consul

Consul Service Mesh Support for AWS Lambda Now in Public Beta

HashiCorp Consul support for AWS Lambda is now available in public beta enabling services in the mesh to invoke AWS Lambda functions.

We are excited to announce the public beta of HashiCorp Consul service mesh support for Amazon’s serverless functions service: AWS Lambda. This release will ensure service mesh users can now take advantage of consistent workflows and encrypted communications from all mesh services to all upstream workloads including Lambda functions.

As organizations focus on getting to market faster, serverless adoption helps developers accelerate application development. Datadog’s State of Serverless Survey shows that AWS Lambda is leading the serverless landscape. However, effectively integrating AWS Lambda into a service mesh requires first-class support. Previously, other Lambda integrations bypassed the service mesh. This beta release addresses these limitations by extending Consul service mesh capabilities and secure communications to AWS Lambda in addition to existing support for Kubernetes, virtual machines, HashiCorp Nomad, and Amazon ECS.

Consul Lambda integration diagram

»Integrating AWS Lambda Functions

Registering Lambda functions into Consul is automated using the Consul Lambda service registrator. This integration provides a simplified way to register AWS Lambda functions into the service mesh. The new Consul Lambda registrator Terraform module is used to deploy Lambda registrator. Here is example code for deploying the registrator:

module "lambda-registrator" {
   	source  = "hashicorp/consul-lambda-registrator/aws//modules/lambda-registrator"
   	name = "consul-lambda-registrator"
   	consul_http_addr = "https://consul.example.com:8501"
   }
module "lambda-registrator" {   	source  = "hashicorp/consul-lambda-registrator/aws//modules/lambda-registrator"   	name = "consul-lambda-registrator"   	consul_http_addr = "https://consul.example.com:8501"   }

The Lambda registrator automatically registers all Lambda functions that you have tagged with serverless.consul.hashicorp.com/v1alpha1/lambda/enabled: true into the service mesh. This happens in three main steps:

  1. Whenever you create, tag, or untag Lambdas, AWS will log the events into CloudTrail.
  2. EventBridge routes the events to the Lambda registrator.
  3. The Lambda registrator registers the Lambda as a Consul service and stores a service-defaults configuration entry.
Consul Lambda registrator workflow

Once registered, you need to set the Lambda service as an upstream for any services that will use it. Then, you can call it like any other mesh service.

service {proxy = {upstreams {
  	local_bind_port = 1234
  	destination_name = "lambda"
    }
  }
}
service {  proxy = {    upstreams {  	local_bind_port = 1234  	destination_name = "lambda"    }  }}

Service-to-Lambda communication shares the same reliability, observability, and security benefits that the Consul service mesh provides. For example, you can use Consul intentions or traffic management on Lambda services the same way you would use them with other services.

»Getting Started

To learn more, please visit the Consul Lambda documentation.

As is typical with beta releases, we recommend against using Consul’s Lambda support in a production environment, but we encourage you to experiment with this new capability in a controlled environment. We are eager to hear about your experiences and would appreciate receiving feedback via this form. We will do our best to get back to you promptly. If you encounter an issue, please file a new bug report in GitHub.

Sign up for the latest HashiCorp news