Shared account App Mesh and Cloudmap - What's the service discovery behaviour?
My customer is looking at implementing a multi-account/multi-VPC microservice architecture by sharing their App Mesh across accounts.
They want to use Cloud Map as a service discovery mechanism and what's not clear to me is how service discovery works in a multi-account scenario.
For example, Team X has an account where they deploy their services in ECS and the CloudMap namespace is managed there.
How can services in other accounts (in the same mesh) discover services if the namespace is in another account?
- Mais recentes
- Mais votos
- Mais comentários
You can create a VirtualNode in the target account using AWS Cloud Map as service discovery mechanism pointing to the existing ECS services - look at [1] and [2]. When sharing the mesh across accounts using the AWS Resource Access Manager [3] this virtual node becomes available in the other account and can be accessed like a regular VirtualNode and will automatically route the requests to the services defined via Cloud Map in the target account.
You can check out https://github.com/aws/aws-app-mesh-examples/tree/master/walkthroughs/howto-cross-account for an example.
[1] https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_nodes.html
[2] https://aws.amazon.com/about-aws/whats-new/2019/06/aws-app-mesh-service-discovery-with-aws-cloud-map-generally-available/
[3] https://docs.aws.amazon.com/app-mesh/latest/userguide/sharing.html
