Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor the services and resources for your application

VPC Lattice, you should be familiar with its key components.

  • Service
    service can run on EC2 instances or ECS/EKS/Fargate containers, or as Lambda functions, within an account or a virtual private cloud (VPC). A VPC Lattice service has the following components: target groups, listeners, and rules.

  • Resource
    Amazon Relational Database Service (Amazon RDS) database, an Amazon EC2 instance, an application endpoint, a domain-name target, or an IP address.

  • Resource gateway
    A resource gateway is a point of ingress into the VPC in which resources reside.

  • Resource configuration
    A resource configuration is a logical object that represents either a single resource or a group of resources. A resource can be an IP address, a domain-name target, or an Amazon RDS database.

  • Service network
    A client can be in a VPC that is associated with the service network. Clients and services that are associated with the same service network can communicate with each other

  • Service directory
    A central registry of all VPC Lattice services that you own or are shared with your account through AWS RAM.

  • Auth policies
    create a policy for how a payment service running on an auto scaling group of EC2 instances should interact with a billing service running in AWS Lambda.

Auth-policies are not supported on resource configurations. Auth policies of a service-network are not applicable to resource configurations in the service network.

Features of VPC Lattice

You need not be concerned about overlapping IP addresses between VPCs.

  • As the traffic is internal between VPCs, you do not need to modify the route table.

Here we go with the usecase - i have hosted 2 web server on 2 instance and make use of vpc lattice

  • I have created 2 linux EC2-instance as webserver "poc-server1","poc-server2"

  • Both have seperate vpc and security groups to access the port from 80 using http.

  • Here are the servers

poc-server1

Image description

poc-server2

Image description

  • request from local machine to verify the web server

Image description

VPC lattice connection between the webservers

  • Go to VPC dashboard
    Click “Target groups” under the VPC Lattice section of the VPC Console.

  • Click “Create target group“.

  • Create the target group by instance type,protocol and VPC add the poc-server1 to the target group.

  • Follow the same steps for the poc-server2.

Image description

Under the VPC Lattice section, click “Services”

  • Need to create lattice service to associate the service with service network.

  • create vpc lattice service.

  • Click “Next”.

  • Click “Next” on the next page (the Define routing page).

  • Click “Next” on the next page (the Create network associations page).

  • Click “Create VPC Lattice Service” on the next page (the Review and create page).

Image description

  • Follow the same steps for the poc-server2.

VPC Console and click “Service networks” under the VPC Lattice section

  • Click “Create service network”. Create a service network

  • Under service association attach the services which we created as "poc-server1","poc-server2".

  • Under VPC association attach the VPC and security group which we created for the web servers.

  • Click “Create service network”

Image description

  • Go to the "poc-server1" service overview and Click “Routing”

  • Click “Add listener”

Image description

  • Follow the same steps for the service "poc-server2".

  • Return to the payment-svc overview and copy the domain name

  • VPC Lattice configurations have been completed. Let’s see how the setup works

  • Try to access the VPC Lattice domains from the EC2 instances

Image description

Image description

  • VPC lattice Domain address

Image description