Scaling Development and Enhancing Security Using Amazon VPC Lattice with Cvent

Cvent provides meetings, events, and hospitality technology to over 24,000 customers worldwide. Its solutions have helped clients optimize the management of millions of meetings and events.

Since it began using AWS in 2013, Cvent has dramatically increased the number of its new accounts and VPCs. The company grew both organically and through acquisitions, and it established separate accounts for the newly acquired companies.

In 2023, the company began running into some scaling challenges because of hard quotas for identity and access management roles. Cvent had to delete old roles to free up space to continue development. “We had really outgrown our original account designs, and we felt the constraints every day,” says Josh Lartz, architect at Cvent.

“Our core product kept growing very quickly as we started introducing a lot of microservices,” says Kevin Gathani, senior manager of cloud infrastructure at Cvent. “To scale our product more effectively, we wanted to decouple these services and federate them according to function, product, or service.”

To implement account federation, the company decided to use Amazon VPC Lattice. “It was the perfect solution for us to allow connectivity between our VPCs while avoiding inadvertent access,” says Gathani. To transition to Amazon VPC Lattice, Cvent created proofs of concept and obtained buy-in from the people who would be affected by the change. It discussed concerns with stakeholders, tested the solution for various use cases, and then chose the first service to be federated.

Cvent manages hundreds of AWS accounts. Each new AWS account that the company establishes typically includes VPCs that are designated for production and development. By using Amazon VPC Lattice, Cvent can continue to scale its environment seamlessly without facing account-level hard quotas. “Scalability is the big advantage of using Amazon VPC Lattice,” says Gathani. “Our developers can be agile without increasing the scope of impact.”

Using Amazon VPC Lattice, Cvent strengthens its network security by managing communication between VPCs at the service level. If a service needs to be accessible by multiple VPCs, Cvent can make it available to spoke accounts with HTTPS through the service network without requiring complex and unrestricted routing changes. “We’re limiting the communication at the service tier without poking holes in our routing fabric,” says Gathani. “That is powerful.”

“Amazon VPC Lattice finally gave us a way to expand into many more accounts safely as we continued to grow,” says Lartz.

Although Amazon VPC Lattice is the primary mechanism for service-to-service communication across accounts, Cvent’s core backbone is built on AWS Transit Gateway, a service to connect Amazon VPCs, AWS accounts, and on-premises networks to a single gateway. Cvent uses AWS Transit Gateway to connect foundational shared services across its network. “Because shared services use various protocols and ports beyond HTTPS, they require more extensive connectivity,” says Gathani. Cvent will continue to use AWS Transit Gateway for migrations and for communication across regions.

Cvent also uses Amazon Route 53 Profiles, a service to apply and manage configurations related to domain name systems (DNSs) across many VPCs and in different AWS accounts. Amazon Route 53 Profiles make managing the DNS settings for many VPCs as easy as managing them for a single VPC, propagating updates that are applied to one profile to all associated VPCs. “Using Amazon Route 53 Profiles was essential for delivering Amazon VPC Lattice, addressing unique DNS resolution requirements for regional as opposed to external DNS resolution,” says Gathani.

Crucially, Cvent reduces risks and potential impacts to its network by using Amazon VPC Lattice. “We are limiting the scope of impact to a single service,” says Gathani. “Nothing else is exposed beyond the Amazon VPC Lattice endpoints between VPCs. That clear delineation helps prevent communication beyond the service network itself.” From a compliance standpoint, Amazon VPC Lattice provides clean communication through a service network, which Cvent can observe. Limiting service communication through a centralized service network enhances troubleshooting efficiency.

Using Amazon VPC Lattice, Cvent can deploy new services, onboard new accounts, and associate accounts to the service network quickly and simply. To make a new service available on Amazon VPC Lattice, Cvent just needs to check a box during deployment. The service then registers itself with Amazon VPC Lattice and is available to all the spoke accounts. “This greatly accelerates deployment,” says Gathani. 

Cvent has begun federating services using Amazon VPC Lattice and will continue to deploy new accounts in the service. When Cvent creates a new service, the company builds it within a designated account, and all interactions with that service are routed through Amazon VPC Lattice.

By adopting Amazon VPC Lattice, Cvent has unblocked its developers so that they can continue to deliver quickly. “Amazon VPC Lattice was the right tool for our needs,” says Gathani. “Using it offers us a next-gen solution so that Cvent can scale drastically.”