Consul Service Mesh Support for AWS Lambda Now in Public Beta
HashiCorp Consul support for AWS Lambda is now available in public beta enabling services in the mesh to invoke AWS Lambda functions.
We are excited to announce the public beta of HashiCorp Consul service mesh support for Amazon’s serverless functions service: AWS Lambda. This release will ensure service mesh users can now take advantage of consistent workflows and encrypted communications from all mesh services to all upstream workloads including Lambda functions.
As organizations focus on getting to market faster, serverless adoption helps developers accelerate application development. Datadog’s State of Serverless Survey shows that AWS Lambda is leading the serverless landscape. However, effectively integrating AWS Lambda into a service mesh requires first-class support. Previously, other Lambda integrations bypassed the service mesh. This beta release addresses these limitations by extending Consul service mesh capabilities and secure communications to AWS Lambda in addition to existing support for Kubernetes, virtual machines, HashiCorp Nomad, and Amazon ECS.
»Integrating AWS Lambda Functions
Registering Lambda functions into Consul is automated using the Consul Lambda service registrator. This integration provides a simplified way to register AWS Lambda functions into the service mesh. The new Consul Lambda registrator Terraform module is used to deploy Lambda registrator. Here is example code for deploying the registrator:
module "lambda-registrator" { source = "hashicorp/consul-lambda-registrator/aws//modules/lambda-registrator" name = "consul-lambda-registrator" consul_http_addr = "https://consul.example.com:8501" }The Lambda registrator automatically registers all Lambda functions that you have tagged with serverless.consul.hashicorp.com/v1alpha1/lambda/enabled: true into the service mesh. This happens in three main steps:
- Whenever you create, tag, or untag Lambdas, AWS will log the events into CloudTrail.
- EventBridge routes the events to the Lambda registrator.
- The Lambda registrator registers the Lambda as a Consul service and stores a service-defaults configuration entry.
Once registered, you need to set the Lambda service as an upstream for any services that will use it. Then, you can call it like any other mesh service.
service { … proxy = { … upstreams { local_bind_port = 1234 destination_name = "lambda" } }}Service-to-Lambda communication shares the same reliability, observability, and security benefits that the Consul service mesh provides. For example, you can use Consul intentions or traffic management on Lambda services the same way you would use them with other services.
»Getting Started
To learn more, please visit the Consul Lambda documentation.
As is typical with beta releases, we recommend against using Consul’s Lambda support in a production environment, but we encourage you to experiment with this new capability in a controlled environment. We are eager to hear about your experiences and would appreciate receiving feedback via this form. We will do our best to get back to you promptly. If you encounter an issue, please file a new bug report in GitHub.
Sign up for the latest HashiCorp news
More blog posts like this one
A blueprint for cloud success with HashiCorp at Google Cloud Next
A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.
Seamlessly migrate from Consul service discovery to service mesh
Try this example method for transitioning from Consul service discovery to service mesh without affecting uptimes or development teams.
Consul 1.18 GA improves enterprise reliability with Long-Term Support
Consul 1.18 improves enterprise reliability with Long-Term Support, fault-injection capabilities, and expanded Amazon ECS support for multi-runtime deployments.