@
                 }
             },
             "params": {
+                "Region": "eu-west-1",
                 "UseFIPS": false,
-                "UseDualStack": true,
-                "Region": "eu-west-1"
+                "UseDualStack": true
             }
         },
         {
@@ -99,9 +99,9 @@
                 }
             },
             "params": {
+                "Region": "eu-west-1",
                 "UseFIPS": false,
-                "UseDualStack": false,
-                "Region": "eu-west-1"
+                "UseDualStack": false
             }
         },
         {
@@ -112,9 +112,9 @@
                 }
             },
             "params": {
+                "Region": "ap-northeast-1",
                 "UseFIPS": true,
-                "UseDualStack": true,
-                "Region": "ap-northeast-1"
+                "UseDualStack": true
             }
         },
         {
@@ -125,9 +125,9 @@
                 }
             },
             "params": {
+                "Region": "ap-northeast-1",
                 "UseFIPS": true,
-                "UseDualStack": false,
-                "Region": "ap-northeast-1"
+                "UseDualStack": false
             }
         },
         {
@@ -138,9 +138,9 @@
                 }
             },
             "params": {
+                "Region": "ap-northeast-1",
                 "UseFIPS": false,
-                "UseDualStack": true,
-                "Region": "ap-northeast-1"
+                "UseDualStack": true
             }
         },
         {
@@ -151,9 +151,9 @@
                 }
             },
             "params": {
+                "Region": "ap-northeast-1",
                 "UseFIPS": false,
-                "UseDualStack": false,
-                "Region": "ap-northeast-1"
+                "UseDualStack": false
             }
         },
         {
@@ -164,9 +164,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": true,
-                "UseDualStack": true,
-                "Region": "us-east-1"
+                "UseDualStack": true
             }
         },
         {
@@ -177,9 +177,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": true,
-                "UseDualStack": false,
-                "Region": "us-east-1"
+                "UseDualStack": false
             }
         },
         {
@@ -190,9 +190,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": false,
-                "UseDualStack": true,
-                "Region": "us-east-1"
+                "UseDualStack": true
             }
         },
         {
@@ -203,9 +203,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": false,
-                "UseDualStack": false,
-                "Region": "us-east-1"
+                "UseDualStack": false
             }
         },
         {
@@ -216,9 +216,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-2",
                 "UseFIPS": true,
-                "UseDualStack": true,
-                "Region": "us-east-2"
+                "UseDualStack": true
             }
         },
         {
@@ -229,9 +229,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-2",
                 "UseFIPS": true,
-                "UseDualStack": false,
-                "Region": "us-east-2"
+                "UseDualStack": false
             }
         },
         {
@@ -242,9 +242,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-2",
                 "UseFIPS": false,
-                "UseDualStack": true,
-                "Region": "us-east-2"
+                "UseDualStack": true
             }
         },
         {
@@ -255,9 +255,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-2",
                 "UseFIPS": false,
-                "UseDualStack": false,
-                "Region": "us-east-2"
+                "UseDualStack": false
             }
         },
         {
@@ -268,9 +268,9 @@
                 }
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": false,
                 "UseDualStack": false,
-                "Region": "us-east-1",
                 "Endpoint": "https://example.com"
             }
         },
@@ -280,9 +280,9 @@
                 "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": true,
                 "UseDualStack": false,
-                "Region": "us-east-1",
                 "Endpoint": "https://example.com"
             }
         },
@@ -292,9 +292,9 @@
                 "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
             },
             "params": {
+                "Region": "us-east-1",
                 "UseFIPS": false,
                 "UseDualStack": true,
-                "Region": "us-east-1",
                 "Endpoint": "https://example.com"
             }
         }

services/apprunner/src/main/resources/codegen-resources/service-2.json

@@ -786,7 +786,11 @@
         },
         "RuntimeEnvironmentVariables":{
           "shape":"RuntimeEnvironmentVariables",
-          "documentation":"<p>The environment variables that are available to your running App Runner service. An array of key-value pairs. Keys with a prefix of <code>AWSAPPRUNNER</code> are reserved for system use and aren't valid.</p>"
+          "documentation":"<p>The environment variables that are available to your running App Runner service. An array of key-value pairs.</p>"
+        },
+        "RuntimeEnvironmentSecrets":{
+          "shape":"RuntimeEnvironmentSecrets",
+          "documentation":"<p>An array of key-value pairs representing the secrets and parameters that get referenced to your service as an environment variable. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.</p> <note> <ul> <li> <p> If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Amazon Web Services Region as the service that you're launching, you can use either the full ARN or name of the secret. If the parameter exists in a different Region, then the full ARN must be specified. </p> </li> <li> <p> Currently, cross account referencing of Amazon Web Services Systems Manager Parameter Store parameter is not supported. </p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Describes the basic configuration needed for building and running an App Runner service. This type doesn't support the full set of possible configuration options. Fur full configuration capabilities, use a <code>apprunner.yaml</code> file in the source code repository.</p>"
@@ -1606,7 +1610,7 @@
       "members":{
         "RuntimeEnvironmentVariables":{
           "shape":"RuntimeEnvironmentVariables",
-          "documentation":"<p>Environment variables that are available to your running App Runner service. An array of key-value pairs. Keys with a prefix of <code>AWSAPPRUNNER</code> are reserved for system use and aren't valid.</p>"
+          "documentation":"<p>Environment variables that are available to your running App Runner service. An array of key-value pairs.</p>"
         },
         "StartCommand":{
           "shape":"StartCommand",
@@ -1615,6 +1619,10 @@
         "Port":{
           "shape":"String",
           "documentation":"<p>The port that your application listens to in the container.</p> <p>Default: <code>8080</code> </p>"
+        },
+        "RuntimeEnvironmentSecrets":{
+          "shape":"RuntimeEnvironmentSecrets",
+          "documentation":"<p>An array of key-value pairs representing the secrets and parameters that get referenced to your service as an environment variable. The supported values are either the full Amazon Resource Name (ARN) of the Secrets Manager secret or the full ARN of the parameter in the Amazon Web Services Systems Manager Parameter Store.</p> <note> <ul> <li> <p> If the Amazon Web Services Systems Manager Parameter Store parameter exists in the same Amazon Web Services Region as the service that you're launching, you can use either the full ARN or name of the secret. If the parameter exists in a different Region, then the full ARN must be specified. </p> </li> <li> <p> Currently, cross account referencing of Amazon Web Services Systems Manager Parameter Store parameter is not supported. </p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Describes the configuration that App Runner uses to run an App Runner service using an image pulled from a source image repository.</p>"
@@ -2229,6 +2237,23 @@
         "RUBY_31"
       ]
     },
+    "RuntimeEnvironmentSecrets":{
+      "type":"map",
+      "key":{"shape":"RuntimeEnvironmentSecretsName"},
+      "value":{"shape":"RuntimeEnvironmentSecretsValue"}
+    },
+    "RuntimeEnvironmentSecretsName":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "sensitive":true
+    },
+    "RuntimeEnvironmentSecretsValue":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "sensitive":true
+    },
     "RuntimeEnvironmentVariables":{
       "type":"map",
       "key":{"shape":"RuntimeEnvironmentVariablesKey"},