Boolean to turn on or off the integration to CloudMap for the services.
If you want to use appmesh and define x-appmesh in the template, automatically, all services will be registered in AWS CloudMap.
This allows you to define specific ingress control from external sources to your environment. For example, if you have to whitelist IP addresses that are to be allowed communication to the services, you can list these, and indicate their name which will be shown in the EC2 security group description of the ingress rule.
Ingress: ExtSources:  AwsSources:  Myself: True/False
services: app01: x-network: Ingress: ExtSources: - IPv4: 0.0.0.0/0 Name: all - IPv4: 126.96.36.199/32 Source_name: CloudFlareDNS AwsSources: - Type: SecurityGroup Id: sg-abcd - Type: PrefixList Id: pl-abcd Myself: True/False
Future feature is to allow to input a security group ID and the remote account ID to allow ingress traffic from a security group owned by another of your account (or 3rd party).
The protocol is automatically detected based on the port definition. By default, it is TCP
To see details about the Ingress for Load Balancers, refer to Ingress
When using an ALB, you do not need to define that ALB security group etc., all inbound rules will be defined automatically to allow the ALB to communicate with your service!
networks: internal: x-vpc: InteralCustomSubnets x-vpc: VpcId: Tags:  AppSubnets: Tags:  PublicSubnets: Tags:  StorageSubnets: Tags:  InteralCustomSubnets: Tags:  services: serviceA: networks: [internal]
In some cases, you might have complex VPC topology and created new specific Subnets in x-vpc , and map that subnet name to a docker-network defined network. Then later, you can set your service in the services definition to be put into that network.