Skip to main content

ADR-002: AWS App Runner over ECS Fargate

Status: Accepted | Date: 2026-03-13

Context

SA3 is a containerised Next.js 15 application needing HTTPS, auto-scaling, private RDS access, and minimal operational footprint. The load profile is bursty at term-end, near-zero otherwise.

Hard constraint: CloudFront must not be placed in front of App Runner -- it breaks Next.js 15 Suspense streaming and strips the Vary header required for RSC payload routing.

Decision

SA3 uses AWS App Runner with an ECR source image. A VPC connector provides private subnet connectivity to RDS. The environment variable HOSTNAME=0.0.0.0 is mandatory.

Rationale

  1. Zero infrastructure management -- no ECS task definitions, ALB target groups, or EC2 capacity.
  2. Auto-scaling including scale-to-zero -- reduces cost during school holidays.
  3. VPC connector satisfies private RDS access.
  4. Native ECR integration -- fits the CI/CD pipeline.
  5. HTTPS and custom domain handled natively.
  6. Right-sized for a single-school deployment.

Consequences

Positive: Minimal infrastructure (~30 Terraform resources), auto-scaling, managed TLS/domain, portable container image.

Negative: VPC connector adds ~$0.125/hr per AZ. Cold start latency of 5--15 seconds on scale-from-zero. No WebSocket support.

Alternatives Rejected

  • ECS Fargate + ALB -- operational overhead exceeds what the deployment scale justifies
  • Vercel + PlanetScale/Neon -- violates AWS-only constraint, data residency risk
  • EC2 + ASG -- highest operational overhead, no benefit over containerised approach