Getting started with Amazon VPC Lattice in AWS Mumbai region

Whether you have an legacy monolith application, which you maybe trying to refactor to microservices, or you already have a cloud native microservices based application, the challenge of application level communication between microservices (and even applications) running in different forms of deployment models (on EC2, AWS Lambda, Containers etc.) and across VPC’s and across multiple AWS accounts is a hard problem to solve. Service meshes like Istio, Cilium, AWS App Mesh, and LinkerD, have become popular to address some aspects of this problem, but there are still challenges. Also, developers use AWS services/solutions such as Amazon VPC Peering, AWS PrivateLink, and AWS Transit Gateway to provide connectivity for these services.

Amazon VPC Lattice is an application layer service that consistently connects, monitors, and secures communications between your services, helping to improve productivity so that your developers can focus on building features that matter to your business. You can define policies for network access, traffic management, and monitoring to connect compute services in a simple and consistent way across instances, containers, and serverless. It bridges the gap between developers (who don’t want to deep-dive into networking !!) and admins (who still want to control, secure and monitor stuff while empowering developers).

While Amazon VPC Lattice became generally available in March, 2023, I am very excited by the fact that Amazon VPC Lattice is now available in AWS Mumbai region, with several other AWS Regions !!

While this is not an exhaustive list, I love Amazon VPC Lattice for the following key features:

1. Simplifying service to service connectivity at scale — No more managing sidecar proxies (like updates, security patches), data plane and control plane for service meshes. We can easily connect thousands of services across VPC’s and AWS accounts in an AWS region without having to manage complexity.
2. Security — Implement Zero Trust architecture patterns with reliable authentication and authorization. Limit threat profile and manage access and authorization through centralized controls
3. VPC Lattice can support target resources like EC2 instances, IP addresses, Serverless (like Lambda functions and AWS Fargate), Auto scaling groups, Application Load Balancers, or Kubernetes Pods.
4. Monitoring — Monitor and troubleshoot service-to-service communication for request type, traffic volume, errors, response time, and more.
5. Advanced traffic management Apply granular traffic controls, such as request-level routing and weighted targets for blue/green and canary deployments

Please check the documentation for more recent updates. There is also an additional benefit of reduced costs, both operational costs as well as less services to manage.

Rangoli/Kolam — ರಂಗೋಲಿ/கோலம் — some patterns from our house over the years — https://en.wikipedia.org/wiki/Rangoli

There are plenty of resources on Amazon Lattice out there on the web, so I will not duplicate them in this blog. I have highlighted a few of the important ones in the section on Resources at the end of this blog.

How do I get started?

1. Understand the basics of VPC Lattice including concepts of Service, Service Network, Target Groups, Auth Policies and other basic concepts
2. Get some hands-on practice, by using our workshops and blogs (see the section on Resources)
3. If VPC Lattice seems like a good fit for your workload, start on your VPC Lattice journey by a simple three step process — create services, create service networks and associate the service networks to VPCs
4. Enable security and monitoring

How VPC Lattice works — https://docs.aws.amazon.com/vpc-lattice/latest/ug/how-it-works.html

I also found an awesome blog at https://fourtheorem.com/vpc-lattice/ which also goes into much more depth on VPC Lattice.

I ran the VPC Lattice workshop in the AWS Mumbai region and was able to get started with this sample service deployment within an hour.

Amazon VPC Lattice Workshop — https://catalog.workshops.aws/handsonwithvpclattice/en-US

Multiple target groups — services running in AWS lambda, EC2, and behind an ALB

Service to service connectivity between services running across mutiple VPCs.

service to service connectivity

and you can play around much more including setting up observability, application layer security at the VPC Lattice level as well as using AWS SigV4. This is an amazing workshop to get hands-on practice.

Resources

1. Amazon VPC Lattice user guide — https://docs.aws.amazon.com/vpc-lattice/index.html
2. Amazon VPC Lattice architecture patterns and best practices
3. Amazon VPC Lattice workshop — https://catalog.workshops.aws/handsonwithvpclattice/en-US
4. Build secure application networks with VPC Lattice, Amazon ECS, and AWS Lambda
5. Lattice with Amazon EKS
6. Simplify Modernization of your monolithic application using Amazon VPC Lattice — https://aws.amazon.com/blogs/mt/simplify-modernization-of-your-monolithic-application-using-amazon-vpc-lattice/
7. Migration Adventures — S02E6 — VPC Lattice in migration scenarios — https://community.aws/content/2fYbAnOpKzbCunJbZnre9LBcbSJ/migration-adventures---s02e6---vpc-lattice-in-migration-scenarios
8. Connecting Saas services within a VPC Lattice service network — https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-saas-services-within-a-vpc-lattice-service-network/
9. Amazon VPC Lattice pricing

Hope this was useful, and to get you started with Amazon VPC Lattice.

Please let me know, if you need more information. Thanks 🙏