
Amazon VPC Lattice now enables external and hybrid connectivity through a proxy-based ingress solution using Network Load Balancer and serverless Fargate containers, though VPC endpoints now provide a simpler alternative for this connectivity.


<div><p>This article explains how to enable external, hybrid, and cross-Region connectivity to Amazon VPC Lattice services using a proxy-based ingress solution.</p><ul><li>VPC Lattice services use non-routable link-local addresses, requiring proxy access from outside VPCs</li><li>Solution uses Network Load Balancer with serverless NGINX proxies on AWS Fargate</li><li>Custom DNS names via Route53 enable split-horizon DNS for internal and external consumers</li><li>Supports three connectivity patterns: internet access, hybrid on-premises, cross-Region AWS</li><li>Layer 4 NLB proxying avoids TLS certificate management complexity</li><li>Automated deployment via CloudFormation and CodePipeline in two stages</li><li>IP-level access control via NGINX configuration and NACLs</li><li>Note: VPC endpoints for VPC Lattice now provide native alternative to this solution</li></ul><p>This solution provides a centralized ingress pattern for accessing VPC Lattice services from external locations, simplifying multi-service exposure and management.</p></div>


Related articles