Allow AppMesh to be fronted by NLB/PrivateLink

[KushalP]

Tell us about your request
It is a common pattern to use PrivateLinks to connect different AWS accounts. PrivateLinks require termination using NLBs. Allow AppMesh to be fronted by NLBs or to take traffic directly from PrivateLink.

Which integration(s) is this request for?
NLB, AppMesh.

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
I have a hard requirement to use PrivateLinks for my inbound traffic. These PrivateLinks require the use of terminating to an NLB. It doesn't seem like it's possible to connect the two together because the produced AppMesh has a specific ARN, whilst the NLB only allows connecting to a specific IP or EC2 instance.

Are you currently working around this issue?
We're not able to use AppMesh as it's not possible to connect an NLB to AppMesh.

[dastbe]

Hey @KushalP

Are you asking for

1. An NLB to front your mesh (or a subset of it)? We're tracking that in Use App Mesh for ingress routing #37
2. An NLB to front your Virtual Node? If so, there's nothing that stops you from doing that today! For example, you can configure an ECS service to use both App Mesh and an NLB.
3. An NLB to front your Virtual Service? That's an interesting one, as we'd need to account for some of the mismatch between the routing options available on an NLB (tcp/udp) while the Virtual Service could support application level protocols.

[KushalP]

The first one of these. I'll close this issue in favour of #37.