AWS::AppRunner::VpcConnector - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


The AWS::AppRunner::VpcConnector resource is an Amazon App Runner resource type that specifies an App Runner VPC connector.

App Runner requires this resource when you want to associate your App Runner service to a custom Amazon Virtual Private Cloud (Amazon VPC).


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::AppRunner::VpcConnector", "Properties" : { "SecurityGroups" : [ String, ... ], "Subnets" : [ String, ... ], "Tags" : [ Tag, ... ], "VpcConnectorName" : String } }


Type: AWS::AppRunner::VpcConnector Properties: SecurityGroups: - String Subnets: - String Tags: - Tag VpcConnectorName: String



A list of IDs of security groups that App Runner should use for access to Amazon resources under the specified subnets. If not specified, App Runner uses the default security group of the Amazon VPC. The default security group allows all outbound traffic.

Required: No

Type: Array of String

Update requires: Replacement


A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify.


App Runner currently only provides support for IPv4.

Required: Yes

Type: Array of String

Minimum: 1

Update requires: Replacement


A list of metadata items that you can associate with your VPC connector resource. A tag is a key-value pair.


A VpcConnector is immutable, so you cannot update its tags. To change the tags, replace the resource. To replace a VpcConnector, you must provide a new combination of security groups.

Required: No

Type: Array of Tag

Update requires: Replacement


A name for the VPC connector.

If you don't specify a name, Amazon CloudFormation generates a name for your VPC connector.

Required: No

Type: String

Pattern: ^[A-Za-z0-9][A-Za-z0-9-\\_]{3,39}$

Minimum: 4

Maximum: 40

Update requires: Replacement

Return values


When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name.

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) of this VPC connector.


The revision of this VPC connector. It's unique among all the active connectors ("Status": "ACTIVE") that share the same Name.


At this time, App Runner supports only one revision per name.


VPC connector

This example illustrates creating a VPC connector with two subnets and two security groups.


{ "Type" : "AWS::AppRunner::VpcConnector", "Properties" : { "VpcConnectorName": "my-vpc-connector", "Subnets": ["subnet-123", "subnet-456"], "SecurityGroups": ["sg-123", "sg-456"] } }


Type: AWS::AppRunner::VpcConnector Properties: VpcConnectorName: my-vpc-connector Subnets: - subnet-123 - subnet-456 SecurityGroups: - sg-123 - sg-456

See also