To simplify networking for service-to-service communication, AWS recently announced the preview of Amazon VPC Lattice. The new capability of Virtual Private Cloud (VPC) abstracts network complexity and creates a logical application layer network that connects clients and services across different VPCs and accounts.
VPC Lattice enables application layer load balancing, handling disparate workloads regardless of the underlying compute resources: instances, containers, or serverless. The application layer networking service is based on so-called service networks, logical application layer networks, that connect clients and services across different VPCs and accounts. Danilo Poccia, chief evangelist of EMEA at AWS, explains:
A service network is a logical boundary that is used to automatically implement service discovery and connectivity as well as apply access and observability policies to a collection of services. It offers inter-application connectivity over HTTP/HTTPS and gRPC protocols within a VPC.
Source: https://aws.amazon.com/blogs/aws/introducing-vpc-lattice-simplify-networking-for-service-to-service-communication-preview/
A service configuration consists of one or two listeners to define ports and protocols, with listeners having rules that consist of a priority, one or more conditions, and actions that forward traffic to target groups. The target groups are collections of resources that are running a specific workload, for example, EC2 instances, IP addresses, or Lambda functions. For Kubernetes workloads, the new capability supports services and pods using the gateway controller for Kubernetes, currently a developer preview on GitHub. Poccia adds:
VPC Lattice is designed to be noninvasive, allowing teams across your organization to incrementally opt in over time. (...) You can use VPC Lattice to apply granular and rich traffic controls, such as policy-based routing and weighted targets to support blue/green and canary-style deployments.
System administrators can use VPC Lattice to monitor and troubleshoot service-to-service communication for request type, traffic volume, errors, and response time. For authentication and authorization, the service integrates with AWS IAM and can use AWS Resource Access Manager (RAM) to control which accounts, VPCs, and applications can establish communication. Paul Johnston, ServerlessDays co-founder, tweets:
VPC Lattice looks very interesting. It's almost like AWS has been looking at what customers find hard about services and building solutions for it.
In a popular Reddit thread, different users highlight the overlapping with existing AWS services like App Mesh and PrivateLink. Jeremy Daly, CEO at Ampt, suggests in his newsletter:
I am thinking this is like an EventBridge for VPCs, giving you a simple way to route traffic between the virtual hellscape that is AWS VPCs.
Three dimensions impact the complex pricing model of VPC Lattice: the number of services provisioned (from 0.025 USD per hour), the data processing charges for traffic to and from each service (from 0.025 USD per GB), and the number of requests that each service receives (from 0.1 USD per 1M requests), with the first 300K requests every hour free.
The preview is available in the Oregon region only.