New Service Preview : Amazon VPC Lattice

Overview

At Re:Invent 2022, Amazon announced a new EC2 networking service 
VPC Lattice with an aim to make it simple for developers to connect, secure, and monitor their services, without sacrificing the controls admins need to audit and secure their environment. Organizations have started to adopt microservice architecture where application services are segmented into multiple independent services. In some case, these services may be spreaded across multiple VPCs. In this case, how do you match the network boundary with the application boundary? Do you have flexibility with compute platform or consistency in deployment? Organizations typically go for consistency in deployment in such scenarios. There are networking solutions available to tackle this but developers are not networking wizards, yet!

Service Mesh

Service Mesh is one of the required solutions for an effective adoption of microservices, it’s a platform layer that enables managed, observable and secure communication between individual services. The idea was to abstract network layer from developers and allow them to use service discovery and have application be able to communicate with right encryption, authentication, run the right authentication. The design of service mesh comes with it’s own challenges, it wasn’t natively supported by AWS and required to run sidecar proxies. It was also very much bound to containers.

Challenges of service mesh architectures

1. Sidecar proxy may be required : Deploying and maintaining proxies at scale can be difficult
2. Only for container workloads : Does not work for other workloads such as serverless and Amazon EC2
3. Requires networking experience : Complex inter-VPC networking slows down developers

Using VPC Lattice, allows you to setup service network within any VPC, so they can now decide to expose those endpoints as part of the mesh and have them discoverable by any other service that is using that mesh to communicate. It also works in a scenario where the meshes are spanned across VPCs that aren’t peered. AWS will take care of the complexity

Advantages of VPC Lattice

1. No Side car proxies required — It is a fully managed service with no proxies to deploy and maintain
2. Works across all workloads such as Amazon EC2, Amazon EKS, Amazon ECS & AWS Lambda
3. No Networking expertise required — Simplified connectivity and security across VPCs and accounts
4. Traffic and access controls — Helps to create a improvised and more consistency security posture that enables rich traffic control mechanisms

Inspite of having this abstraction to simply things for developers, it still maintains power of the network administrators as they can use all the tools and services such as security groups, Transit Gateways, flow logs, traffic mirroring & other feature in the underlying network continues to work.

Reference : AWS re:Invent 2022 — Leaping ahead: The power of cloud network innovation