A company is adopting microservices and wants to enable their services to communicate securely and track network traffic between them. Which AWS service provides service mesh capabilities with mutual TLS and observability?
App Mesh provides a service mesh layer for microservices with mTLS encryption, traffic control (routing policies, retry logic), and observability (metrics, traces) via Envoy proxy integration.
Why this answer
AWS App Mesh is a service mesh that provides application-level networking, enabling microservices to communicate securely with mutual TLS (mTLS) and offering observability through metrics, logs, and traces. It integrates with AWS services like AWS X-Ray and Amazon CloudWatch to track network traffic between services, making it the correct choice for this requirement.
Exam trap
The trap here is that candidates often confuse network-level services like VPC security groups or Transit Gateway with application-level service mesh capabilities, overlooking that mTLS and observability require a dedicated service mesh like AWS App Mesh.
How to eliminate wrong answers
Option A is wrong because Amazon VPC with security groups provides network-level traffic filtering and segmentation, not service mesh capabilities like mTLS or observability at the application layer. Option C is wrong because Amazon API Gateway is a managed API proxy for creating, publishing, and securing APIs, not a service mesh for inter-service communication within a microservices architecture. Option D is wrong because AWS Transit Gateway is a network transit hub for connecting VPCs and on-premises networks, lacking service mesh features such as mTLS and observability for service-to-service traffic.