Services or capabilities described in this page might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China Regions. Only “Region Availability” and “Feature Availability and Implementation Differences” sections for specific services (in each case exclusive of content referenced via hyperlink) in Getting Started with Amazon Web Services in China Regions form part of the Documentation under the agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China (Beijing) Region or Amazon Web Services China (Ningxia) Region (the “Agreement”). Any other content contained in the Getting Started pages does not form any part of the Agreement.
Amazon App Mesh Documentation
App Mesh is designed to run services by providing visibility and network traffic controls for services. App Mesh separates the logic needed for monitoring and controlling communications into a proxy that runs next to services. This reduces the need to coordinate across teams or update application code to change how monitoring data is collected or traffic is routed. This allows you to pinpoint the exact location of errors and reroute network traffic when there are failures or when code changes need to be deployed.
You can use App Mesh with Amazon Fargate, Amazon ECS, Amazon EKS, Amazon EC2, and Kubernetes on EC2 to better run services at scale.
Open source proxy
App Mesh uses the open source Envoy proxy to manage traffic into and out of a service’s containers. App Mesh configures this proxy to handle the service’s application communications.
App Mesh is compatible with Amazon CloudWatch* and Amazon X-Ray* as well as several Amazon Web Services partner and open source tools.
Traffic Routing
App Mesh lets you configure services to connect to each other instead of requiring code within the application or using a load balancer. When each service starts, its proxies connect to App Mesh and receive configuration data about the locations of other services in the mesh. You can use controls in App Mesh to update traffic routing between services with minimal changes to your application code.
Client-side Traffic Policies
The proxies are designed to load balance traffic from clients in the mesh, and add and remove load balancing endpoints based on health checks and service registration. These capabilities help to deploy new versions of your services and tune applications to be resilient to failures.
Service-to-Service Authentication
Mutual TLS (mTLS) enables transport layer authentication, which provides service-to-service identity verification for the application components running in and outside service meshes. It allows customers to extend the security perimeter to the applications running in Amazon App Mesh by provisioning certificates from Amazon Certificate Manager Private Certificate Authority or a customer-managed Certificate Authority (CA) to workloads in the service mesh, and is designed to enforce authentication for client applications connecting to services.
Container orchestration native user experience
For containerized workloads running on Amazon ECS, EKS, Fargate, or Kubernetes, you include the provided App Mesh proxy as part of the task or pod definition for each microservice and configure the services’ application container to communicate with the proxy. When the service starts, the proxy is designed to check in with and is configured by App Mesh.
Managed Service
Amazon App Mesh is a managed service. App Mesh allows you to manage services communications without needing to install or manage application-level infrastructure for communications management.
Additional Information
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.amazonaws.cn/en_us/. This additional information does not form part of the Documentation for purposes of the Sinnet Customer Agreement for Amazon Web Services (Beijing Region), Western Cloud Data Customer Agreement for Amazon Web Services (Ningxia Region) or other agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China Regions.