Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

AWS App Runner simplifies the deployment of web applications and APIs at scale, enabling developers to build, deploy, run, and monitor applications without the complexities of managing infrastructure. A common practice in such applications is to store sensitive information like URLs, API keys, usernames, and database secrets externally. As of today, App Runner now supports integration with AWS Secrets Manager and AWS Systems Manager (SSM) Parameter Store, allowing for secure configuration data management.

By externalizing configurations, developers enhance code reusability and adaptability. Instead of hardcoding sensitive data, applications can read configuration parameters and credentials at runtime from a secure, auditable system. This means you can modify variables dynamically without needing to rebuild your code. For instance, if database credentials are embedded directly into your application, any change in the database password would require you to alter the code, rebuild it, and redeploy. However, when using AWS Secrets Manager, changing the secret allows you to simply trigger a redeployment; the application retrieves the updated password as an environment variable upon restart.

With the new integration, App Runner enables access to secrets and configuration parameters stored in AWS Secrets Manager and SSM Parameter Store as environment variables. Let’s delve into how this works with a sample NodeJS application that interacts with an Amazon RDS database.

Externalizing Configuration with AWS App Runner

In our demonstration, we will create a NodeJS application for a fictional hotel, utilizing the Express web framework. The database credentials will be stored in AWS Secrets Manager, while configuration parameters will reside in SSM Parameter Store.

This integration allows for dynamic information changes without modifying code, enhancing security by keeping sensitive data hidden. Moreover, it provides audit logs for tracking data access.

Architecture Overview

The sample application serves as a website for our fictional hotel and connects to an RDS database. As part of the setup, we establish the database and related secrets in AWS Secrets Manager and configure environment variables for the application.

To follow along, you’ll need an AWS account and a GitHub account. You can access the sample application code here. This repository includes an AWS CloudFormation template that sets up the necessary environment, including a VPC, subnets, security groups, IAM roles, and an RDS database instance. A strong password is securely generated and stored in AWS Secrets Manager.

Log in to your AWS account, choose a region where AWS App Runner is available, and navigate to CloudFormation. Create a new stack using the provided template file (infra.yaml) from the cloned repository.

When prompted, provide a name for your stack, such as “apprunner-demo,” and input a value for “HotelName.” This value will be stored in AWS Parameter Store, and App Runner will dynamically access it during the application start-up.

After the stack is created, head to the Outputs tab to note the ARNs for your database credentials and hotel name, as these will be needed later when deploying the web application.

Deploying the Web Application

Next, go to the App Runner console and click on “Create an App Runner service.” Choose “Source code repository” for the repository type, select your GitHub repository, and specify the branch to use.

In the build settings, configure the runtime to NodeJS 16, set the build command to npm install, and the start command to npm start. Enter port 8080 and proceed.

On the service settings page, set the environment variable for the secret in AWS Secrets Manager and add another variable for the hotel name from SSM Parameter Store. These variables are referenced in the application’s source code files.

In the security section, select the AppRunnerHotelAppRole, and in the networking section, opt for Custom VPC. Choose the appropriate VPC Connector for database access. Don’t forget to enable tracing with AWS X-Ray for observability.

Finally, review your setup and click “Create & deploy.” Monitor the service status in the service dashboard; once it shows “Running,” you can access your application via the provided URL.

For further insights on effective leadership strategies, check out this resource on leadership books. Additionally, for a deeper understanding of cross-cultural communication, you might find this SHRM article useful. If you’re new to Amazon, this guide on the new hire orientation offers excellent information.