Amazon VPC Lattice のアイコン

Amazon VPC Lattice New2023年〜

An application networking service that simplifies service-to-service connectivity, security, and monitoring

About 2 min read

What It Does

Amazon VPC Lattice is an application networking service that simplifies service-to-service communication across multiple VPCs and accounts. It provides unified management of service registration, traffic routing, authentication/authorization, and monitoring. It can connect services running on EC2, ECS, EKS, and Lambda.

Use Cases

Used for managing communication between microservices, connecting services across multi-account environments, traffic control for canary and blue-green deployments, and simplifying service meshes.

Everyday Analogy

Think of it like an internal phone system in a company. Each department (service) is assigned an extension number (endpoint), and the switchboard (Lattice) routes calls (requests) to the appropriate department. Call authentication and logging are handled automatically.

What Is VPC Lattice?

Amazon VPC Lattice is an application-layer networking service for service-to-service communication. Previously, connecting services across VPCs required combinations of VPC Peering, PrivateLink, and load balancers, but Lattice provides a unified abstraction layer to manage all of these.

Service Networks and Target Groups

In Lattice, you register services to a service network and associate VPCs. For each service, you define listeners and rules to route requests to target groups (EC2, ECS, Lambda, etc.). Weighted routing enables canary deployments, and IAM authentication controls service-to-service access. To deepen your understanding of service networks and target groups, related books on Amazon are also helpful.

Getting Started

Create a service network in the VPC Lattice console and associate VPCs. Create a service and configure listeners and target groups. On the client side, access the service using the DNS name generated by Lattice.

Things to Watch Out For

  • VPC Lattice is an L7 (application layer) service. For L4 (transport layer) connectivity, use PrivateLink
  • Only accessible from resources within VPCs associated with the service network. Direct internet access is not possible
共有するXB!

Related Services

Amazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSElastic Load Balancing iconElastic Load BalancingA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAmazon ECS iconAmazon ECSA container orchestration service for easily running and managing containerized applicationsAWS Lambda iconAWS LambdaA serverless compute service that runs code without server management

Related Articles

Multi-Account Design for Amazon VPC Lattice - RAM Sharing and Service Network Configuration PatternsLearn how to design VPC Lattice for multi-account environments, including RAM sharing strategies, service network partitioning, and hierarchical Auth Policy design.

More in This Category

Amazon API Gateway iconAmazon API Gateway PopularA fully managed service for creating, publishing, managing, and monitoring APIsAWS App Mesh iconAWS App Mesh SpecializedA service mesh that controls and monitors communication between microservicesAWS Cloud Map iconAWS Cloud Map SpecializedA service discovery service for application resourcesAmazon CloudFront iconAmazon CloudFront EssentialA CDN service that delivers content at high speed from edge locations around the worldAWS Direct Connect iconAWS Direct Connect PopularA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityElastic IP Address iconElastic IP Address SpecializedA static public IPv4 address that you associate with EC2 instancesElastic Load Balancing iconElastic Load Balancing EssentialA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Global Accelerator iconAWS Global Accelerator SpecializedA service that improves application availability and performance using the AWS global network

Similar Articles and Services

Service Networking with Amazon VPC Lattice - Simplifying Microservice CommunicationSimplify cross-VPC and cross-account microservice communication with L7 service networking that requires no Envoy proxies. Learn about IAM authentication and when to choose VPC Lattice over App Mesh.AWS Zero Trust Networking - Perimeterless Security with Verified Access and PrivateLinkLearn how AWS Verified Access, PrivateLink, and VPC Lattice implement zero trust networking, with a comparison of design differences from Azure Private Link.Multi-Account Design for Amazon VPC Lattice - RAM Sharing and Service Network Configuration PatternsLearn how to design VPC Lattice for multi-account environments, including RAM sharing strategies, service network partitioning, and hierarchical Auth Policy design.AWS Transit GatewayA service that interconnects multiple VPCs and on-premises networks in a hub-and-spoke topology, dramatically simplifying network architectureThe Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.