Need advice about which tool to choose?Ask the StackShare community!
AWS App Mesh vs Kong: What are the differences?
Introduction
AWS App Mesh and Kong are two popular tools used for managing and securing microservices architectures. While both offer similar functionality, they have some key differences that make them unique in their own ways.
Deployment Model: AWS App Mesh is a fully managed service provided by Amazon Web Services (AWS) that allows you to easily monitor and control communications between microservices. It integrates seamlessly with AWS services and is hosted on the AWS Cloud. On the other hand, Kong is an open-source solution that can be deployed on-premises or in the cloud, giving you more flexibility in choosing your deployment environment.
Service Discovery: AWS App Mesh has built-in service discovery capabilities that automatically register and track your services as they scale up or down. It uses the Envoy proxy to collect metrics and traces, providing you with valuable insights into your microservices architecture. Kong, on the other hand, relies on external service discovery mechanisms, such as Consul or etcd, to manage service registration and discovery.
API Gateway: Kong is primarily known for its API gateway capabilities, allowing you to manage and secure your APIs. It provides features like authentication, rate limiting, request/response transformations, and more. AWS App Mesh, on the other hand, focuses more on managing the communication between microservices rather than being a dedicated API gateway. It can be used in conjunction with AWS API Gateway for API management.
Polyglot Support: Kong supports a wide range of programming languages and frameworks, making it a versatile choice for developers. It provides SDKs and plugins for popular languages like JavaScript, Python, Go, and more. AWS App Mesh, on the other hand, is language-agnostic and can be used with any programming language that supports the Envoy proxy. This gives you more flexibility in choosing the technologies for your microservices.
Integration with AWS Services: As an AWS service, App Mesh integrates seamlessly with other AWS services like AWS Lambda, Amazon ECS, Amazon EKS, and more. This allows you to leverage the full power of the AWS ecosystem when building your microservices architecture. Kong, being an open-source solution, can also be integrated with AWS services, but it requires more manual configuration and setup.
Pricing: AWS App Mesh is a managed service that comes with a pay-as-you-go pricing model. You only pay for the resources you use, making it a cost-effective choice for small to large-scale deployments. Kong, being an open-source tool, is free to use, but you are responsible for managing and scaling the infrastructure it runs on. This may incur additional costs depending on your deployment requirements.
In summary, AWS App Mesh is a fully managed service provided by AWS that focuses on managing communication between microservices in an AWS environment. It offers built-in service discovery, deep integration with AWS services, and a pay-as-you-go pricing model. Kong, on the other hand, is an open-source solution that can be deployed anywhere and offers more flexibility in terms of deployment options and programming language support. It is primarily known for its API gateway capabilities and is free to use, but requires more manual setup and management.
One of our applications is currently migrating to AWS, and we need to make a decision between using AWS API Gateway with AWS App Mesh, or Kong API Gateway with Kuma.
Some people advise us to benefit from AWS managed services, while others raise the vendor lock issue. So, I need your advice on that, and if there is any other important factor rather than vendor locking that I must take into consideration.
The benefit of using Kuma + Kong Gateway are:
- Feature-set: Kong + Kuma provide an end-to-end solution for both APIM and Service Mesh with a feature-set, and a performance, that is not matched by AWS services. In addition to this you can extend Kong Gateway with 70+ plugins out of the box and choose between 500+ plugins from the community to cover every use-case. In comparison, the feature-set of AWS API Gateway is quite limited and basic.
- Performance: Especially in the case of Kong Gateway, performance has always been a top priority for the project (more performance deliver more reliable applications). In some benchmarks the latency added by AWS API Gateway can be 200x more than what you would achieve with Kong Gateway natively which has been hand-crafted for maximum throughput.
- Cost: While cloud vendors like AWS make it very easy to get up and running with their services at a lower initial cost, that cost ramps up very quickly (exponentially) as the number of requests are increasing. With Kong GW you don't have this problem, since you can run tens of thousands of concurrent requests on a small EC2 instance (or Kubernetes Ingress, via the native K8s ingress controller for Kong Gateway).
- Portability: You can replicate your infrastructure on any other cloud, or on your development machines with ease. Want to run your gateway + mesh on your local Kubernetes cluster? You can do that. Want to run your infrastructure on another cloud provider? You can do that. Strategically you have full ownership of your infrastructure and its future. When it comes to Kuma, you can also run a Mesh on VM-based workloads in addition to Kubernetes (Kuma is universal).
- And much more.
Disclaimer: I am the CTO of Kong.
AWS App Mesh is useful when your micro services are deployed across Ec2 , EKS or ECS. Assume you are in process of migrating microservices from ec2 instances to ecs, its easy to switch using Virtual router configuration. As App Mesh is managed service and easy to bring up ,its worth giving it a try for your use case before choosing Kuma or any other tool.
Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.
Pros of AWS App Mesh
Pros of Kong
- Easy to maintain37
- Easy to install32
- Flexible26
- Great performance21
- Api blueprint7
- Custom Plugins4
- Kubernetes-native3
- Security2
- Has a good plugin infrastructure2
- Agnostic2
- Load balancing1
- Documentation is clear1
- Very customizable1