diff --git a/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/aws4-shapes-services.md b/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/aws4-shapes-services.md
index 20ed9293..604cddde 100644
--- a/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/aws4-shapes-services.md
+++ b/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/aws4-shapes-services.md
@@ -20,7 +20,7 @@ All service icons use `resourceIcon;resIcon=mxgraph.aws4.{name}` style at 78x78.
**Networking**: `app_mesh`, `application_recovery_controller`, `client_vpn`, `cloud_directory`, `cloud_map`, `cloud_wan`, `cloudfront`, `direct_connect`, `global_accelerator`, `networking_and_content_delivery`, `private_5g`, `route_53`, `rtb_fabric`, `site_to_site_vpn`, `transit_gateway`, `verified_access`, `vpc`, `vpc_lattice`, `vpc_privatelink`
-**Compute**: `app_runner`, `auto_scaling2`, `auto_scaling3`, `batch`, `bottlerocket`, `compute`, `compute_optimizer`, `ec2`, `ec2_image_builder`, `elastic_beanstalk`, `elastic_fabric_adapter`, `elastic_load_balancing`, `elastic_vmware_service`, `fargate`, `genomics_cli`, `lambda`, `lightsail`, `lightsail_for_research`, `local_zones`, `nice_dcv`, `nice_enginframe`, `nitro_enclaves`, `outposts`, `outposts_1u_and_2u_servers`, `outposts_family`, `parallel_cluster`, `parallel_computing_service`, `serverless_application_repository`, `simspace_weaver`, `vmware_cloud_on_aws`, `wavelength`
+**Compute**: `app_runner` _(maintenance mode — use `ecs`/`fargate` instead)_, `auto_scaling2`, `auto_scaling3`, `batch`, `bottlerocket`, `compute`, `compute_optimizer`, `ec2`, `ec2_image_builder`, `elastic_beanstalk`, `elastic_fabric_adapter`, `elastic_load_balancing`, `elastic_vmware_service`, `fargate`, `genomics_cli`, `lambda`, `lightsail`, `lightsail_for_research`, `local_zones`, `nice_dcv`, `nice_enginframe`, `nitro_enclaves`, `outposts`, `outposts_1u_and_2u_servers`, `outposts_family`, `parallel_cluster`, `parallel_computing_service`, `serverless_application_repository`, `simspace_weaver`, `vmware_cloud_on_aws`, `wavelength`
**IoT (Thing shapes)**: `iot`, `iot_core`, `iot_greengrass`, `iot_analytics`, `iot_events`, `iot_sitewise`, `iot_device_defender`, `iot_device_management`, `iot_things_graph`, `iot_1click`, `iot_button`, `iot_certificate`, `iot_action`, `iot_actuator`, `iot_alexa_enabled_device`, `iot_alexa_skill`, `iot_alexa_voice_service`, `iot_bank`, `iot_bicycle`, `iot_camera`, `iot_car`, `iot_cart`, `iot_coffee_pot`, `iot_desired_state`, `iot_device_gateway`, `iot_dog`, `iot_door_lock`, `iot_factory`, `iot_fire_tv`, `iot_fire_tv_stick`, `iot_generic`, `iot_house`, `iot_http`, `iot_http2`, `iot_lambda`, `iot_lightbulb`, `iot_medical_emergency`, `iot_mqtt`, `iot_over_the_air_update`, `iot_police_emergency`, `iot_policy`, `iot_reported_state`, `iot_rule`, `iot_sensor`, `iot_servo`, `iot_shadow`, `iot_simulator`, `iot_thermostat`, `iot_topic`, `iot_travel`, `iot_utility`, `iot_windfarm`, `freertos`, `iot_device_defender2`, `iot_fleet_hub`, `iot_expresslink`, `iot_fleetwise`, `iot_roborunner`, `iot_twinmaker`
diff --git a/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/example-complex-platform.drawio b/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/example-complex-platform.drawio
index e32d5aba..7ffca251 100644
--- a/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/example-complex-platform.drawio
+++ b/plugins/deploy-on-aws/skills/aws-architecture-diagram/references/example-complex-platform.drawio
@@ -91,7 +91,7 @@
-
+
@@ -313,7 +313,7 @@
-
+
diff --git a/plugins/deploy-on-aws/skills/deploy/SKILL.md b/plugins/deploy-on-aws/skills/deploy/SKILL.md
index dfc8d772..29ac7b1c 100644
--- a/plugins/deploy-on-aws/skills/deploy/SKILL.md
+++ b/plugins/deploy-on-aws/skills/deploy/SKILL.md
@@ -56,6 +56,7 @@ to ensure patterns follow AWS recommendations.
- Run IaC security scans (cfn-nag, checkov) before deployment
- Don't ask "Lambda or Fargate?" - just pick the obvious one
- If genuinely ambiguous, then ask
+- **Never recommend AWS App Runner** — it is in maintenance mode. Use ECS Express Mode instead.
## References
diff --git a/plugins/deploy-on-aws/skills/deploy/references/defaults.md b/plugins/deploy-on-aws/skills/deploy/references/defaults.md
index 3b16b853..60f77ceb 100644
--- a/plugins/deploy-on-aws/skills/deploy/references/defaults.md
+++ b/plugins/deploy-on-aws/skills/deploy/references/defaults.md
@@ -12,6 +12,8 @@ Default AWS service selections. Override only when user explicitly requests alte
| Scheduled jobs | EventBridge + Lambda | Long-running → EventBridge + Fargate |
| API-only (no web UI) | Fargate + ALB | "serverless" → API Gateway + Lambda |
+> **⚠️ App Runner is in maintenance mode** — AWS has moved App Runner to maintenance mode. Do **not** recommend App Runner for new workloads. Use **ECS Express Mode** instead.
+
### Why Fargate over Lambda for web frameworks
Most web frameworks (Django, Rails, Flask with WSGI) expect long-running processes.