Add App Runner SCIM bridge example #316
Conversation
|
Making ready for review per internal discussions with requirement to upload to ECR per customer. |
- adjusted roles and policies - introduced access role for private ECR - removed redundant policies - removed unused network interface resources - refactored inline security group rules into separate ingress and egress rule resources - stricter egress rules for Redis (no egress required) - renamed several resource logical IDs - purpose-based names - consistency with ECS CFN template - ordinal suffix for all groups (e.g. `PublicSubnet` -> `PublicSubnet1`) - added descriptions to some resources - formatting - fewer quotation marks for readability - default to short form for intrinsic function calls Signed-off-by: Adam Pike <[email protected]>
|
Added some sweeping changes to the template in bf28001. Most do not change any functionality. One thing I forgot to include in the commit message was that I reordered the resources in a logical order for readability and clarity. We'll still need to account for pulling a specific image from ECR and may want to introduce a parameter to reference it in the AppRunnerService resource, and update the docs to include some steps about pushing our public image to a private registry, or consider if and how we might automate this as part of the template. |
I'm not thrilled with what the flow would look like (there's additional stuff that would have to be spun up in AWS [CodeBuild]). I think documenting how to pull/push the docker image to an ECR private is going to best. |
I've already got it worked out in a draft version of the template that also sets up a private ECR repo and a CodeBuild project that pulls from Docker Hub and pushes to the private ECR repo. It completes all these steps in a much shorter time than it takes just to deploy ElastiCache. Since an ECR image is required for App Runner, I'd prefer to include this functionality with the template, rather than leave it up to a customer to have to do before deployment. I'll share that in the next commit for consideration. :-) |
- include ECR repo & CodeBuild project resources to sync image from Docker Hub - replaced ElastiCache Redis with ECS service for lower cost and time to deploy - use sidecar (init) container in ECS service task to trigger CodeBuild - added scaling parameter and functionality - removed redundant VPC endpoint resource (no ingress to App Service) - added related roles and policies
This adds App Runner as an available deployment option in beta.
edit: reviewing to bring forward into beta, even with no public ECR image of 1Password SCIM Bridge.