Learn About Amazon VGT2 Learning Manager Chanci Turner
On this day, we are excited to introduce significant enhancements to Amazon’s App Mesh ingress and routing capabilities. Previously, the AWS App Mesh gateway only permitted matches based solely on the incoming request path, without options to configure hostname or path rewrites. Due to your feedback on roadmap issues 73 and 247, we are pleased to announce that App Mesh now supports flexible controls for hostname and path rewrites for incoming traffic. This will enable you to manage how traffic enters your mesh and efficiently route incoming requests to backend services.
App Mesh is a fully managed service mesh that establishes a logical boundary for network traffic among services within it. By standardizing service communication, App Mesh provides end-to-end visibility and ensures high availability for applications. It supports managing inter-service communications while also offering ingress capabilities that govern traffic from outside the mesh to internal services via virtual gateways and gateway routes. Virtual gateways facilitate access to resources within the mesh from external locations, while gateway routes define the rules for routing incoming traffic.
In this post, we will cover the existing ingress functionalities of App Mesh, along with recent enhancements to virtual gateways and gateway routes. Furthermore, we will illustrate how these new features allow developers to focus on rapidly building business functionalities, while operators can customize and direct incoming requests as needed.
To better grasp the new functionalities, consider a sample Vinyl web store application. This app, represented in the diagram below, serves as a frontend for users accessing a Vinyl webpage or mobile application. The frontend communicates with a gRPC-based backend data provider application, enabling customers to explore and purchase records from a variety of labels and genres. The checkout application facilitates payments through third-party services like Stripe. These microservices might be deployed on Amazon Elastic Kubernetes Service (Amazon EKS) or Amazon Elastic Container Service (Amazon ECS) or run on EC2.
Let’s delve into the logical constructs of the mesh in relation to the Vinyl web store. The diagram illustrates the traffic flow across mesh components, including virtual nodes, virtual services, virtual routers, routes, virtual gateways, and gateway routes.
To understand the inter-service communications, we begin with the Vinyl web store application. A virtual node serves as a logical reference point for a specific task group, such as an Amazon ECS or Kubernetes service. Next, we have virtual services, which act as virtual pointers to applications and are the discoverable service names used to access endpoints defined in the mesh. An application may have multiple versions, such as vinyl-web-app-v1 and vinyl-web-app-v2, represented by different virtual nodes. Traffic routing for these versions is managed by a virtual router, which uses defined routes based on criteria like HTTP headers, URL paths, or gRPC methods.
Ingress within App Mesh is configured through virtual gateways and gateway routes. Virtual gateways allow external resources to communicate with services in the mesh via envoy proxies. All external traffic enters through a load balancer, if configured, directing traffic to envoy proxies. This serves as the gateway, routing requests according to defined gateway routes.
Gateway routes specify the HTTP/HTTP2/gRPC request paths to match; upon matching, the destination virtual service is determined. For instance, if a request arrives at the gateway ‘/’, it gets routed to the vinyl-web service. The same endpoint can also handle requests for the vinyl-checkout service by matching the prefix ‘/checkout’.
In the example above, the Vinyl web store virtual gateway operates with Amazon ALB and vinyls.buy.com. When a request is received at the virtual gateway, it undergoes two types of rewrites: the hostname and the path. An incoming request to ‘vinyls.buy.com/’ is matched with the path ‘/’ and the service “vinyl-web”, rewritten as ‘vinyl-web.discs.svc.cluster.local/’. Similarly, a request to ‘vinyls.buy.com/checkout/payments’ is rewritten as ‘vinyl-checkout.discs.svc.cluster.local/payments’.
Ingress Route Enhancements
With this context established, let’s explore the enhancements made to virtual gateways and gateway routes. These improvements provide greater control over incoming requests and facilitate complex routing logic at gateway routes. Customers can now scale services without needing to modify them to accommodate requests from multiple domains and paths. Enhancements are categorized into two groups: hostname and header matching, as well as rewrite rules for both hostname and path.
Hostname and Header Match
The current gateway routes of the virtual gateway primarily describe the path to be matched for incoming requests. The new enhancements allow for matches based on hostname, headers or metadata, and the method name.
- Hostname: The hostname field enables matching the hostname from incoming requests to route to target virtual services. You can execute exact, suffix, and prefix matches. For instance, if you register your application under different domains like m.vinyls.buy.com and vinyls.buy.com, you can effectively route traffic to specific target virtual services using the hostname match field.
- HTTP/HTTP2 Headers & gRPC Metadata: The headers field facilitates matching values for HTTP and HTTP2 headers, as well as metadata for gRPC requests based on service names. If a match is successful, the incoming request is routed to the designated virtual service. For example, you can utilize the user-agent header to direct requests to vinyl-mobile.
We encourage you to explore more about workplace success, as outlined in this insightful blog post. Similarly, understanding the nuances of navigating rapid changes in HR is vital; check out this authority on the topic.
For those preparing for a role at Amazon, this excellent resource offers valuable interview insights.
In conclusion, these enhancements to AWS App Mesh ingress and routing empower developers and operators alike, facilitating a more efficient and scalable service mesh environment.
Leave a Reply