vedcraft/istio-aws-appmesh.md

## istio-aws-appmesh.md

      
    Raw
  

              istio-aws-appmesh.md
            
          
Feature
AWS AWS App Mesh
Istio
Notes and Key Observations


Operational Cost
Low
High
Istio provides self-managed control plane and it has operational overhead if you are not using a managed service


Portability
Low
High
Istio is built for Kubernetes and also supports VMs and is compliant to SMI (via adapter). It can be integrated with self-managed K8s, EKS, GKE, etc. First-class support for Google Cloud (Istio on GKE)


Flexibility
Low
High
Istio is extensible & vendor-neutral. 
 AWS App Mesh – first-class support for EKS, ECS, Fargate. However, even with Kubernetes on EC2, need to use AWS


Ease of setup
Medium
High
Istio – Setting up with EKS requires a learning curve and a deeper understanding of Istio. Click here to see details. 
AWS App Mesh – With EKS, setting up is easy especially because of AWS support and integration. Click here to see details.


Observability
Medium
High
Istio – Tracing by adding request header is available out-of-the-box. Click here to see details. 
AWS App Mesh – The application code needs to be updated to enable tracing. Click here to see details.


Kubernetes support
Low
High
Istio natively integrates with Kubernetes.


Multi cluster Support
High
Yes
AWS App Mesh – Click here to read about using App Mesh in multi account setup.  
Istio – Click here to read about multi-cluster setup using Istio.


Weighted routing
Yes
Yes
Useful for A/B, Canary deployments, etc.


Rate Limiting
No
Yes
AWS App Mesh feature planned in AWS App Mesh Roadmap. Click here to see the roadmap.


Fault management
Partial
Yes
Both support timeout, retry circuit breakers. However, Istio also supports variable jitter between retries, health checks, failure injection. 
AWS App Mesh does not allow using custom error codes for retry configuration and only applies default policy. Click here for more details.


Traffic Mirroring
No
Yes
Istio allows traffic mirroring currently while AWS App Mesh does not have this feature right now. Click here to read more about Istio Traffic Monitoring.


Security – mTLS and Authentication
Yes
Yes
Both support mTLS. However, Istio offers more granular control over mTLS setup including automatic certificate rollover Also, Istio allows request Authentication and has integration available with Auth0, Keycloak, etc. Click here for more details on Istio. 
AWS App Mesh has IAM integration which is a plus for AWS workloads and setup.
Feature	AWS AWS App Mesh	Istio	Notes and Key Observations
Operational Cost	Low	High	Istio provides self-managed control plane and it has operational overhead if you are not using a managed service
Portability	Low	High	Istio is built for Kubernetes and also supports VMs and is compliant to SMI (via adapter). It can be integrated with self-managed K8s, EKS, GKE, etc. First-class support for Google Cloud (Istio on GKE)
Flexibility	Low	High	Istio is extensible & vendor-neutral. AWS App Mesh – first-class support for EKS, ECS, Fargate. However, even with Kubernetes on EC2, need to use AWS
Ease of setup	Medium	High	Istio – Setting up with EKS requires a learning curve and a deeper understanding of Istio. Click here to see details. AWS App Mesh – With EKS, setting up is easy especially because of AWS support and integration. Click here to see details.
Observability	Medium	High	Istio – Tracing by adding request header is available out-of-the-box. Click here to see details. AWS App Mesh – The application code needs to be updated to enable tracing. Click here to see details.
Kubernetes support	Low	High	Istio natively integrates with Kubernetes.
Multi cluster Support	High	Yes	AWS App Mesh – Click here to read about using App Mesh in multi account setup. Istio – Click here to read about multi-cluster setup using Istio.
Weighted routing	Yes	Yes	Useful for A/B, Canary deployments, etc.
Rate Limiting	No	Yes	AWS App Mesh feature planned in AWS App Mesh Roadmap. Click here to see the roadmap.
Fault management	Partial	Yes	Both support timeout, retry circuit breakers. However, Istio also supports variable jitter between retries, health checks, failure injection. AWS App Mesh does not allow using custom error codes for retry configuration and only applies default policy. Click here for more details.
Traffic Mirroring	No	Yes	Istio allows traffic mirroring currently while AWS App Mesh does not have this feature right now. Click here to read more about Istio Traffic Monitoring.
Security – mTLS and Authentication	Yes	Yes	Both support mTLS. However, Istio offers more granular control over mTLS setup including automatic certificate rollover Also, Istio allows request Authentication and has integration available with Auth0, Keycloak, etc. Click here for more details on Istio. AWS App Mesh has IAM integration which is a plus for AWS workloads and setup.