AWS re:Invent 2025 - A modern approach to application migration with Amazon VPC Lattice (NET309)

Modernizing Applications with AWS VPC Lattice

Overview

The presentation covers a modern approach to application migration and infrastructure modernization using AWS VPC Lattice. It walks through a practical example of how VPC Lattice can be used to address common networking challenges and enable a smooth transition from monolithic architectures to containerized applications.

Current Landscape and Challenges

• Businesses are constantly evolving, leading to growing and changing requirements that need to be addressed quickly.
• As organizations expand, their infrastructure and applications become more complex, with various components built on top of each other over time.
• Common challenges include:
  • Managing partner VPN connections and IP address changes
  • Handling overlapping IP addresses when acquiring new companies
  • Enabling IPv6 connectivity without complex network address translation
  • Securely connecting on-premises mainframes to cloud-based services
  • Modernizing monolithic applications to containerized architectures

Introducing AWS VPC Lattice

• VPC Lattice is an application networking service that connects, monitors, and secures communication between services and resources.
• It supports a variety of compute types, including EC2, containers, and serverless, as well as hybrid scenarios with on-premises resources.
• Key building blocks of VPC Lattice:
  • Services: Logical groups of compute resources exposed as endpoints
  • Resources: TCP-enabled destinations, such as databases or DNS names
  • Accounts: VPCs and service endpoints that can consume services across accounts
  • Providers and Consumers: Services and resources exposed to the service network, and VPCs/endpoints that consume them

Modernizing with VPC Lattice

1. Partner VPN Connectivity:

   • Use VPC Lattice to create a service network shared across accounts, allowing partners to connect without managing VPN details.
   • Implement fine-grained access policies to control partner access and traffic.

2. Acquisition Connectivity:

   • VPC Lattice handles overlapping IP addresses between acquired companies, eliminating the need for complex bi-directional private links.
   • Create services for the acquired company and the backend, and use policies to control the communication.

3. IPv6 Connectivity:

   • Leverage VPC Lattice's ability to handle IPv4-to-IPv6 translation, removing the need for complex private NAT gateways.
   • Create an IPv6 service and associate it with the service network.

4. Hybrid Connectivity:

   • Use VPC Lattice service network endpoints to provide a secure path for the on-premises mainframe to communicate with backend services, without the need for complex firewall rules.
   • The transit gateway and direct connect remain in place, with VPC Lattice providing an additional layer of security and observability.

5. Application Modernization:

   • Gradually migrate from monolithic EC2 instances to containerized architectures using VPC Lattice.
   • Create a new service in a separate VPC and gradually shift traffic, without disrupting the existing application.

VPC Lattice vs. Transit Gateway

• VPC Lattice is an application networking service that operates at the layer 7 level, providing additional security, networking, and observability features.
• Transit Gateway is a core networking service that connects VPCs and hybrid environments at the layer 3 and 4 levels.
• VPC Lattice and Transit Gateway can coexist and complement each other, depending on the specific networking requirements.

Real-world Implementation at Goldman Sachs

• Goldman Sachs' FastTrack platform uses VPC sharing to provide a simplified networking experience for developers, but faced challenges with resource management and IP address contention.
• By adopting VPC Lattice, they were able to:
  • Achieve stronger network isolation and avoid resource contention issues.
  • Gain visibility into cross-account service exposures.
  • Retain the simplified developer experience while maintaining control over the network.
  • Leverage VPC Lattice's service network endpoints to connect to existing private link services.

Key Takeaways

• VPC Lattice provides a modern, application-centric approach to networking that can help organizations address a wide range of challenges, from partner connectivity to application modernization.
• By adopting VPC Lattice incrementally and focusing on low-hanging fruit, organizations can gradually modernize their infrastructure and applications without major disruptions.
• VPC Lattice and Transit Gateway can work together, with VPC Lattice providing an additional layer of application-level networking capabilities.
• Real-world examples, like the one from Goldman Sachs, demonstrate the practical benefits of VPC Lattice in addressing complex networking challenges and enabling a smooth transition to modern architectures.