AWS Global Accelerator is a service that uses the AWS global network to optimize the network path from your users to your applications, improving performance. It provides you with static IP addresses that you associate with your accelerator which will act as a fixed entry point to your application endpoints in one or more AWS Regions. We will have a whole lab on AWS Global Accelerator performance.
In this lab, you will create an accelerator with AWS Global Accelerator and add the Application Load Balancer (ALB) you created in the previous lab as its endpoint.
There are different ways to create an accelerator and add an ALB as its endpoint: Load Balancers Console (Integrated Services tab), Global Accelerator APIs, Global Accelerator console. We will use the latter option.
Here’s what you’ll be doing:
The first step of this lab is to create and name an accelerator using AWS Global Accelerator console, the accelerator will serve as the entry point for your application.
In order for your AWS Global Accelerator to know where to listen for traffic, we will need to add in a listener for TCP port 80.
With AWS Global Accelerator, you add listeners that process inbound connections from clients based on the ports and protocols that you specify. Global Accelerator supports both TCP and UDP protocols.
You define a listener when you create your accelerator, and you can add more listeners at any time. You associate each listener with one or more endpoint groups, and you associate each endpoint group with one AWS Region.
See more information in the Listeners in AWS Global Accelerator documentation.
In the previous step, we created a listener, which tells AWS Global Accelerator where it should be listening for traffic. Now we need to tell it where to send the traffic. This is through endpoint groups. Endpoint groups contain one or more registered endpoints to send traffic to and is effectively a container construct for the endpoints.
The number of endpoint groups depends on the number of regions your application is deployed in, currently it’s deployed in a single region (US-WEST-2 - Oregon region for me).
Let’s add an endpoint group, we will also be configuring health checks in this step.
An endpoint group routes requests to one or more registered endpoints in AWS Global Accelerator. When you add a listener, you specify the endpoint groups for Global Accelerator to direct traffic to. An endpoint group, and all the endpoints in it, must be in one AWS Region. You can add different endpoint groups for different purposes, for example, for blue/green deployment testing. For more information see Endpoint Groups in the documentation.
AWS Global Accelerator automatically checks the health of the endpoints that are associated with your static IP addresses, and then directs user traffic only to healthy endpoints. Global Accelerator includes default health checks that are run automatically, but you can configure the timing for the checks and other options. For more information see Health Checks in the documentation.
You just configured an endpoint group and now you will add/configure the actual endpoint. This is the end location where AWS Global Accelerator is going to send traffic. Endpoints in AWS Global Accelerator can be Network Load Balancers, Application Load Balancers, EC2 instances, or Elastic IP addresses.
A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints. Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to.
Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners.
See documentation for Endpoints in AWS Global Accelerator
Great job! The AWS Global Accelerator service is now creating an accelerator for you. This typically takes about 5 minutes to move from the In Progress to Deployed status. Once it’s deployed, you should be able to see the two static anycast IP addresses and the assigned DNS name for the accelerator.
AWS Global Accelerator uses static IP addresses as entry points for your accelerators. These IP addresses are anycast from AWS edge locations. By default, Global Accelerator provides static IP addresses from the Amazon IP address pool. Instead of using the IP addresses that Global Accelerator provides, you can configure these entry points to be IPv4 addresses from your own address ranges.
See documentation for AWS Global Accelerator Bring Your Own IP.
Once the accelerator is in a Deployed state, we should double check that the back end endpoints are healthy. There is a really easy way to do this and that’s just to look at the accelerator itself.
AWS Global Accelerator requires your router and firewall rules to allow inbound traffic from the IP addresses associated with Route 53 health checkers to complete health checks for Application Load Balancer, EC2 instance, or Elastic IP address endpoints. You can find information about the IP address ranges associated with Amazon Route 53 health checkers in the Amazon Route 53 Developer Guide. AWS Global Accelerator Health Check options can be found here.
At this point, you have deployed an accelerator and should be able to access your back end application. Get the URL/DNS for your accelerator from the AWS Global Accelerator console (see the previous screenshot), access the DNS via cURL and/or a browser.
$ curl http://aebd116200e8c28ad.awsglobalaccelerator.com/ Processed in US-WEST-2 by AGAWorkshop-Function-P5UKYRRL0N05
Via a browser
If you are at an AWS Event, use the web page the instructor shared with you
CHECKPOINT: You have a working accelerator with an ALB as endpoint, many of your users noticed performance improvements. We will discuss Global Accelerator performance in a later workshop.
CHALLENGE 2: You just received a business requirement: the application must use at least two ALBs. Reasons may be blue/green deployments, A/B testing, failover in case for example something happens to the Lambda function, or even to handle the increased traffic. How would you do this - Ready? Move to the next lab!