Redefining application communications with AWS App Mesh

• 1468 words

At re:Invent 2018, AWS announced the AWS App Mesh public preview, a service mesh that allows you to easily monitor and control communications across applications. Today, I'm happy to announce that App Mesh is generally available for use by customers.

New architectural patterns

Many customers are modernizing their existing applications to become more agile and innovate faster. Architectural patterns like microservices enable teams to independently test services and continuously deliver changes to applications. This approach optimizes team productivity by allowing development teams to experiment and iterate faster. It also allows teams to rapidly scale how they build and run their applications.

As you build new services that all need to work together as an application, they need ways to connect, monitor, control, and debug the communication across the entire application. Examples of such capabilities include service discovery, application-level metrics and logs, traces to help debug traffic patterns, traffic shaping, and the ability to secure communication between services.

You often have to build communication management logic into SDKs and require it to be used by each development team. However, as an application grows and as the number of teams increase, providing these capabilities consistently across services becomes complex and time-consuming overhead.

Our goal is to automate and abstract the communications infrastructure that underpins every modern application, allowing teams to focus on building business logic and innovating faster.

Redefining networking

Historically, when you have to set up the services for your application, one of the first things you have to do is set up your network, a virtual private cloud (VPC). Everything happens in the context of the VPC. Our goal is that if you are running applications on AWS, you should not have to worry about managing networking infrastructure. It should be handled by our application-aware network. Our network automates translating your input about service requirements into the configuration needed by the infrastructure and manages its lifecycle. App Mesh, as it exists today, is the first step in this journey.

App Mesh vision

If you are running several services that are managed by different teams, each team ideally provides input only on the specific requirements of their own service. They don't have to understand the details of the infrastructure powering their service.

The developers that I speak to don't care about wiring up every piece of their application. They care about questions such as, what can my service talk to? Which AWS resources can I access? How do I handle errors and retries? How do I connect and test my new service versions before taking on all traffic? What identity and authorization is needed for me to initiate a connection or to accept connections? This is what App Mesh tries to do.

App Mesh gives you a simple, declarative approach to model service communication. You can define rules for service-to-service communication and everything else is handled automatically. Use it as a single point of control for all the communications between services in their application.

It provides consistent metrics, logs, and traces, and gives end-to-end visibility across an application to help you quickly identify and debug issues. App Mesh provides traffic routing controls to enable testing and deploying new versions of services.

Our vision for App Mesh is an AWS-native service mesh that integrates equally well with AWS primitives and advanced services. These include networking primitives and advanced services like AWS Cloud Map, compute primitives like Amazon EC2 and AWS Fargate, and orchestration tools including AWS EKS, Amazon ECS, and customer-managed Kubernetes on EC2. With the App Mesh native integration to AWS Cloud Map, any service in the service mesh gets a map to every other AWS resource in your account.

How does App Mesh work today?

App Mesh runs alongside and manages the communications for each microservice that you deploy, forming a service mesh for the entire application. App Mesh provides an AWS managed control plane that you can use to model your services and provide a declarative configuration for identifying service instances and the policies required for each service.

App Mesh works with an open source, high-performing network proxy called Envoy that runs as a sidecar with your applications. It's considered the standard for managing network traffic flows within distributed applications. Most importantly, we are using Envoy because many of our customers already use it, making App Mesh adoption incredibly simple. If you are already running an Envoy-based service mesh, adopting App Mesh takes only a few basic steps.

To get started, use the App Mesh console, APIs, or AWS SDK to configure the service mesh and control traffic between services. Next, you add Envoy into the EC2 instance, ECS or Fargate task, or Amazon EKS or Kubernetes pod definition for every service that you deploy.

App Mesh computes and distributes the required configuration to proxies deployed alongside each service, based on the policies set at the provider service. The App Mesh data plane is the set of proxies configured by the App Mesh control plane to handle all incoming and outgoing traffic for the service.

Using App Mesh, you can easily export service metrics like latencies, error rates, error codes, service communication traces, and service-level logs. This allows you to send metrics to multiple AWS and third-party tools, including Amazon CloudWatch, AWS X-Ray, or any third-party monitoring and tracing tools that integrate with Envoy.

Today, with App Mesh, you route traffic between services in a weighted manner, which makes it easy to deploy your services safely and consistently. In the future, you will be able to configure new traffic routing features like retries, timeouts, circuit-breaking, and server-side rate-limiting, in a consistent manner.

How is App Mesh built?

App Mesh is focused on delivering a highly scalable and resilient service mesh that supports any customer workload, from tens to hundreds of different services. We built App Mesh to the same high standards for operational availability, scalability, and security that we believe are key tenets for all AWS services.

Our goal is to remove the undifferentiated heavy lifting of operating complex applications. We provide the tools, services, and observability to ensure that you can maintain high standards for your own architectures.

App Mesh supports services that run on EKS, ECS, Fargate, EC2, and Kubernetes on EC2. Some customers are already running their applications on managed platforms within AWS. However, we understand that many customers need the ability to connect services deployed across AWS into a single mesh. They may also need the flexibility to run services across a heterogeneous collection of compute resources.

App Mesh allows you to run the mesh across services on different compute environments, with a migration path that allows you to use the compute resources as you see fit. It provides consistent observability and routing controls across different compute environments. We want to make it simple to make any application connected to the network a participant in the mesh data plane.

After your applications are communicating over the service mesh, the next goal is to provide clear ownership and the controlled change of service resources. The App Mesh APIs are designed to provide boundaries of ownership for services, as well as the networking components to implement them. From small teams that own the entire service mesh to a large corporation with many disparate teams, App Mesh enables safe, transactional changes to components on the service mesh data plane.

For example, service owners can define traffic policies for applications, and App Mesh automatically distributes these policies to the appropriate consumers. Through integrations with other AWS offerings such as Amazon CloudWatch Logs, Amazon CloudWatch metrics, and AWS X-Ray, we provide the observability tooling required to enable the safe deployment and operation of mesh applications.

Partners adopting App Mesh

Our partner ecosystem has been working closely with AWS to integrate products with App Mesh and help you with tools for observability, service discovery, and security. These partners include:

Alcide, Aqua, Datadog, HashiCorp, Neuvector, SignalFx, Solarwinds, SpotInst, Sysdig, Tetrate, Twistlock, VMWare Wavefront, and Weaveworks

Get started with App Mesh

Starting today, you can use App Mesh with services managed by ECS, EKS, Fargate, and any Kubernetes deployment on AWS running on EC2. You can even use it with applications running directly on EC2.

We see general availability as the starting line, not the finish line. We want to give you the opportunity to build with us, and soon we will launch the AWS App Mesh Beta Channel. It's a new public service endpoint that allows you to try out and provide feedback on new service features before they are generally available. This new service endpoint will be separate from the standard production endpoint. It will be coupled with preview releases of the AWS CLI for App Mesh, allowing you to test new features without impacting their current production infrastructure.

To learn more, see the AWS App Mesh detail page.