Announced in preview at the latest re:Invent conference, Amazon VPC Lattice is now generally available, with new capabilities for service-to-service connectivity, security, and monitoring. The pricing model raised some concerns in the community.
Handling common configuration tasks such as service discovery and request level routing, VPC Lattice allows developers to define policies for network access and traffic management to connect compute services across instances, containers, and serverless applications.
Compared to the preview, the GA introduces new capabilities: services can now use a custom domain name, with SSL/TLS certificate support, and the open-source AWS Gateway API Controller can be deployed to use VPC Lattice with a Kubernetes-native experience. The new option uses the Kubernetes Gateway API to connect services across multiple Kubernetes clusters and services running on EC2 instances, containers, and Lambda functions. Furthermore, the IP address target type now supports IPv6 and customers can use a managed application (ALB) or network load balancer (NLB) as a target for the service.
Danilo Poccia, chief evangelist of EMEA at AWS, explains how VPC Lattice allows the services of an e-commerce application to communicate with each other. He writes:
These services run in different AWS accounts and multiple VPCs. VPC Lattice handles the complexity of setting up connectivity across VPC boundaries and permission across accounts so that service-to-service communication is as simple as an HTTP/HTTPS call.
Source: https://onecloudplease.com/blog/exploring-amazon-vpc-lattice
Serhii Vasylenko, developer experience engineer at Grammarly, tested the new service and concludes:
VPC Lattice bridges the gap between developers and cloud administrators by providing role-specific features and capabilities. Developers can focus on building applications, not networks, while cloud and network administrators can increase their organization's security posture by enabling authentication, authorization, and encryption consistently across mixed computing environments.
While most developers appreciated the new features, the pricing raised some concerns in the AWS community. Ian Mckay, cloud principal at Kablamo and AWS Community Hero, explains:
It’s worth noting that the pricing model for VPC Lattice differs from that of PrivateLink and will probably end up costing you more overall. For N. Virginia, a PrivateLink service costs $0.01/hour per availability zone, plus $0.01/GB with volume discounts. For the same region, a VPC Lattice service costs $0.025/hour regardless of AZs, plus $0.025/GB with no volume discounts, plus $0.10 per million requests (with the first 300k requests per hour free).
Aaron Walker, technology director at base2Service, comments:
I want to really like this service but again the pricing model makes it hard to justify when you have cheaper alternatives.
The new service is currently available in a subset of AWS regions, including Ohio, Northern Virginia, Oregon, Ireland, and Singapore.