Containers
Controlling and monitoring AWS App Runner applications with Amazon EventBridge
Many applications do not need to be available 24/7, such as those in development and QA environments. AWS App Runner supports this and allows applications to be paused, or deactivated, to lower costs when not in use. The applications can then be resumed or activated when they are needed. This blog post uses this example use case to demonstrate how App Runner applications can be controlled and monitored using Amazon EventBridge.
AWS App Runner is a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs at scale and with no prior infrastructure experience required. Amazon EventBridge allows you to create rules to schedule automated actions that self-trigger at certain times. It delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
Solution overview
The following diagram shows the high-level architecture created in this blog post. It includes an App Runner service, an AWS Lambda function to pause and resume the App Runner service, EventBridge rules to automatically invoke the function on a set schedule, and an Amazon Simple Notification Service (Amazon SNS) topic and EventBridge rule to automatically send email notifications when a successful or failed pause or resume event is detected.
You’ll perform the following steps to build this solution:
- Deploy a sample App Runner service.
- Deploy a Lambda function and EventBridge rules to pause and resume the App Runner service.
- Deploy an Amazon SNS topic and EventBridge rule to send notification emails.
Prerequisites
Before you get started, make sure you have the following prerequisites:
- An AWS account
- Access to the AWS Management Console
- Permissions to deploy CloudFormation stacks and create the resources in this post
Deploy a sample App Runner service
To get started, deploy an App Runner service using AWS CloudFormation. The CloudFormation template below pulls an example hello-app-runner application from an Amazon Elastic Container Registry (Amazon ECR) public repository and deploys it to an App Runner service.
Copy the following CloudFormation template to a text editor and save it to a file named app-runner-service.yaml.
AWSTemplateFormatVersion: '2010-09-09'
Description: >
Sample AWS App Runner application called 'hello-app-runner'.
Resources:
AppRunnerApplication:
Type: 'AWS::AppRunner::Service'
Properties:
ServiceName: 'hello-app-runner'
SourceConfiguration:
ImageRepository:
ImageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest'
ImageConfiguration:
Port: 8080
ImageRepositoryType: 'ECR_PUBLIC'
Outputs:
ServiceArn:
Description: The ARN of the sample App Runner application
Value: !GetAtt AppRunnerApplication.ServiceArn
ServiceName:
Description: The name of the sample App Runner application
Value: 'hello-app-runner'
ServiceUrl:
Description: The URL of the sample App Runner application
Value: !Sub 'https://${AppRunnerApplication.ServiceUrl}'
This template creates the following resources:
- AWS App Runner service
Follow these steps to deploy a CloudFormation stack from the template:
- Open the CloudFormation console in a Region that supports App Runner, for example, us-east-1.
- Choose Create stack, then select With new resources (standard).
- On the Create stack page, select Upload a template file.
- Select Choose file and choose your app-runner-service.yaml template file. Select Next.
- Provide a Stack name, for example, app-runner-service, and select Next.
- Choose Next on the Configure stack options page.
- Review the configuration options and choose Create stack. The stack deploys in approximately five minutes.
- Verify that the stack has a status of CREATE_COMPLETE.
- Choose Outputs.
- Copy the ServiceArn value to a text editor for use in the next step.
- Open the ServiceURL link in your web browser to verify that the hello-app-runner application is running.
Deploy a Lambda function and EventBridge rules to pause and resume the App Runner service
Next, set up automation to pause and resume your App Runner service on a set schedule. The CloudFormation template below deploys a Python Lambda function to pause and resume the service and EventBridge rules that will invoke the function at set times. It also creates a Lambda execution role (IAM role) to allow the function to pause and resume the App Runner service and Lambda permissions to allow the EventBridge rules to invoke the function.
EventBridge uses schedule expressions to schedule rules that trigger at set times. All EventBridge schedules are based on UTC time zone. This example defines schedule expressions to pause the App Runner service daily at 6pm UTC (cron(0 18 * * ? *)
) and resume it daily at 8am UTC (cron(0 8 * * ? *)
). The cron expressions are input as parameters in the CloudFormation template below and can be modified for your time zone. For example, EST time zone is five hours behind UTC (UTC-05:00). The cron expression for 6pm EST is cron(0 13 * * ? *)
and the cron expression for 8am EST is cron(0 3 * * ? *)
. For more information on creating your own schedules, see Creating an Amazon EventBridge rule that runs on a schedule.
Copy the following CloudFormation template to a text editor and save it to a file named app-runner-pause-resume.yaml:
AWSTemplateFormatVersion: '2010-09-09'
Description: >
AWS Lambda function and Amazon EventBridge rules to pause and resume an AWS App Runner
application on a set schedule.
Parameters:
AppRunnerServiceArn:
Type: String
Description: The ARN of the App Runner service
PauseSchedule:
Type: String
Default: 'cron(0 18 * * ? *)'
Description: The schedule expression for pausing the sample App Runner application
# For more information on scheduled expressions see:
# https://docs.thinkwithwp.com/AmazonCloudWatch/latest/events/ScheduledEvents.html
ResumeSchedule:
Type: String
Default: 'cron(0 8 * * ? *)'
Description: The schedule expression for resuming the sample App Runner application
# For more information on scheduled expressions see:
# https://docs.thinkwithwp.com/AmazonCloudWatch/latest/events/ScheduledEvents.html
Resources:
# AWS Lambda function to pause and resume the App Runner service
LambdaFunction:
Type: 'AWS::Lambda::Function'
Properties:
Runtime: 'python3.9'
Role: !GetAtt LambdaExecutionRole.Arn
Handler: 'index.handler'
Code:
ZipFile: |
import boto3
client = boto3.client('apprunner')
def handler(event, context):
service_arn = event['arn']
action = event['action']
if action == 'pause':
print(f'Pausing App Runner Service: {service_arn}')
response = client.pause_service(ServiceArn=service_arn)
elif action == 'resume':
print(f'Resuming App Runner Service: {service_arn}')
response = client.resume_service(ServiceArn=service_arn)
# AWS IAM role to allow the Lambda function to pause and resume the App Runner service and output logs to Amazon CloudWatch
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- 'lambda.amazonaws.com'
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Policies:
- PolicyName: 'PauseResumeAppRunnerPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'apprunner:PauseService'
- 'apprunner:ResumeService'
Resource: !Ref AppRunnerServiceArn
# Amazon EventBridge rule to pause the App Runner service on a set schedule
PauseEventBridgeRule:
Type: 'AWS::Events::Rule'
Properties:
Description: 'Pauses sample App Runner service'
ScheduleExpression: !Ref PauseSchedule
State: 'ENABLED'
Targets:
- Arn: !GetAtt LambdaFunction.Arn
Id: '1'
Input: !Sub '{"arn": "${AppRunnerServiceArn}","action": "pause"}'
# Amazon EventBridge rule to resume the App Runner service on a set schedule
ResumeEventBridgeRule:
Type: 'AWS::Events::Rule'
Properties:
Description: 'Resumes sample App Runner service'
ScheduleExpression: !Ref ResumeSchedule
State: 'ENABLED'
Targets:
- Arn: !GetAtt LambdaFunction.Arn
Id: '1'
Input: !Sub '{"arn": "${AppRunnerServiceArn}","action": "resume"}'
# AWS Lambda permissions to allow the pause rule to invoke the Lambda function
PauseLambdaPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref LambdaFunction
Principal: 'events.amazonaws.com'
SourceArn: !GetAtt PauseEventBridgeRule.Arn
# AWS Lambda permissions to allow the resume rule to invoke the Lambda function
ResumeLambdaPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref LambdaFunction
Principal: 'events.amazonaws.com'
SourceArn: !GetAtt ResumeEventBridgeRule.Arn
This template creates the following resources:
- Lambda function
- IAM role
- EventBridge rules
- Lambda permissions
Follow these steps to deploy a CloudFormation stack from this template:
- In the CloudFormation console, choose Create stack, then select With new resources (standard).
- On the Create stack page, select Upload a template file.
- Select Choose file and choose your app-runner-pause-resume.yaml template file. Select Next.
- Provide a Stack name, for example, app-runner-pause-resume, and select Next.
- Provide the required parameters for the CloudFormation template:
- The App Runner service ARN that was output from the app-runner-service CloudFormation stack.
- The schedule expression for the pause schedule.
- The schedule expression for the resume schedule.
- Select Next, then choose Next on the Configure stack options page.
- Review the configuration options, check I acknowledge that AWS CloudFormation might create IAM resources, and choose Create stack. The stack deploys in approximately three minutes.
- Verify that the stack has a status of CREATE_COMPLETE.
Congratulations! You’ve successfully configured the hello-app-runner App Runner service to be controlled by EventBridge. The application will be automatically paused every day at 18:00 UTC and automatically resumed at 08:00 UTC the following day. You can access the App Runner service URL after it is paused to verify that the service is no longer running. Visit the URL after the service is resumed to verify that it is running again.
Deploy an SNS topic and EventBridge rule to send notification emails
Next, add automated monitoring to send alert notifications when the App Runner service is paused or resumed. The CloudFormation template below deploys an SNS topic, subscribes your email address to the topic, and creates an EventBridge rule to publish notification messages to the topic. It also creates an SNS policy to allow EventBridge to publish messages to the topic.
The EventBridge rule will match any successful or failed pause or resume event from the hello-app-runner service and then publish the event details to the SNS topic. To create EventBridge rules that match other App Runner events, see Handling App Runner events in EventBridge for more options.
Copy the following CloudFormation template to a text editor and save it to a file named app-runner-notifications.yaml:
AWSTemplateFormatVersion: '2010-09-09'
Description: >
Amazon SNS topic and Amazon EventBridge rule to send email notifications for AWS App Runner events.
Parameters:
AppRunnerServiceName:
Type: String
Default: 'hello-app-runner'
Description: The name of the App Runner service
EmailAddress:
Type: String
Description: The email address to receive event notifications for the sample App Runner application
Resources:
# Amazon SNS topic for App Runner event notifications
SnsTopic:
Type: 'AWS::SNS::Topic'
# Amazon SNS policy to allow EventBridge to publish messages to the topic
SnsTopicPublishPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'sns:Publish'
Principal:
Service:
- events.amazonaws.com
Resource: !Ref SnsTopic
Topics:
- !Ref SnsTopic
# Subscribe email address to the SNS topic to receive notifications
SnsTopicEmailSubscription:
Type: 'AWS::SNS::Subscription'
Properties:
Endpoint: !Ref EmailAddress
Protocol: 'email'
TopicArn: !Ref SnsTopic
# Amazon EventBridge rule to publish messages to the topic on successful or failed pause or resume events
EventNotificationEventBridgeRule:
Type: 'AWS::Events::Rule'
Properties:
Description: 'Publishes SNS message on successful or failed pause or resume events for the sample App Runner service'
EventPattern:
source:
- 'aws.apprunner'
detail:
serviceName:
- !Ref AppRunnerServiceName
operationStatus:
- 'PauseServiceCompletedSuccessfully'
- 'PauseServiceFailed'
- 'ResumeServiceCompletedSuccessfully'
- 'ResumeServiceFailed'
State: 'ENABLED'
Targets:
- Arn: !Ref SnsTopic
Id: '1'
This template creates the following resources:
- SNS topic
- SNS policy
- SNS email subscription
- EventBridge rule
Follow these steps to deploy a CloudFormation stack from this template:
- In the CloudFormation console, choose Create stack, and then choose With new resources (standard).
- On the Create stack page, select Upload a template file.
- Select Choose file and choose your app-runner-notifications.yaml template file. Select Next.
- Provide a Stack name, for example, app-runner-notifications.
- Provide the required parameters for the CloudFormation template:
- The App Runner service name: hello-app-runner.
- The email address where you will receive email notifications.
- Select Next, then choose Next on the Configure stack options page.
- Review the configuration options and choose Create stack. The stack deploys in approximately two minutes.
- Verify that the stack has a status of CREATE_COMPLETE.
- Check your email inbox and click Confirm subscription in the subscription confirmation email from Amazon SNS.
Congratulations! You’ve now configured automated monitoring for the hello-app-runner App Runner service using SNS and EventBridge. You’ll receive an email notification whenever the App Runner service is successfully or unsuccessfully paused or resumed.
Cleaning up
After you’ve completed all the steps in this blog post, follow these steps to delete the resources that you’ve deployed to avoid incurring costs:
- In the CloudFormation console, choose Stacks.
- Select the app-runner-notifications stack, then choose Delete.
- Select the app-runner-pause-resume stack, then choose Delete.
- Select the app-runner-service stack, then choose Delete.
- Verify that all stacks have been deleted successfully.
Conclusion
Amazon EventBridge makes it easy to automatically control and monitor an AWS App Runner service. EventBridge can be combined with AWS Lambda to automatically control an App Runner service, such as pausing and resuming it on a set schedule. EventBridge can be combined with other AWS services to automatically react to App Runner events, such as using Amazon SNS to send email notifications when App Runner events occur.
This example project can be used as a starting point to build your own automated solution with App Runner and EventBridge. Visit the AWS App Runner documentation and Amazon EventBridge documentation for more information on using these services.