Demistfying AWS VPC Lattice

#aws #community #cloudcomputing #networking

Did you know that AWS VPC Lattice could be the missing piece in achieving seamless cloud deployments? It's like the perfect convergence of service networking—neutral, efficient, and capable of bridging diverse environments with ease.

AWS VPC Lattice is a fully managed application networking service that simplifies connecting, securing, and monitoring communications between services. It's specifically designed to streamline service-to-service communication in distributed applications.

AWS VPC Lattice Reference
Source: https://aws.amazon.com/blogs/aws/introducing-vpc-lattice-simplify-networking-for-service-to-service-communication-preview/

Why VPC Lattice Stands Out

Let’s start by understanding what makes AWS VPC Lattice the missing piece in your cloud architecture:

Service Network: Centralizes service-to-service communication for seamless interaction.
Service Directory: Keeps everything organized with a centralized registry for services.
Authentication and Authorization: Secures communication using AWS IAM for access control.
Traffic Management: Provides smart routing and resilience to optimize service performance.

Roles and Layers

Networking layer: provides connectivity between applications through the deployments. This is managed by the admin team.
Application layer: applications deployed across multiple VPCs and accounts. This is managed by the Dev team
Security layer: this is applied across all depths of both networking and deployments; the responsibility is shared among the admin and dev teams.

Developers love speed—spinning up instances and hardcoding credentials to get things moving fast, often ignoring risks like IP conflicts or security gaps. Admins, on the other hand, focus on governance and security, slowing things down with strict controls. The real challenge? Striking a balance between innovation and control, so teams can build fast without compromising on safety.

Components

Service: Think of a service as a standalone unit of software that performs a specific task. It can live in any VPC or account and run on virtual machines, containers, or serverless functions. A service configuration includes:
- Target Group: The backend where your application runs—this could be EC2 instances, IP addresses, Lambda functions, or Kubernetes Pods.
- Listener: Defines the port and protocol your service uses to receive traffic. Supported protocols include HTTP/1.1, HTTP/2, gRPC, and HTTPS.
- Rule: Determines how traffic is routed, forwarding requests to target groups based on conditions and priorities.
Service Network: Picture this as a logical boundary that ties your services together. It simplifies service discovery, enforces common access policies, and ensures connectivity between services.
Service Directory: A one-stop registry for all your services within VPC Lattice. Whether they’re yours or shared with you via AWS Resource Access Manager (RAM), you can find them here.
Auth Policies: These IAM resource policies let you enforce authentication and context-specific authorization. Apply them at the service or network level to enhance security and control.

Practical Hands-on
I will be creating a web application that has two backend services:

EC2 instance (python application), Below include the app.py on the ec2 instance

from flask import Flask

app = Flask(__name__)

@app.route('/')
def index():
  return 'Howdy, response from the EC2 instance'

app.run(host='0.0.0.0', port=8080)

Lamdda function

exports.handler = async (event) => {
    const response = {
        statusCode: 200,
        body: JSON.stringify('Hello Lambda!'),
    };
    return response;
};

Create a target group for each service on VPC Lattice

Create Service for the AWS VPC lattice

Create service network and associate with service and VPC

Testing the service from another VPC (Test-VPC) The test-VPC has been associated with the service network; this will ensure the connectivity test across the VPCs