An example of using the ngrok-js NodeJS SDK in an AWS App Runner serverless application.
- A fork of this repository made into your own Github account user
- An AWS account with App Runner enabled
This method will get an app up and running as quickly as possible, but will not protect the Auth Token to a high enough standard for Production use cases.
- Navigate to the App Runner service within the AWS console
- Click
Create service
- Source: Choose
Source code repository
- Click
Add New
- Follow the prompts to connect AWS to your forked repository. More information is available here
- It should automatically choose the connected repository, otherwise select it
- Click
Next
at the bottom
- Click
- Build settings: Choose
Configure all settings here
- Runtime:
Nodejs 16
- Build command:
npm install
- Start command:
npm start
- Click
Next
at the bottom
- Runtime:
- Service name:
ngrok-serverless
- Environment variables: Add environment variable:
- Plain text (not for Prod use): name:
NGROK_AUTHTOKEN
, value: paste in your ngrok Auth Token
- Plain text (not for Prod use): name:
- Networking: Incoming: Choose
Private endpoint
- Click
Create new endpoint
- Select VPC, Subnets: select all availability zones
- Click
Create
- Choose the newly created VPC Endpoint
- Click
- Click
Next
at the bottom
- Environment variables: Add environment variable:
- Click
Create & Deploy
at the bottom - After the service is deployed, you can find the ngrok ingress URL by clicking on the link in the
Application logs
section of the service details page. You may need to refresh using the circular arrow button
For production use the Auth Token must be pulled from an encrypted store. This can be done through AWS Secrets Manager or SSM Parameter Store, the latter is free so the example will use SSM Parameter Store. See the AWS documentation for more information on how to do this.
- Create secrets in the AWS Systems Manager Parameter Store
- Navigate to the Parameter Store service within the AWS console
- Click
Create parameter
- Name:
/ngrok-serverless/ngrok-authtoken
- Type: SecureString
- Value: paste in your ngrok auth token
- Click
Create parameter
- In the forked Github repository: Edit the
apprunner.yaml
file to change theNGROK_AUTHTOKEN
environment variable to use the AWS Secrets Manager secret- Uncomment and fill in the region, account_id, and parameter_name of the secret for this line:
value-from: "arn:aws:ssm:<region>:<aws_account_id>:parameter/<parameter_name>
- Commit and push the changes to your forked repository
- Uncomment and fill in the region, account_id, and parameter_name of the secret for this line:
- Create IAM role for App Runner to access the secret
- Navigate to the IAM service within the AWS console
- Click
Roles
- Click
Create role
- Select
Custom trust policy
- Paste in the
Example IAM Role Trust Policy
from below, replacing the existing JSON text - Click
Next
- Select
- Click
Create policy
. In the new tab:- Click
JSON
- Paste in the
Example IAM Policy
from below, replacing the region, account_id, and parameter_name with the values from the secret - Click
Next
- Paste in the
- Policy name:
ngrok-serverless-policy
- Click
Create policy
- Click
- Click
- Back in the Create role tab:
- Click the two-arrows refresh button to update the list of policies
- Search for
ngrok
- Check the box next to the
ngrok-serverless-policy
that was created in the previous step - Click
Next
- Role name:
ngrok-serverless-role
- Click
Create role
- Click
Example IAM Role Trust Policy from the AWS documentation:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "tasks.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Example IAM Policy from the AWS documentation:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": [
"arn:aws:ssm:<region>:<aws_account_id>:parameter/<parameter_name>"
]
}
]
}
- Navigate to the App Runner service within the AWS console
- Click
Create service
- Source: Choose
Source code repository
- Click
Add New
- Follow the prompts to connect AWS to your forked repository. More information is available here
- It should automatically choose the connect repository, otherwise select it
- Click
Next
at the bottom
- Click
- Build settings: Choose
Use a configuration file
- Click
Next
at the bottom
- Click
- Service name:
ngrok-serverless
- Security: Instance role
- Select the IAM role created in the previous step, e.g.
ngrok-serverless-role
- Select the IAM role created in the previous step, e.g.
- Networking: Incoming: Choose
Private endpoint
- Click
Create new endpoint
- Select VPC, Subnets: select all availability zones
- Click
Create
- Choose the newly created VPC Endpoint
- Click
- Click
Next
at the bottom
- Security: Instance role
- Click
Create & Deploy
at the bottom - After the service is deployed, you can find the ngrok ingress URL within your ngrok dashboard as it will show up as a connected agent
See the App Runner documentation for more information on how to use the service.
See the ngrok-nodejs documentation for more information on how to use the ngrok NodeJS SDK library.
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in ngrok-nodejs by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.