AWS App Runner (Phenom Drop)

Phenom Drop App Runner deployment, ECR push, and deployment trigger

Overview

Phenom Drop (thephenom-app) uses AWS App Runner for the backend service. Images are pushed to Amazon ECR, and App Runner automatically deploys new versions when a new image is pushed.

Note: This is a legacy deployment pattern. New services should use Scaleway Serverless Containers per the Sovereign Architecture SOP. Phenom Drop remains on AWS due to its integration with the Phenom app ecosystem.

Prerequisites

  • AWS CLI configured with appropriate credentials
  • ECR repository: pass aws/phenom-drop/ecr-repo
  • App Runner service ARN: pass aws/phenom-drop/apprunner-arn
  • Docker (for building – runs on ai.matthewstevens.org)

Procedure: Deploy Phenom Drop Backend

Step 1: Build the Image

SSH to the build server and build:

1
2
3
4
5

ssh ai
export PATH=/usr/local/bin:/opt/homebrew/bin:$HOME/.orbstack/bin:$PATH

cd /path/to/phenom-drop
docker buildx build --platform linux/amd64 --builder multiarch -t phenom-drop-backend .

Step 2: Tag and Push to ECR

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# Authenticate with ECR
AWS_ACCOUNT_ID=$(pass aws/account-id)
AWS_REGION="us-east-1"
ECR_REPO="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/phenom-drop-backend"

aws ecr get-login-password --region ${AWS_REGION} | \
  docker login --username AWS --password-stdin ${ECR_REPO}

# Tag and push
docker tag phenom-drop-backend:latest ${ECR_REPO}:latest
docker push ${ECR_REPO}:latest

Step 3: Trigger App Runner Deployment

App Runner is configured for automatic deployment on ECR push. If it does not trigger automatically:

1
2

SERVICE_ARN=$(pass aws/phenom-drop/apprunner-arn)
aws apprunner start-deployment --service-arn ${SERVICE_ARN}

Step 4: Monitor Deployment

1
2

aws apprunner describe-service --service-arn ${SERVICE_ARN} \
  --query 'Service.{Status:Status,URL:ServiceUrl,Updated:UpdatedAt}'

Wait for Status to change from OPERATION_IN_PROGRESS to RUNNING.

App Runner Configuration

Service Settings

  • CPU: 1 vCPU
  • Memory: 2 GB
  • Port: 8080
  • Health check path: /health
  • Auto-deploy: Enabled (triggers on ECR push)

Environment Variables

Environment variables are configured in the App Runner service. Update via AWS Console or CLI:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

aws apprunner update-service \
  --service-arn ${SERVICE_ARN} \
  --source-configuration '{
    "ImageRepository": {
      "ImageIdentifier": "'${ECR_REPO}':latest",
      "ImageRepositoryType": "ECR",
      "ImageConfiguration": {
        "Port": "8080",
        "RuntimeEnvironmentVariables": {
          "NODE_ENV": "production",
          "S3_BUCKET": "phenom-drop-media"
        }
      }
    }
  }'

Phenom Drop Backend Components

The Phenom Drop backend consists of:

  1. Python server – Handles media uploads, consent flow, email collection
  2. S3 integration – Stores uploaded media files
  3. Firestore integration – Stores drop payloads with submitterEmail
  4. C2PA integration – Signs media with Content Credentials

Email/Consent Flow

The drop payload includes:

  • submitterEmail – Consent email for the submitter
  • Media files (images/video)
  • C2PA manifest data
  • Drop metadata

Troubleshooting

  • Deployment stuck: Check App Runner service events for error messages. Common cause is health check failing.
  • 502 after deploy: Application may not be listening on the configured port. Check the PORT environment variable matches the app config.
  • ECR push denied: Re-authenticate with aws ecr get-login-password. Tokens expire after 12 hours.
  • Large file C2PA error: Files over a certain size may fail C2PA signing. Check memory limits and increase if needed.