How to Run NodeJS app on AWS App Runner Using Amazon ECR

AWS Cloud CI/CD Pipeline with GitHub Actions

To get started, this article builds on the previous tutorial I published. I’d recommend that you complete them before getting started on this:

1. How to Build and Run a NodeJS app with Docker & GitHub Actions
2. How to Deploy to Kubernetes & Heroku using Docker

Assumptions & Pre-Requisites

For the purpose of this article, I’m assuming that you have completed the previous tutorials above and have an AWS Account Setup. Or at least some knowledge of NodeJS application, Docker, and GitHub Actions.

Getting Started

We are going to do 2 very simple tasks to get our application hosted on AWS:

1. Build and push a docker image of our nodeJS application on Amazon Elastic Container Registry aka Amazon ECR
2. We are then going to take the docker image in ECR and run it in a container using the AWS App Runner service.

What is AWS ECR service?

Source: aws.amazon.com/ecr

Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that makes it easy to store, share, and deploy container images. It’s pretty much the same thing as Docker Hub, just a place where you can store docker images.

What is AWS App Runner Service?

Source: aws.amazon.com/apprunner

AWS App Runner is the simplest way to build and run your containerized web application in AWS. App Runner gives you a fully managed container-native service. There are no orchestrators to configure, build pipelines to set up, load balancers to optimize, or TLS certificates to rotate. And of course, there are no servers to manage.

It pretty much does the same thing as Heroku in a way when it comes to hosting and running containerized applications.

1. Create an AWS ECR repo

To create a new repo where we’re going to push our application docker image:

1. Go to the ECR service — Click on Create Repository
2. Select Private under visibility — give a meaningful name to your repo. I named mine: nodejs-demo — and click on Create Repository.

Create ECR repo

2. Create a service account user with AWS IAM

So let’s started by integrating our GitHub Actions with the AWS account. This is to allow GitHub Actions to upload the build image to the repo in ECR. We are essentially creating a service account User with the access and permission needed to push an image to ECR.

What is AWS IAM service?

source: aws.amazon.com/iam

With AWS Identity and Access Management (IAM), you can specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS.

So to create the new service account user:

1. Go to the IAM service and select User
2. Under User, click on Add User and follow the prompt
3. Give a meaningful name. In my case, I named it: GitHub-Action-user-ECR and check Programmatic Access ( allowing the creation of a Key Pair) — Click on Next: Permissions
4. On the next screen, select the “Attach existing policies directly” tab. Search for “AmazonEC2ContainerRegistryFullAccess” and check it.
5. Click on Next: Tags skip — click on Next: Review — and confirm Create User.
6. Make sure to copy the “Access Key ID” and “Secret Access Key” somewhere. These are the details were going to use to add as secrets Actions on your GitHub Repo.

Create a Service Account User

3. Add the AWS Service Account to Github

1. Go to your GitHub Repo — under Settings and click on Secrets — Actions.
2. Under Secretes, click New Repository Secret and add the following variables and their respective values.

• Add AWS_ECR_REPO_NAME — in the value section, add the name of your ECR repo. Mine is nodejs-demo
• Next, add AWS_ACCESS_KEY_ID — in the value section, paste the “Access Key ID” you copied earlier when you were creating the service account user.
• Add AWS_SECRET_ACCESS_KEY in the value section, paste the “Secret Access Key”.

Add GitHub Actions Secrets

4. Add a Job in the GitHub Actions Workflow

Now let’s add the job that’ll run in the Github actions pipeline to build and push our application image to ECR in a CI/CD fashion:

• Go to .github/workflows and add the following job to your production workflow .yml file. Mine is named main.yml:

You review the full content of my main.yml workflow, this will better explain lines 6 and 7 on my job above.

• Make the commit and push the code — Once the changes are pushed to the repository checkout the Actions Tab — and review the new job building the cooker images of your app and pushing it to AWS ECR.
• Go to AWS ECR and review as well to assure that the docker image has been pushed successfully on your ECR repo

5. Setup a new Service on AWS App Runner

Source: aws.amazon.com

The last task needed to get our app up and running is to take the docker image in ECR and run it in a container using the AWS App Runner service:

1. Go to the AWS App Runner — Click Create Service and follow through the next page config.
2. Under Repository Type, select “Container Registry” — under Provider, select “Amazon ECR”
3. Under Container Image URI, browse through your Amazon ECR registry and choose your image repository and tag.
4. Under Deployment Settings and Triggers— select “Manual” trigger for continuous delivery — select “Automatic” trigger for Continuous Deployment
5. Under the ECR access role, select “Create new service role” — (if you’re doing this for the first time, you definitely don’t have an existing one)
6. Leave the default setting, apps take a moment to create

If all goes well, you’re done and all set!

Creating App Runner Service

Now, make some changes to your application code — push the code to your GitHub repository — watch the GitHub workflow build & deploy your app to ECR — App Runner in CI/CD fashion.

* You can review the full demo code here: github repo.

* my site is running like here: https://5mf4qafkmw.us-east-1.awsapprunner.com/

If you enjoy this, you might also like: “Deploying to GCP using Docker, Kubernetes, Terraform, and GitHub Actions”