VPC Lattice: What is it?
A completely managed application networking solution, Amazon VPC Lattice makes it easier to link virtual private clouds (VPCs) and accounts, monitor services, and secure them.Amazon VPC Lattice simplifies security, monitoring, and service-to-service communication.
Benefits
Facilitate communication
Amazon VPC Lattice simplifies and automates service connectivity by allowing you to find and securely connect services across VPCs and accounts.Increase security
You may create a more reliable and consistent security posture with the aid of context-specific permission and reliable authentication.Scale automatically
Scale computer and network resources automatically to handle high-bandwidth HTTP, HTTPS, and gRPC workloads.Apply flexibly
Support for serverless computing, instances, and containers can boost deployment flexibility and productivity.How it works
Amazon VPC Lattice is an application networking tool that continuously connects, monitors, and protects communications across your services, increasing productivity and freeing up your developers to work on projects that are crucial to your business. You may define policies for network traffic control, access, and monitoring to link compute services in a simple and consistent way across instances, containers, and serverless apps.Use cases
Make scalable service-to-service communication easier
It is possible to connect thousands of services across VPCs and accounts without adding complexity to the network.Increase application-layer security
You may improve service-to-service security and support Zero Trust architectures by implementing context-specific authorization, centralized access controls, and authentication.Implement intelligent traffic management
Use granular traffic constraints, such as weighted targets and request-level routing, for canary and blue/green deployments.Learn how different services communicate with one another
Monitoring and troubleshooting service-to-service communication for errors, response time, traffic volume, request type, and other variables is important.Today, AWS unveiled Amazon VPC Lattice's integrated support for Amazon Elastic Container Service (Amazon ECS). With this new built-in connectivity, Amazon ECS services may now be directly connected to VPC Lattice target groups without the need for middle-tier load balancers.
Here is a quick rundown of where to look for Amazon VPC Lattice integration when creating an Amazon ECS service:
As part of the Amazon VPC Lattice interaction with Amazon ECS, IP addresses from ECS tasks within a service are registered and deregistered as targets in a VPC Lattice target group. As soon as the service is launched, Amazon ECS will immediately register ECS tasks to the VPC Lattice target group.
Furthermore, ECS activities that fail VPC Lattice health checks will be automatically replaced by Amazon ECS. Furthermore, any work that is scaled back or stopped does not include the target group.
Making use of Amazon VPC's Lattice integration
Let me show you how to use this just developed integration. In the following demo, you will build a simple application server that functions as an ECS service and configure the interaction with VPC Lattice. Then, without requiring the installation of additional load balancers on Amazon ECS, the application server will be tested by connecting to the VPC Lattice domain name.Before you start this integration, you need to make sure that Amazon ECS will have the required permission to register and deregister targets inside VPC Lattice.
To use the VPC Lattice interaction, you need to establish a task description with at least one container and one port mapping. Here's an example of how we specify our tasks.
{
“containerDefinitions”: [
{
“name”: “webserver”,
“image”: “public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest”,
“cpu”: 0,
“portMappings”: [
{
“name”: “web-80-tcp”,
“containerPort”: 80,
“hostPort”: 80,
“protocol”: “tcp”,
“appProtocol”: “http”
}
],
… *redacted for brevity*
}
Next, navigate to your ECS cluster and choose Create.
The next step is to select the job specification and assign the service name.
In the VPC Lattice integration section, choose Turn on VPC Lattice to start configuring the target group. There is no need to define a load balancer because VPC Lattice will be used. By default, it will use a round-robin routing technique to send requests to healthy targets.
Start developing the integration for your ECS service now. Select the Amazon ECS infrastructure role first. Selecting the virtual private cloud (VPC) to employ for your service is the next step. The next step is to specify which target groups will receive traffic. After you have completed configuring the VPC Lattice integration, you construct this service.
In a few minutes, ECS service will be accessible. Navigate to the service and select Configuration and Networking. Scrolling down to the VPC Lattice section creates the VPC Lattice target group.
You may find more information on this target group by clicking on its name, which will take you to the VPC Lattice target group website. Here, you can observe that Amazon ECS successfully registered the task's IP address.
The next step is to build up a VPC Lattice service and a service network. Prior to connecting to the VPC Lattice service network, the VPC Lattice service must be created. So let's do it.
Choose Services in the VPC Lattice section, and then choose Create service.
Once all the information required to launch a VPC Lattice service has been entered, you may click Next.
Next, select the newly created target group for the Forward to target group on the Listener default action after adding a listener.
Since you will be constructing the VPC Lattice service network later, you may skip this step and choose Next, review the configurations, and create the service on the next page.
VPC Lattice service networks must be created now that VPC Lattice services have been established. Navigate to Service networks under the VPC Lattice section, then select Create service network.
To begin, type the VPC Lattice service's network name.
Next, on the Service associations page, select the service you created.
You connect your VPC and the security group to this service network.
Everything is currently configured for this integration. Your VPC Lattice service network is now linked to both VPC and VPC Lattice services.
After everything is set up, copy the domain name from your VPC Lattice service page.
After logging into the instance in the same VPC, call the service using the domain name from VPC Lattice.
Things to consider
Lattice GA VPC
It is now feasible to integrate Amazon VPC Lattice with Amazon ECS in AWS areas where both services are available.This connection works with all ECS launch types, including Amazon Elastic Compute Cloud (Amazon EC2) and AWS Fargate.
Pricing using VPC Lattice
The regular price for VPC Lattice and Amazon ECS is relevant. There are no additional costs associated with this integration.To find out how this new feature of Amazon VPC Lattice can enhance communication between your container apps running on Amazon ECS, give it a try now.
0 Comments