SlideShare a Scribd company logo
<@your social handle>
Simplify Modernization of your
monolithic application using VPC
Lattice Networking
Sanket Nasre, Sr. Migration SA at AWS
06/15/2023
https://www.linkedin.com/in/sanket-nasre-58813b23/
Agenda
Ø Monoliths and Microservices in a nutshell
Ø “Breaking the Bad” Monoliths
Ø Developer’s Conundrum with Network and Application Portion
Ø VPC Lattice Basics and Security
Ø Lattice…in the context of Microservices
Ø Reference architectures for placing Microservices with Lattice
Ø App Dependency
Ø Blue/Green Deployment with VPC Lattice
Ø Path/Host based Routing with VPC Lattice
Basic Concepts and Definitions
Completely
independent
Monolith Microservices
Miniservices
?
“Breaking the Bad” Monoliths
Ø Business capability
Ø Sub-domain
Ø Transactions
Ø Service per team pattern
Ø Strangler fig pattern
Ø Branch by abstraction pattern
Give service teams their own sandbox
Network and permission boundaries with VPCs and accounts
VPC 1 VPC 2
Microservice 1 Microservice 3
Microservice 2 Microservice 4
Network and Application Layer Complexity
Transit
Gateway
Peering
Transit
Gateway
Microservice
Monolith Microservice Microservice
Microservice Microservice
Internet
Gateway
VPC
Privatelink
AWS Account 2
AWS Account 1
AWS Account n
Consumer
EC2
API
Gateway
NLB
ALB
Network
Routing
Application layer
Routing,
Healthchecks,
Loadbalancing
VPC
Peering
How do we make it simpler for
developers to deploy and connect
microservices with zero trust?
Amazon
Bridging the gap between admins and developers
Amazon VPC Lattice concepts
S E R V I C E - A W A R E N E T W O R K I N G
Service directory
• Centralized registry of services
Service network
• Define logical boundary defined across VPCs and accounts
• Apply common access and observability policy
Auth policies
• Declarative policies for access, observability, and traffic
management
• Applied at the service, gateway, or the application network
level
Amazon VPC
Service A
Amazon EKS
Service B
Amazon VPC
Amazon
EC2
Service C
Lambda
Service
• Unit of application
• Extends across all compute resources: instances, containers,
serverless
13
VPC Lattice Security
14
Service and VPC Association Network Layer Controls VPC Lattice Auth Policy
Service and VPC association with
a service network. If a VPC or
specific service is not associated
with the service network, clients in
the VPC will not have access to
the service.
Network-level security protections
for the service network. Use
Network ACLs or place a Security
Group (SG) on the VPC to
service network association
VPC Lattice auth policy can be applied on
service networks and individual services.
Typically operated by the network or cloud
administrator, and they will implement
coarse-grained authorization
SG-123
SG-123
Lattice… in the context of Microservices
Consumer VPC
Service VPC
Service
Consumer/User
Service
Service
Network
VPC
Association
Service
Association
Service
Association
Resource
Access
Manager
Account A
Account B
Microservice
Microservice
Centralized Service Network Account
Service Directory
Service
Name
Owner
Auth Account B
Write Account A
Provider Account B
Consumer Account
Provider Account A
Service Network Account
Service
Network
Policy
Service
Policy
Service Policy
VPC
Resolver
VPC
VPC
Association
VPC Lattice Service
Network
Service
Association
Auto scaling Group
Instances Instances
Auth Service
Write Service
AWS Lambda
Service
Association
Consumer EC2
Private
Subnet
Private
Subnet
Centralized Multiple Service Networks
Service Directory
Service
Name
Owner
Write Account A
Provider Account B
Consumer Account A
Provider Account A
Service Network Account
Service Network Policy
Service
Policy
Service
Policy
VPC A
Resolver
VPC
VPC
Association
VPC Lattice Service
Network 1
Service
Association
Auto scaling Group
Instances Instances
Auth Service
Write Service
AWS Lambda
Consumer EC2
VPC B
Resolver
VPC Lattice Service
Network 2
Service Directory
Service
Name
Owner
Auth Account B
Write Account A
Service
Network
Policy
AWS
Lambda
Private
Subnet
VPC
Association Service
Association
Service
Association
ENI
Private
Subnet
Private
Subnet
Distributed Service Networks
Service Directory
Service
Name
Owner
Write Account A
Provider Account B
Consumer Account A
Provider Account A
Service
Network
Policy
VPC A
Resolver
VPC
VPC
Association
VPC Lattice Service
Network
Service
Association
Auto scaling Group
Instances Instances
Auth Service
Write Service
AWS Lambda
Consumer EC2
VPC B
Resolver
VPC Lattice Service
Network
Service Directory
Service
Name
Owner
Auth Account B
Service
Network
Policy
AWS
Lambda
Private
Subnet
VPC
Association Service
Association
ENI
Private
Subnet
Private
Subnet
Application Dependency
Service Directory
Service
Name
Owner
Billing Account B
Parking Account A
Inventory Account C
Provider Account B
Provider Account C
Provider Account A
Service Network Account
Service
Network
Policy
Service
Policy
Service Policy
VPC
VPC
VPC
Association
VPC Lattice Service
Network
Service
Association
Auto scaling Group
Instances Instances
Billing Service
Parking Service
AWS Lambda
Service
Association
Private
Subnet
Private
Subnet
Inventory Service
Service
Association VPC
Association
Blue/Green Deployment (Same AWS Account)
Subnet
Subnet
Service 2:
Parking
Consumer VPC
VPC 2
VPC 1
Route
53
Amazon VPC
Lattice service
network Subnet
VPC 3 Service 3:
Parking++
Amazon VPC Lattice policy: Parking++ and
Parking are blue or green, with 90% to
Parking and 10% to Parking++
90%
10%
Consumer/User
Amazon
VPC
Lattice
link local
VPC 4
Subnet
VPC association
Service association
Service 1:
Billing
Path/Host based routing (Same AWS Account)
Subnet
Subnet
Service 2:
Parking
Consumer VPC
VPC 2
VPC 1
Route
53
Amazon VPC
Lattice service
network Subnet
VPC 3 Service 3:
Inventory
Consumer/User
Amazon
VPC
Lattice
link local
Subnet
VPC 4
VPC association
Service association
Service 1:
Billing
/api/parking
parking.hotel.com
/api/inventory
Inventory.hotel.com
Thank you!
Sanket Nasre
Sr. Migration SA
AWS Industries
https://www.linkedin.com/in/sanket-nasre-58813b23/

More Related Content

Similar to Sanket_Nasre_Simplify Modernization.pdf

AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
Amazon Web Services
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
Amazon Web Services
 
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptxTrack 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Building and scaling your first containerized microservice
Building and scaling your first containerized microserviceBuilding and scaling your first containerized microservice
Building and scaling your first containerized microservice
Amazon Web Services
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services
 
Service Fabric – building tomorrows applications today
Service Fabric – building tomorrows applications todayService Fabric – building tomorrows applications today
Service Fabric – building tomorrows applications today
BizTalk360
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices Architectures
Crishantha Nanayakkara
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
VMware
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
Amazon Web Services
 
Build your first blockchain application with Amazon Managed Blockchain - SVC2...
Build your first blockchain application with Amazon Managed Blockchain - SVC2...Build your first blockchain application with Amazon Managed Blockchain - SVC2...
Build your first blockchain application with Amazon Managed Blockchain - SVC2...
Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
Amazon Web Services
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
Cohesive Networks
 

Similar to Sanket_Nasre_Simplify Modernization.pdf (20)

AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
 
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptxTrack 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
Track 5 Session 3_ 迎戰DDoS攻擊的資安最佳實踐.pptx
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Building and scaling your first containerized microservice
Building and scaling your first containerized microserviceBuilding and scaling your first containerized microservice
Building and scaling your first containerized microservice
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
Service Fabric – building tomorrows applications today
Service Fabric – building tomorrows applications todayService Fabric – building tomorrows applications today
Service Fabric – building tomorrows applications today
 
Enterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices ArchitecturesEnterprise Integration in Cloud Native Microservices Architectures
Enterprise Integration in Cloud Native Microservices Architectures
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
 
Build your first blockchain application with Amazon Managed Blockchain - SVC2...
Build your first blockchain application with Amazon Managed Blockchain - SVC2...Build your first blockchain application with Amazon Managed Blockchain - SVC2...
Build your first blockchain application with Amazon Managed Blockchain - SVC2...
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
Comparison: VNS3 vs Vyatta
Comparison: VNS3 vs VyattaComparison: VNS3 vs Vyatta
Comparison: VNS3 vs Vyatta
 

More from AWS Chicago

Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
AWS Chicago
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
AWS Chicago
 
LinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice awardLinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice award
AWS Chicago
 
Lloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating ComplianceLloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating Compliance
AWS Chicago
 
Drake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migrationDrake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migration
AWS Chicago
 
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
AWS Chicago
 
Steve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline complianceSteve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline compliance
AWS Chicago
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
AWS Chicago
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
AWS Chicago
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
AWS Chicago
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
AWS Chicago
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
AWS Chicago
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
AWS Chicago
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
AWS Chicago
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
AWS Chicago
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
AWS Chicago
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
AWS Chicago
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
AWS Chicago
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
AWS Chicago
 

More from AWS Chicago (20)

Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
Lena Taupier: Secure your App from bots and attacks with AWS WAF (Web Applica...
 
Rob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community DayRob Sable: Gen AI and Manufacfuring Community Day
Rob Sable: Gen AI and Manufacfuring Community Day
 
LinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice awardLinkedIn profile and strategies for earning the Top Voice award
LinkedIn profile and strategies for earning the Top Voice award
 
Lloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating ComplianceLloyd Evans: GRC Engineering Automating Compliance
Lloyd Evans: GRC Engineering Automating Compliance
 
Drake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migrationDrake Lundstrom: How not to do a cloud migration
Drake Lundstrom: How not to do a cloud migration
 
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)Andrew May: Things AWS could learn from Azure (and things it shouldn't)
Andrew May: Things AWS could learn from Azure (and things it shouldn't)
 
Steve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline complianceSteve Seaney: Leveraging AWS services to streamline compliance
Steve Seaney: Leveraging AWS services to streamline compliance
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
Chicago AWS Solutions Architect Mehdy Haghy recaps the new AI/ML releases and...
 
WilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptxWilliamCollins_Road-to-Transit-Gateway.pptx
WilliamCollins_Road-to-Transit-Gateway.pptx
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha DwivedulaStreamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
Streamlined Entitlements with AWS Lake Formation - Anusha Dwivedula
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptxSaurabh_Shanbhag - Building_SaaS_on_AWS.pptx
Saurabh_Shanbhag - Building_SaaS_on_AWS.pptx
 
Ross Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptxRoss Stuart_Using ML to Solve Lifes Problems.pptx
Ross Stuart_Using ML to Solve Lifes Problems.pptx
 
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdfrobsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
robsable_Enhancing DevOps Practices with CloudWatch APM FINAL.pdf
 
Sanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdfSanket_Nasre_Simplify Modernization.pdf
Sanket_Nasre_Simplify Modernization.pdf
 
Mohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptxMohamed Wali_AWS Security Reference Architecture.pptx
Mohamed Wali_AWS Security Reference Architecture.pptx
 
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptxNick-Walter-HOB_Migrating_Dinosaurs.pptx
Nick-Walter-HOB_Migrating_Dinosaurs.pptx
 
Pat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdfPat_Davies_AWSCostOptimization_Final.pdf
Pat_Davies_AWSCostOptimization_Final.pdf
 

Recently uploaded

“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

Recently uploaded (20)

“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 

Sanket_Nasre_Simplify Modernization.pdf

  • 2. Simplify Modernization of your monolithic application using VPC Lattice Networking Sanket Nasre, Sr. Migration SA at AWS 06/15/2023 https://www.linkedin.com/in/sanket-nasre-58813b23/
  • 3. Agenda Ø Monoliths and Microservices in a nutshell Ø “Breaking the Bad” Monoliths Ø Developer’s Conundrum with Network and Application Portion Ø VPC Lattice Basics and Security Ø Lattice…in the context of Microservices Ø Reference architectures for placing Microservices with Lattice Ø App Dependency Ø Blue/Green Deployment with VPC Lattice Ø Path/Host based Routing with VPC Lattice
  • 4. Basic Concepts and Definitions Completely independent Monolith Microservices Miniservices ?
  • 5. “Breaking the Bad” Monoliths Ø Business capability Ø Sub-domain Ø Transactions Ø Service per team pattern Ø Strangler fig pattern Ø Branch by abstraction pattern
  • 6. Give service teams their own sandbox Network and permission boundaries with VPCs and accounts VPC 1 VPC 2 Microservice 1 Microservice 3 Microservice 2 Microservice 4
  • 7. Network and Application Layer Complexity Transit Gateway Peering Transit Gateway Microservice Monolith Microservice Microservice Microservice Microservice Internet Gateway VPC Privatelink AWS Account 2 AWS Account 1 AWS Account n Consumer EC2 API Gateway NLB ALB Network Routing Application layer Routing, Healthchecks, Loadbalancing VPC Peering
  • 8. How do we make it simpler for developers to deploy and connect microservices with zero trust?
  • 9. Amazon Bridging the gap between admins and developers
  • 10. Amazon VPC Lattice concepts S E R V I C E - A W A R E N E T W O R K I N G Service directory • Centralized registry of services Service network • Define logical boundary defined across VPCs and accounts • Apply common access and observability policy Auth policies • Declarative policies for access, observability, and traffic management • Applied at the service, gateway, or the application network level Amazon VPC Service A Amazon EKS Service B Amazon VPC Amazon EC2 Service C Lambda Service • Unit of application • Extends across all compute resources: instances, containers, serverless 13
  • 11. VPC Lattice Security 14 Service and VPC Association Network Layer Controls VPC Lattice Auth Policy Service and VPC association with a service network. If a VPC or specific service is not associated with the service network, clients in the VPC will not have access to the service. Network-level security protections for the service network. Use Network ACLs or place a Security Group (SG) on the VPC to service network association VPC Lattice auth policy can be applied on service networks and individual services. Typically operated by the network or cloud administrator, and they will implement coarse-grained authorization SG-123 SG-123
  • 12. Lattice… in the context of Microservices Consumer VPC Service VPC Service Consumer/User Service Service Network VPC Association Service Association Service Association Resource Access Manager Account A Account B Microservice Microservice
  • 13. Centralized Service Network Account Service Directory Service Name Owner Auth Account B Write Account A Provider Account B Consumer Account Provider Account A Service Network Account Service Network Policy Service Policy Service Policy VPC Resolver VPC VPC Association VPC Lattice Service Network Service Association Auto scaling Group Instances Instances Auth Service Write Service AWS Lambda Service Association Consumer EC2 Private Subnet Private Subnet
  • 14. Centralized Multiple Service Networks Service Directory Service Name Owner Write Account A Provider Account B Consumer Account A Provider Account A Service Network Account Service Network Policy Service Policy Service Policy VPC A Resolver VPC VPC Association VPC Lattice Service Network 1 Service Association Auto scaling Group Instances Instances Auth Service Write Service AWS Lambda Consumer EC2 VPC B Resolver VPC Lattice Service Network 2 Service Directory Service Name Owner Auth Account B Write Account A Service Network Policy AWS Lambda Private Subnet VPC Association Service Association Service Association ENI Private Subnet Private Subnet
  • 15. Distributed Service Networks Service Directory Service Name Owner Write Account A Provider Account B Consumer Account A Provider Account A Service Network Policy VPC A Resolver VPC VPC Association VPC Lattice Service Network Service Association Auto scaling Group Instances Instances Auth Service Write Service AWS Lambda Consumer EC2 VPC B Resolver VPC Lattice Service Network Service Directory Service Name Owner Auth Account B Service Network Policy AWS Lambda Private Subnet VPC Association Service Association ENI Private Subnet Private Subnet
  • 16. Application Dependency Service Directory Service Name Owner Billing Account B Parking Account A Inventory Account C Provider Account B Provider Account C Provider Account A Service Network Account Service Network Policy Service Policy Service Policy VPC VPC VPC Association VPC Lattice Service Network Service Association Auto scaling Group Instances Instances Billing Service Parking Service AWS Lambda Service Association Private Subnet Private Subnet Inventory Service Service Association VPC Association
  • 17. Blue/Green Deployment (Same AWS Account) Subnet Subnet Service 2: Parking Consumer VPC VPC 2 VPC 1 Route 53 Amazon VPC Lattice service network Subnet VPC 3 Service 3: Parking++ Amazon VPC Lattice policy: Parking++ and Parking are blue or green, with 90% to Parking and 10% to Parking++ 90% 10% Consumer/User Amazon VPC Lattice link local VPC 4 Subnet VPC association Service association Service 1: Billing
  • 18. Path/Host based routing (Same AWS Account) Subnet Subnet Service 2: Parking Consumer VPC VPC 2 VPC 1 Route 53 Amazon VPC Lattice service network Subnet VPC 3 Service 3: Inventory Consumer/User Amazon VPC Lattice link local Subnet VPC 4 VPC association Service association Service 1: Billing /api/parking parking.hotel.com /api/inventory Inventory.hotel.com
  • 19. Thank you! Sanket Nasre Sr. Migration SA AWS Industries https://www.linkedin.com/in/sanket-nasre-58813b23/