Open shubharao opened 4 years ago
If I create App Mesh virtual nodes for each of these permitted services and use it as an explicit backend in all my mesh services, I could accomplish the same end goal.
Yes, this is correct. If you create a Virtual Service & Virtual Node to represent each of the permitted service and add it as a backend, you would be able to call those external services from those services which have them defined as backend.
Do you guarantee that no other connections, except for the explicitly permitted mesh backends, will be allowed? Or are there any assumptions like services running on a specific UUID / port are just allowed?
We always allow any AWS service with the domain *.amazonaws.com
to be called from within the mesh without you having to define them as backends. Other than that, no other connection should be allowed apart from those defined as backends.
But I see a similar usecase listed in here where you are looking for specific set of allowed services to be called from within the mesh. Currently, Virtual Service and Virtual Node is the way to do it.