What Is Amazon App Mesh?
Important
End of support notice: On September 30, 2026, Amazon will discontinue support for Amazon App Mesh. After September 30, 2026, you will no longer be able to access the Amazon App Mesh console or Amazon App Mesh resources. For more information, visit this blog post Migrating from Amazon App Mesh to Amazon ECS Service Connect
Amazon App Mesh is a service mesh that makes it easy to monitor and control services. A service mesh is an infrastructure layer dedicated to handling service-to-service communication, usually through an array of lightweight network proxies deployed alongside the application code. App Mesh standardizes how your services communicate, giving you end-to-end visibility and helping to ensure high availability for your applications. App Mesh gives you consistent visibility and network traffic controls for every service in an application.
Adding App Mesh to an example application
Important
End of support notice: On September 30, 2026, Amazon will discontinue support for Amazon App Mesh. After September 30, 2026, you will no longer be able to access the Amazon App Mesh console or Amazon App Mesh resources. For more information, visit this blog post Migrating from Amazon App Mesh to Amazon ECS Service Connect
Consider the following simple example application that doesn’t use App Mesh. The two services can be running on Amazon Fargate, Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), Kubernetes on Amazon Elastic Compute Cloud (Amazon EC2) instances, or on Amazon EC2 instances with Docker.
In this illustration, both serviceA
and serviceB
are discoverable
through the apps.local
namespace. Let's say, for example, you decide to deploy a new
version of serviceb.apps.local
named servicebv2.apps.local
. Next, you
want to direct a percentage of the traffic from servicea.apps.local
to
serviceb.apps.local
and a percentage to servicebv2.apps.local
. When
you're sure that servicebv2
is performing well, you want to send 100 percent of the
traffic to it.
App Mesh can help you do this without changing any application code or registered service names. If you use App Mesh with this example application, then your mesh might look like the following illustration.
In this configuration, the services no longer communicate with each other directly. Instead,
they communicate with each other through a proxy. The proxy deployed with the
servicea.apps.local
service reads the App Mesh configuration and sends traffic to
serviceb.apps.local
or servicebv2.apps.local
based on the
configuration.
Components of App Mesh
App Mesh is made up of the following components, illustrated in the previous example:
-
Service mesh – A service mesh is a logical boundary for network traffic between the services that reside within it. In the example, the mesh is named
apps
, and it contains all other resources for the mesh. For more information, see Service Meshes. -
Virtual services – A virtual service is an abstraction of an actual service that is provided by a virtual node, directly or indirectly, by means of a virtual router. In the illustration, two virtual services represent the two actual services. The names of the virtual services are the discoverable names of the actual services. When a virtual service and an actual service have the same name, multiple services can communicate with each other using the same names that they used before App Mesh was implemented. For more information, see Virtual services.
-
Virtual nodes – A virtual node acts as a logical pointer to a discoverable service, such as an Amazon ECS or Kubernetes service. For each virtual service, you will have at least one virtual node. In the illustration, the
servicea.apps.local
virtual service gets configuration information for the virtual node namedserviceA
. TheserviceA
virtual node is configured with theservicea.apps.local
name for service discovery. Theserviceb.apps.local
virtual service is configured to route traffic to theserviceB
andserviceBv2
virtual nodes through a virtual router namedserviceB
. For more information, see Virtual nodes. -
Virtual routers and routes – Virtual routers handle traffic for one or more virtual services within your mesh. A route is associated to a virtual router. The route is used to match requests for the virtual router and to distribute traffic to its associated virtual nodes. In the previous illustration, the
serviceB
virtual router has a route that directs a percentage of traffic to theserviceB
virtual node, and a percentage of traffic to theserviceBv2
virtual node. You can set the percentage of traffic routed to a particular virtual node and change it over time. You can route traffic based on criteria such as HTTP headers, URL paths, or gRPC service and method names. You can configure retry policies to retry a connection if there is an error in the response. For example, in the illustration, the retry policy for the route can specify that a connection toserviceb.apps.local
is retried five times, with ten seconds between retry attempts, ifserviceb.apps.local
returns specific types of errors. For more information, see Virtual routers and Routes. -
Proxy – You configure your services to use the proxy after you create your mesh and its resources. The proxy reads the App Mesh configuration and directs traffic appropriately. In the illustration, all communication from
servicea.apps.local
toserviceb.apps.local
goes through the proxy deployed with each service. The services communicate with each other using the same service discovery names that they used before introducing App Mesh. Because the proxy reads the App Mesh configuration, you can control how the two services communicate with each other. When you want change the App Mesh configuration, you don’t need to change or redeploy the services themselves or the proxies. For more information, see Envoy image.
How to get started
To use App Mesh you must have an existing service running on Amazon Fargate, Amazon ECS, Amazon EKS, Kubernetes on Amazon EC2, or Amazon EC2 with Docker.
To get started with App Mesh, see one of the following guides:
Accessing App Mesh
You can work with App Mesh in the following ways:
- Amazon Web Services Management Console
-
The console is a browser-based interface that you can use to manage App Mesh resources. You can open the App Mesh console at https://console.amazonaws.cn/appmesh/
. - Amazon CLI
-
Provides commands for a broad set of Amazon products, and is supported on Windows, Mac, and Linux. To get started, see Amazon Command Line Interface User Guide. For more information about the commands for App Mesh, see appmesh in the Amazon CLI Command Reference.
- Amazon Tools for Windows PowerShell
-
Provides commands for a broad set of Amazon products for those who script in the PowerShell environment. To get started, see the Amazon Tools for Windows PowerShell User Guide. For more information about the cmdlets for App Mesh, see App Mesh in the Amazon Tools for PowerShell Cmdlet Reference.
- Amazon CloudFormation
-
Enables you to create a template that describes all of the Amazon resources that you want. Using the template, Amazon CloudFormation provisions and configures the resources for you. To get started, see Amazon CloudFormation User Guide. For more information about the App Mesh resource types, see App Mesh Resource Type Reference in the Amazon CloudFormation Template Reference.
- Amazon SDKs
-
We also provide SDKs that enable you to access App Mesh from a variety of programming languages. The SDKs automatically take care of tasks such as:
Cryptographically signing your service requests
Retrying requests
Handling error responses
For more information about available SDKs, see Tools for Amazon Web Services
. For more information about the App Mesh APIs, see the Amazon App Mesh API Reference.