VPC Lattice and connectivity

0

Hi, I am in the process of looking at VPC Lattice for managing my service-to-service application communications in my dev/test environment initially, but looking for production solution. I have a couple questions:

  1. I understand that I create a service network to enable communication, but not clear on control access around which accounts in my organization can utilize this service network?
  2. Also, I have some applications resources that are not currently in AWS. Is it possible to utilize VPC Lattice with them as well?

Best Regards

asked 4 months ago987 views
2 Answers
2
  1. I understand that I create a service network to enable communication, but not clear on control access around which accounts in my organization can utilize this service network?

You control access to the service network by sharing it with RAM (Resource Access Manager) to specific accounts or Orgs.

Take a look at this link for reference architectures for multi-account access:

  • Multi-Account Centralized Single Service Network Diagram
  • Multi-Account Centralized Multiple Service Networks Diagram
  • Multi-Account Distributed Service Networks Diagram
  1. Also, I have some applications resources that are not currently in AWS. Is it possible to utilize VPC Lattice with them as well?

Lattice is for VPC-to-VPC communication only.

profile pictureAWS
EXPERT
iBehr
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago
profile picture
EXPERT
reviewed 4 months ago
1
Accepted Answer

Hello CodeGrok,

It sounds like you are aware that Amazon VPC Lattice is an application layer networking service that gives you a consistent way to secure, monitor, and connect service-to-service communication without any prior networking expertise. It is a great solution to connect services at scale, Implement advanced traffic controls, apply granular access permissions, and observe communications. To address your first question: 1/ You can utilize AWS Resource Access Manager to control which accounts and VPCs can communicate via the service network. There are advanced traffic-management rules that service owners can use to support common usage patterns. VPC Lattice Auth policy can also be implemented to control authentication and authorization to services. 2/ VPC Lattice is a Regional service so you need to be aware of what Regions you are operating in, but for on-prem resources you can utilize any of the AWS connectivity services. For example AWS Direct Connect or AWS Cloud WAN. Here is a blog post with more detailed information. (https://aws.amazon.com/blogs/networking-and-content-delivery/external-connectivity-to-amazon-vpc-lattice/)

As always I would recommend that you reach out to your account Solution Architect if you have more specific questions. They should be familiar with your AWS environment and can provide recommendations on VPC Lattice or engage a specialist to answer more in-depth questions.

Hope this helped.

profile pictureAWS
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago
profile picture
EXPERT
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions