AWS application networking: Build simple, secure, and reliable apps (NET317)

Application Networking: Elastic Load Balancing, API Gateway, and VPC Lattice

Application Networking Overview

  • Application networking refers to the set of AWS services that enable building highly scalable, reliable, performant, and secure applications.
  • The main services in this portfolio are:
    • Elastic Load Balancing (ELB)
    • Amazon API Gateway
    • AWS PrivateLink
    • Amazon VPC Lattice

TCP/IP Model and Application Networking Services

  • The TCP/IP model consists of 4 layers: Network Access, Network, Transport, and Application.
  • Most application networking services fall under the Transport or Application layers.

Transport Layer Services

Network Load Balancer (NLB)

  • Connection-level load balancer that can load balance TCP and UDP traffic to targets.
  • Commonly used to expose services inside a VPC to the internet or for internal connectivity.
  • Provides features like TLS encryption and IP-based access control using security groups.

AWS PrivateLink

  • Provides VPC connectivity by exposing a unidirectional connection between a client VPC and a service behind an NLB.
  • Supports provider and consumer models, allowing services to be shared across VPCs and accounts.
  • Also provides security features like security groups and TLS encryption.

Gateway Load Balancer (GWB)

  • A protocol-agnostic "bump in the wire" that acts as both a Layer 3 gateway and a Layer 4 load balancer.
  • Commonly used to deploy highly available firewalls and other appliances for inspection and detection purposes.

Application Layer Services

Application Load Balancer (ALB)

  • Provides Layer 7 routing and load balancing to targets like containers, instances, and serverless applications.
  • Supports advanced security features like Mutual TLS, integration with AWS WAF, and user authentication.

Amazon API Gateway

  • Provides a managed service to create, publish, maintain, monitor, and secure APIs at any scale.
  • Supports public and private APIs, WebSockets, and integration with over 100 AWS services.
  • Offers features like authentication, authorization, throttling, and request/response transformations.

VPC Lattice

  • A higher-level abstraction that simplifies networking for both admins and developers.
  • Provides features like inter-VPC connectivity at scale, service discovery, and application-aware request routing and load balancing.
  • Integrates with IAM for fine-grained access control and supports zero-trust architectures.

Elastic Load Balancing Enhancements

  • Shared security groups across accounts and VPCs
  • Enhancements to Mutual TLS support, including trust store sharing
  • Availability improvements like zonal shift and load balancer capacity unit reservation
  • Routing features like TCP idle timeout and header modification

AWS Load Balancer Controller Enhancements

  • Improved reconciliation performance through caching and deferred queues
  • SDK upgrades for reduced memory usage and improved API call efficiency
  • Support for multi-cluster Target Groups without conflicts

Amazon API Gateway Enhancements

  • Resilience improvements like gray failure detection, service protection, and data plane partitioning
  • Security upgrades like TLS 1.3 support and WAFF integration
  • Usability enhancements, including private custom domains

AWS PrivateLink Enhancements

  • Added support for UDP connectivity, including IPv6
  • Introduced cross-region PrivateLink connectivity

Amazon VPC Lattice Enhancements

  • Introduced new primitives like Resources for connecting to non-load balanced services
  • Enabled cross-VPC Resource Endpoints for scalable and secure inter-VPC connectivity
  • Integrated PrivateLink for direct connectivity to Lattice service networks

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us