aws · mergify · Sep 27, 2023 · Sep 6, 2023 · Sep 6, 2023 · Sep 6, 2023
diff --git a/packages/@aws-cdk/aws-apprunner-alpha/README.md b/packages/@aws-cdk/aws-apprunner-alpha/README.md
@@ -215,3 +215,24 @@ const service = new apprunner.Service(stack, 'Service', {
 
 service.addSecret('LATER_SECRET', apprunner.Secret.fromSecretsManager(secret, 'field'));
 ```
+
+## HealthCheck Configuration
+
+To configure the health check for the service, use the `healthCheckConfiguration` attribute.
+
+```ts
+new apprunner.Service(this, 'Service', {
+  source: apprunner.Source.fromEcrPublic({
+    imageConfiguration: { port: 8000 },
+    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
+  }),
+  healthCheckConfiguration: {
+    healthyThreshold: 5,
+    interval: Duration.seconds(10),
+    path: '/',
+    protocol: apprunner.HealthCheckProtocolType.HTTP,
+    timeout: Duration.seconds(10),
+    unhealthyThreshold: 10,
+  },
+});
-new apprunner.Service(this, 'Service', {
-  source: apprunner.Source.fromEcrPublic({
-    imageConfiguration: { port: 8000 },
-    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
-  }),
-  healthCheckConfiguration: {
-    healthyThreshold: 5,
-    interval: Duration.seconds(10),
-    path: '/',
-    protocol: apprunner.HealthCheckProtocolType.HTTP,
-    timeout: Duration.seconds(10),
-    unhealthyThreshold: 10,
-  },
-});
+new apprunner.Service(this, 'Service', {
+  source: apprunner.Source.fromEcrPublic({
+    imageConfiguration: { port: 8000 },
+    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
+  }),
+  healthCheck: apprunner.HealthCheck.http({
+    healthyThreshold: 5,
+    interval: Duration.seconds(10),
+    path: '/',
+    timeout: Duration.seconds(10),
+    unhealthyThreshold: 10,
+  }),
+});
-new apprunner.Service(this, 'Service', {
-  source: apprunner.Source.fromEcrPublic({
-    imageConfiguration: { port: 8000 },
-    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
-  }),
-  healthCheckConfiguration: {
-    healthyThreshold: 5,
-    interval: Duration.seconds(10),
-    path: '/',
-    protocol: apprunner.HealthCheckProtocolType.HTTP,
-    timeout: Duration.seconds(10),
-    unhealthyThreshold: 10,
-  },
-});
+new apprunner.Service(this, 'Service', {
+  source: apprunner.Source.fromEcrPublic({
+    imageConfiguration: { port: 8000 },
+    imageIdentifier: 'public.ecr.aws/aws-containers/hello-app-runner:latest',
+  }),
+  healthCheck: apprunner.HealthCheck.http({
+    healthyThreshold: 5,
+    interval: Duration.seconds(10),
+    path: '/',
+    timeout: Duration.seconds(10),
+    unhealthyThreshold: 10,
+  }),
+});
+```
diff --git a/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts b/packages/@aws-cdk/aws-apprunner-alpha/lib/service.ts
@@ -706,6 +706,13 @@ export interface ServiceProps {
    * @default - no VPC connector, uses the DEFAULT egress type instead
    */
   readonly vpcConnector?: IVpcConnector;
+
+  /**
+   * Settings for the health check that AWS App Runner performs to monitor the health of a service.
+   *
+   * @default - no health check configuration
+   */
+  readonly healthCheckConfiguration?: HealthCheckConfiguration;
 }
 
 /**
@@ -848,6 +855,72 @@ export class GitHubConnection {
   }
 }
 
+/**
+ * The health check protocol type
+ */
+export enum HealthCheckProtocolType {
+  /**
+   * HTTP protocol
+   */
+  HTTP = 'HTTP',
+
+  /**
+   * TCP protocol
+   */
+  TCP = 'TCP',
+}
+
+/**
+ * Describes the settings for the health check that AWS App Runner performs to monitor the health of a service.
+ */
+export interface HealthCheckConfiguration {
+  /**
+   * The number of consecutive checks that must succeed before App Runner decides that the service is healthy.
+   *
+   * @default 1
+   */
+  readonly healthyThreshold?: number;
+
+  /**
+   * The time interval, in seconds, between health checks.
+   *
+   * @default Duration.seconds(5)
+   */
+  readonly interval?: cdk.Duration;
+
+  /**
+   * The URL that health check requests are sent to.
+   *
+   * `path` is only applicable when you set `protocol` to `HTTP`.
+   *
+   * @default /
+   */
+  readonly path?: string;
+
+  /**
+   * The IP protocol that App Runner uses to perform health checks for your service.
+   *
+   * If you set `protocol` to `HTTP`, App Runner sends health check requests to the HTTP path specified by `path`.
+   *
+   * @default HealthCheckProtocolType.TCP
+   */
+  readonly protocol?: HealthCheckProtocolType;
+
+  /**
+   * The time, in seconds, to wait for a health check response before deciding it failed.
+   *
+   * @default Duration.seconds(2)
+   */
+  readonly timeout?: cdk.Duration;
+
+  /**
+   * The number of consecutive checks that must fail before App Runner decides that the service is unhealthy.
+   *
+   * @default 5
+   */
+  readonly unhealthyThreshold?: number;
+}
+
 /**
  * Attributes for the App Runner Service
  */
@@ -1074,6 +1147,8 @@ export class Service extends cdk.Resource implements iam.IGrantable {
       throw new Error('configurationValues cannot be provided if the ConfigurationSource is Repository');
     }
 
+    this.validateHealthCheckConfiguration(this.props.healthCheckConfiguration);
+
     const resource = new CfnService(this, 'Resource', {
       serviceName: this.props.serviceName,
       instanceConfiguration: {
@@ -1097,6 +1172,9 @@ export class Service extends cdk.Resource implements iam.IGrantable {
           vpcConnectorArn: this.props.vpcConnector?.vpcConnectorArn,
         },
       },
+      healthCheckConfiguration: this.props.healthCheckConfiguration ?
+        this.renderHealthCheckConfiguration(this.props.healthCheckConfiguration) :
+        undefined,
     });
 
     // grant required privileges for the role
@@ -1259,4 +1337,48 @@ export class Service extends cdk.Resource implements iam.IGrantable {
       },
     });
   }
+
+  private renderHealthCheckConfiguration(props: HealthCheckConfiguration) {
+    return {
+      healthyThreshold: props.healthyThreshold,
+      interval: props.interval?.toSeconds(),
+      path: props.path,
+      protocol: props.protocol,
+      timeout: props.timeout?.toSeconds(),
+      unhealthyThreshold: props.unhealthyThreshold,
+    };
+  }
+
+  private validateHealthCheckConfiguration(healthCheckConfiguration?: HealthCheckConfiguration) {
+    if (!healthCheckConfiguration) return;
+
+    if (healthCheckConfiguration.path !== undefined) {
+      if (healthCheckConfiguration.protocol !== HealthCheckProtocolType.HTTP) {
+        throw new Error('path is only applicable when you set Protocol to HTTP');
+      }
+      if (healthCheckConfiguration.path.length === 0) {
+        throw new Error('path length must be greater than 0');
+      }
+    }
+    if (healthCheckConfiguration.healthyThreshold !== undefined) {
+      if (healthCheckConfiguration.healthyThreshold < 1 || healthCheckConfiguration.healthyThreshold > 20) {
+        throw new Error(`healthyThreshold must be between 1 and 20, got ${healthCheckConfiguration.healthyThreshold}`);
+      }
+    }
+    if (healthCheckConfiguration.unhealthyThreshold !== undefined) {
+      if (healthCheckConfiguration.unhealthyThreshold < 1 || healthCheckConfiguration.unhealthyThreshold > 20) {
+        throw new Error(`unhealthyThreshold must be between 1 and 20, got ${healthCheckConfiguration.unhealthyThreshold}`);
+      }
+    }
+    if (healthCheckConfiguration.interval !== undefined) {
+      if (healthCheckConfiguration.interval.toSeconds() < 1 || healthCheckConfiguration.interval.toSeconds() > 20) {
+        throw new Error(`interval must be between 1 and 20 seconds, got ${healthCheckConfiguration.interval.toSeconds()}`);
+      }
+    }
+    if (healthCheckConfiguration.timeout !== undefined) {
+      if (healthCheckConfiguration.timeout.toSeconds() < 1 || healthCheckConfiguration.timeout.toSeconds() > 20) {
+        throw new Error(`timeout must be between 1 and 20 seconds, got ${healthCheckConfiguration.timeout.toSeconds()}`);
+      }
+    }
+  }
 }
diff --git a/packages/@aws-cdk/aws-apprunner-alpha/rosetta/default.ts-fixture b/packages/@aws-cdk/aws-apprunner-alpha/rosetta/default.ts-fixture
@@ -1,5 +1,5 @@
 // Fixture with packages imported, but nothing else
-import { Stack, SecretValue } from 'aws-cdk-lib';
+import { Duration, Stack, SecretValue } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import * as apprunner from '@aws-cdk/aws-apprunner-alpha';
 import * as path from 'path';

diff --git a/...cdk/aws-apprunner-alpha/test/integ.service-health-check-configuration.js.snapshot/cdk.out b/...cdk/aws-apprunner-alpha/test/integ.service-health-check-configuration.js.snapshot/cdk.out
diff --git a/...shot/cdkintegdashboardandwidgetwithstartandendDefaultTestDeployAssert4D8483F4.assets.json b/...shot/cdkintegdashboardandwidgetwithstartandendDefaultTestDeployAssert4D8483F4.assets.json
diff --git a/...ot/cdkintegdashboardandwidgetwithstartandendDefaultTestDeployAssert4D8483F4.template.json b/...ot/cdkintegdashboardandwidgetwithstartandendDefaultTestDeployAssert4D8483F4.template.json
diff --git a/...pha/test/integ.service-health-check-configuration.js.snapshot/integ-apprunner.assets.json b/...pha/test/integ.service-health-check-configuration.js.snapshot/integ-apprunner.assets.json
diff --git a/...a/test/integ.service-health-check-configuration.js.snapshot/integ-apprunner.template.json b/...a/test/integ.service-health-check-configuration.js.snapshot/integ-apprunner.template.json
@@ -0,0 +1,91 @@
+{
+ "Resources": {
+  "ServiceInstanceRoleDFA90CEC": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "tasks.apprunner.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    }
+   }
+  },
+  "ServiceDBC79909": {
+   "Type": "AWS::AppRunner::Service",
+   "Properties": {
+    "HealthCheckConfiguration": {
+     "HealthyThreshold": 5,
+     "Interval": 10,
+     "Path": "/",
+     "Protocol": "HTTP",
+     "Timeout": 10,
+     "UnhealthyThreshold": 10
+    },
+    "InstanceConfiguration": {
+     "InstanceRoleArn": {
+      "Fn::GetAtt": [
+       "ServiceInstanceRoleDFA90CEC",
+       "Arn"
+      ]
+     }
+    },
+    "NetworkConfiguration": {
+     "EgressConfiguration": {
+      "EgressType": "DEFAULT"
+     }
+    },
+    "SourceConfiguration": {
+     "AuthenticationConfiguration": {},
+     "ImageRepository": {
+      "ImageConfiguration": {
+       "Port": "8000"
+      },
+      "ImageIdentifier": "public.ecr.aws/aws-containers/hello-app-runner:latest",
+      "ImageRepositoryType": "ECR_PUBLIC"
+     }
+    }
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/.../aws-apprunner-alpha/test/integ.service-health-check-configuration.js.snapshot/integ.json b/.../aws-apprunner-alpha/test/integ.service-health-check-configuration.js.snapshot/integ.json