Integrate an AWS RDS Database with Your Velo Site

Hey Luke,

AppRunnerRDSAccessRole is the default role for app runner services, it should be
exists in every AWS account, but in case it doesn’t, a new role that will work with AppRunner can be created.

There are 2 ways to create a new role:
1. Creating a new role via AWS-CLI
2. Editing existing role to work with AppRunner service


Creating a new role via AWS-CLI:

  1. Create a file called trust-policy.json , and paste the next trust relationships specifies:
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "tasks.apprunner.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
  }
  1. Open your terminal in the directory where trust-policy.json is stored and use the create-role command.
aws iam create-role --role-name velo-external-db-adapter --assume-role-policy-document file://trust-policy.json 
  1. Then you should see the new role in the roles list and in the app runner configuration screen under security - instance role list, don’t forget to attach the needed permissions.

Editing existing role to work with AppRunner service:

  1. Create new role, no matter to what aws service
  2. Then look for it in the role list and click on it
  3. Click on the Trust relationships tab, and click on edit trust relationship.
  4. Paste the next Policy Document:
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "tasks.apprunner.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
  }
  1. Click on Update Trust Policy
  2. Attach the needed permission (according to the docs)

That’s it, you should see the role in app runner configuration screen under the security - instance list.


Let us know if you succeeded