Simplify networking for container applications with Amazon VPC Lattice‘s integrated Amazon ECS support.
What is VPC Lattice?
Amazon VPC Lattice is a fully managed application networking solution that facilitates service monitoring, security, and connection between virtual private clouds (VPCs) and accounts.
Make service-to-service communication, security, and monitoring easier with Amazon VPC Lattice.
Advantages
Make connecting easier
Discover and safely link services across VPCs and accounts with Amazon VPC Lattice, which streamlines and automates service connectivity.
Boost security
Context-specific authorization and trustworthy authentication can help you establish a better and more consistent security posture.
Scale automatically
Automatically scale network and computing resources to accommodate high-bandwidth HTTP, HTTPS, and gRPC workloads.
Implement flexibly
With support for instances, containers, and serverless computing, you can increase productivity and deployment flexibility.
How it operates
An application networking tool called Amazon VPC Lattice continuously links, tracks, and secures communications between your services, enhancing efficiency and freeing up your developers to work on things that are important to your company. To connect compute services in a straightforward and uniform manner across instances, containers, and serverless apps, you can specify policies for network traffic control, access, and monitoring.
Use cases
Simplify scalable service-to-service connectivity
Thousands of services can be connected across accounts and VPCs without making the network more complicated.
Boost security at the application layer
With context-specific authorization, centralized access controls, and authentication, you can enhance service-to-service security and support Zero Trust architectures.
Put smart traffic control into practice
For blue/green and canary deployments, use granular traffic restrictions like weighted targets and request-level routing.
Get insight into interactions between services
Keep an eye on and troubleshoot service-to-service communication for faults, response time, traffic volume, request type, and other factors.
AWS introduced Amazon Elastic Container Service (Amazon ECS) built-in support for Amazon VPC Lattice today. Amazon ECS services can now be directly linked to VPC Lattice target groups without the use of intermediary load balancers with this new built-in connection.
A brief overview of how to locate Amazon VPC Lattice integration when developing an Amazon ECS service is provided here:
IP addresses from ECS tasks within a service are registered and deregistered as targets in a VPC Lattice target group as part of the Amazon VPC Lattice interaction with Amazon ECS. Amazon ECS will automatically register ECS tasks to the VPC Lattice target group as soon as they are launched for the service.
Additionally, Amazon ECS will automatically replace ECS activities that fail VPC Lattice health checks. Additionally, the target group is excluded from any work that is discontinued or scaled down.
Utilizing the Lattice integration for Amazon VPC
Allow me to demonstrate how to utilize this just-added integration. You will set up the interaction with VPC Lattice and install a basic application server operating as an ECS service in the demo that follows. The application server will then be tested by connecting to the VPC Lattice domain name without the need to set up extra load balancers on Amazon ECS.
You must confirm that Amazon ECS will have the necessary authorization to register and deregister targets inside VPC Lattice before you can begin this integration.
You must define a task definition with at least one container and one port mapping in order to use the interaction with VPC Lattice. Here is an illustration of how we define our tasks.
{
“containerDefinitions”: [
{
“name”: “webserver”,
“image”: “public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest”,
“cpu”: 0,
“portMappings”: [
{
“name”: “web-80-tcp”,
“containerPort”: 80,
“hostPort”: 80,
“protocol”: “tcp”,
“appProtocol”: “http”
}
],
… *redacted for brevity*
}
Then select Create after navigating to your ECS cluster.
The job specification must then be chosen, and the service name must be assigned.
To begin setting up the target group for VPC Lattice, select Turn on VPC Lattice in the VPC Lattice integration section. Since you will be using VPC Lattice, you don’t need to define a load balancer. By default, it will route requests to healthy targets using a round-robin routing mechanism.
Now begin creating it integration for your ECS service. Start by choosing the Amazon ECS infrastructure role. Next, you have to decide which virtual private cloud (VPC) you want to use for your service. The target groups that will receive traffic must then be defined. You build this service once you’ve finished setting the VPC Lattice integration.
ECS service is available in a few minutes. Select Configuration and Networking after navigating to the service. The VPC Lattice target group is generated if you scroll down to the VPC Lattice section.
Click on the target group name to be sent to the VPC Lattice target group website, where you can get more details about this target group. You can see that Amazon ECS was able to correctly register the task’s IP address here.
Now you have to set up a service network and VPC Lattice service. Creating the VPC Lattice service first, then connecting to the VPC Lattice service network later. Let’s do that, then.
In the VPC Lattice section, select Services and then select Create service.
You can select Next after entering all the information needed to start a VPC Lattice service.
Then add a listener and choose the newly formed target group for the Forward to target group on the Listener default action.
You can skip this step and select Next, check the configurations, and create the service on the following page since you’ll be creating the VPC Lattice service network later.
Now that VPC Lattice services have been established, VPC Lattice service networks need to be established. Select Create service network after navigating to Service networks in the VPC Lattice section.
Start by entering the network name for the VPC Lattice service.
Then choose the service you created on the Service associations page.
You link both the security group and your VPC to this service network.
It has everything set up for this integration at this point. Both VPC and VPC Lattice service are now connected to your VPC Lattice service network.
Copy the domain name from your VPC Lattice service page once everything is configured.
Then use the domain name from VPC Lattice to call the service after logging into the instance in the same VPC.
Things to be aware of
Here are some crucial things to remember:
VPC Lattice GA
In AWS regions where Amazon VPC Lattice and Amazon ECS are accessible, Amazon VPC Lattice integration with Amazon ECS is now possible.
All ECS launch types, including AWS Fargate and Amazon Elastic Compute Cloud (Amazon EC2), are compatible with this integration.
VPC Lattice pricing
The standard cost for Amazon ECS and VPC Lattice is applicable. This integration does not come with any extra fees.
Try out this new feature of Amazon VPC Lattice now to discover how it can improve communication between your container applications running on Amazon ECS.
