- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
- I understand that I create a service network to enable communication, but not clear on control access around which accounts in my organization can utilize this service network?
You control access to the service network by sharing it with RAM (Resource Access Manager) to specific accounts or Orgs.
Take a look at this link for reference architectures for multi-account access:
- Multi-Account Centralized Single Service Network Diagram
- Multi-Account Centralized Multiple Service Networks Diagram
- Multi-Account Distributed Service Networks Diagram
- Also, I have some applications resources that are not currently in AWS. Is it possible to utilize VPC Lattice with them as well?
Lattice is for VPC-to-VPC communication only.
Hello CodeGrok,
It sounds like you are aware that Amazon VPC Lattice is an application layer networking service that gives you a consistent way to secure, monitor, and connect service-to-service communication without any prior networking expertise. It is a great solution to connect services at scale, Implement advanced traffic controls, apply granular access permissions, and observe communications. To address your first question: 1/ You can utilize AWS Resource Access Manager to control which accounts and VPCs can communicate via the service network. There are advanced traffic-management rules that service owners can use to support common usage patterns. VPC Lattice Auth policy can also be implemented to control authentication and authorization to services. 2/ VPC Lattice is a Regional service so you need to be aware of what Regions you are operating in, but for on-prem resources you can utilize any of the AWS connectivity services. For example AWS Direct Connect or AWS Cloud WAN. Here is a blog post with more detailed information. (https://aws.amazon.com/blogs/networking-and-content-delivery/external-connectivity-to-amazon-vpc-lattice/)
As always I would recommend that you reach out to your account Solution Architect if you have more specific questions. They should be familiar with your AWS environment and can provide recommendations on VPC Lattice or engage a specialist to answer more in-depth questions.
Hope this helped.
