AWS News Blog
AWS App Mesh – Application-Level Networking for Cloud Applications
|
AWS App Mesh helps you to run and monitor HTTP and TCP services at scale. You get a consistent way to route and monitor traffic, giving you insight into problems and the ability to re-route traffic after failures or code changes. App Mesh uses the open source Envoy proxy, giving you access to a wide range of tools from AWS partners and the open source community.
Services can run on AWS Fargate, Amazon EC2, Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), or Kubernetes. All traffic in and out of the each service goes through the Envoy proxy so that it can be routed, shaped, measured, and logged. This extra level of indirection lets you build your services in any desired languages without having to use a common set of communication libraries.
App Mesh Concepts
Before we dive in, let’s review a couple of important App Mesh concepts and components:
Service Mesh – A a logical boundary for network traffic between the services that reside within it. A mesh can contain virtual services, virtual nodes, virtual routers, and routes.
Virtual Service – An abstraction (logical name) for a service that is provided directly (by a virtual node) or indirectly (through a virtual router). Services within a mesh use the logical names to reference and make use of other services.
Virtual Node – A pointer to a task group (an ECS service or a Kubernetes deployment) or a service running on one or more EC2 instances. Each virtual node can accept inbound traffic via listeners, and can connect to other virtual nodes via backends. Also, each node has a service discovery configuration (currently a DNS name) that allows other nodes to discover the IP addresses of the tasks, pods, or instances.
Virtual Router – A handler for one or more virtual services within a mesh. Each virtual router listens for HTTP traffic on a specific port.
Route – Routes use prefix-based matching on URLs to route traffic to virtual nodes, with optional per-node weights. The weights can be used to test new service versions in production while gradually increasing the amount of traffic that they handle.
Putting it all together, each service mesh contains a set of services that can be accessed by URL paths specified by routes. Within the mesh, services refer to each other by name.
I can access App Mesh from the App Mesh Console, the App Mesh CLI, or the App Mesh API. I’ll show you how to use the Console and take a brief look at the CLI.
Using the App Mesh Console
The console lets me create my service mesh and the components within it. I open the App Mesh Console and click Get started:
I enter the name of my mesh and my first virtual service (I can add more later), and click Next:
I define the first virtual node:
I can click Additional configuration to specify service backends (other services that this one can call) and logging:
I define my node’s listener via protocol (HTTP or TCP) and port, set up an optional health check, and click Next:
Next, I define my first virtual router and a route for it:
I can apportion traffic across several virtual nodes (targets) on a percentage basis, and I can use prefix-based routing for incoming traffic:
I review my choices and click Create mesh service:
The components are created in a few seconds and I am just about ready to go:
The final step, as described in the App Mesh Getting Started Guide, is to update my task definitions (Amazon ECS or AWS Fargate) or pod specifications (Amazon EKS or Kubernetes) to reference the Envoy container image and the proxy container image. If my service is running on an EC2 instance, I will need to deploy Envoy there.
Using the AWS App Mesh Command Line
App Mesh lets you specify each type of component in a simple JSON form and provides you with command-line tools to create each one (create-mesh
, create-virtual-service
, create-virtual-node
, and create-virtual-router
). For example, I can define a virtual router in a file:
And create it with one command:
Now Available
AWS App Mesh is available now and you can start using it today in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), Europe (Ireland), Europe (Frankfurt), Europe (London), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), and Asia Pacific (Seoul) Regions today.
— Jeff;