I'm facing a puzzling issue with AWS App Runner that cropped up around December 30. My Next.js application begins to return 403 Forbidden errors on POST or PUT requests after about 10-12 minutes of running. However, GET requests are still successful.
The response headers clearly show it's coming from Envoy:
```
HTTP/1.1 403 Forbidden
x-envoy-upstream-service-time: 1
server: envoy
(empty response body)
```
I've already looked into a few potential causes, including ruling out the WAF and database connection leaks. Additionally, I reduced the instance count to one. The strange part is that these problematic requests don't seem to hit the application server at all. Does anyone have insights on what might be causing this problem?
1 Answer
It looks like the error you're seeing is from the App Runner API, which suggests it might be an IAM (Identity and Access Management) issue somewhere. Anytime you see a response that only mentions "envoy" and you aren't using Envoy yourself, it's usually an indication that it's an AWS issue, specifically related to how App Runner handles virtual host routing. It might be a good idea to open a support ticket for more tailored help on this.
I did open a support ticket! Just got some suggestions that might help.