Getting started with AWS Global Accelerator - AWS Global Accelerator

Getting started with AWS Global Accelerator

These tutorials provide the steps for getting started with AWS Global Accelerator using the console. You can also use AWS Global Accelerator API operations to create and customize your accelerators. At each step in this tutorial, there's a link to the corresponding API operation for completing the task programmatically. (When you set up a custom routing accelerator, you must use the API for certain configuration steps.) For more information about working with AWS Global Accelerator API operations, see the AWS Global Accelerator API Reference.

Tip

To explore how you can use Global Accelerator to improve performance and availability for web applications, check out the following self-paced workshop: AWS Global Accelerator Workshop.

Global Accelerator is a global service that supports endpoints in multiple AWS Regions, which are listed in the AWS Region Table.

This chapter includes two tutorials: one for creating a standard accelerator and one for creating a custom routing accelerator. To learn more about the two types of accelerators, see Work with standard accelerators in AWS Global Accelerator and Work with custom routing accelerators in AWS Global Accelerator.

Getting started with a standard accelerator

This section provides steps for creating a standard accelerator that routes traffic to an optimal endpoint.

Tasks

Before you begin

Before you create an accelerator, create at least one resource that you can add as an endpoint to direct traffic to. For example, create one of the following:

When you create a resource to add to Global Accelerator, be aware of the following:

  • When you add an internal Application Load Balancer or an EC2 instance endpoint in Global Accelerator, you enable internet traffic to flow directly to and from the endpoint in virtual private clouds (VPCs) by targeting it in a private subnet. The VPC that contains the load balancer or EC2 instance must have an internet gateway attached to it, to indicate that the VPC accepts internet traffic. For more information, see Secure VPC connections in AWS Global Accelerator.

  • Global Accelerator requires your router and firewall rules to allow inbound traffic from the IP addresses associated with Route 53 health checkers to complete health checks for EC2 instance or Elastic IP address endpoints. You can find information about the IP address ranges associated with Amazon Route 53 health checkers in Health Checks for Your Target Groups in the Amazon Route 53 Developer Guide.

Important

Make sure that you’re in the AWS Region US West (Oregon). You must be in this Region to create or update accelerators.

Step 1: Create an accelerator

To create your accelerator, you enter a name.

Note

To complete this task by using an API operation instead of the console, see CreateAccelerator in the AWS Global Accelerator API Reference.

To create an accelerator

  1. Open the Global Accelerator console at https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Global Accelerator:.

  2. Choose Create accelerator.

  3. Provide a name for your accelerator.

  4. Optionally, add one or more tags to help you identify your Global Accelerator resources.

  5. Choose Next.

Step 2: Add listeners

Create a listener to process inbound connections from your users to Global Accelerator.

Note

To complete this task by using an API operation instead of the console, see CreateListener in the AWS Global Accelerator API Reference.

To create a listener

  1. On the Add listener page, enter the ports or port ranges that you want to associate with the listener. Listeners support ports 1-65535.

  2. Choose the protocol or protocols for the ports that you entered.

  3. Optionally, choose to enable client affinity. Client affinity for a listener means that Global Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose Source IP.

    The default is None, which means that client affinity is not enabled and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.

    For more information, see Client affinity.

  4. Optionally, choose Add listener to add an additional listener.

  5. When you're finished adding listeners, choose Next.

Step 3: Add endpoint groups

Add one or more endpoint groups, each of which is associated with a specific AWS Region.

Note

To complete this task by using an API operation instead of the console, see CreateEndpointGroup in the AWS Global Accelerator API Reference.

To add an endpoint group

  1. On the Add endpoint groups page, in the section for a listener, choose a Region from the dropdown list.

  2. Optionally, for Traffic dial, enter a number from 0 to 100 to set a percentage of traffic for this endpoint group. The percentage is applied only to the traffic already directed to this endpoint group, not all listener traffic. By default, the traffic dial for an endpoint group is set to 100 (that is, 100%).

  3. Optionally, for custom health check values, choose Configure health checks. When you configure health check settings, Global Accelerator uses the settings for health checks for EC2 instance and Elastic IP address endpoints. For Network Load Balancer and Application Load Balancer endpoints, Global Accelerator uses the health check settings that you've already configured for the load balancers themselves. For more information, see Health check options.

  4. Optionally, choose Add endpoint group to add additional endpoint groups for this listener or other listeners.

  5. Choose Next.

Step 4: Add endpoints

Add one or more endpoints that are associated with specific endpoint groups. This step isn't required, but no traffic is directed to endpoints in a Region unless the endpoints are included in an endpoint group.

Note

If you're creating your accelerator programmatically, you add endpoints as part of adding endpoint groups. For more information, see CreateEndpointGroup in the AWS Global Accelerator API Reference.

To add endpoints

  1. On the Create endpoints page, in the section for an endpoint, choose an Endpoint.

  2. Optionally, for Weight, enter a number from 0 to 255 to set a weight for routing traffic to this endpoint. When you add weights to endpoints, you configure Global Accelerator to route traffic based on proportions that you specify. By default, all endpoints have a weight of 128. For more information, see Endpoint weights.

  3. Optionally, for an Application Load Balancer endpoint, under Preserve client IP address, select Preserve address. For more information, see Preserve client IP addresses in AWS Global Accelerator.

  4. Optionally, choose Add endpoint to add more endpoints.

  5. Choose Next.

After you choose Next, on the Global Accelerator dashboard you'll see a message that your accelerator is in progress. When the process is finished, the accelerator status in the dashboard is Active.

Step 5: Test your accelerator

Take steps to test your accelerator to make sure that traffic is being directed to your endpoints. For example, run a curl command such as the following, substituting one of your accelerator's static IP addresses, to show the AWS Regions where requests are processed. This is especially helpful if you set different weights for endpoints or adjust the traffic dial on endpoint groups.

Run a curl command like the following, substituting one of your accelerator's static IP addresses, to call the IP address 100 times and then output a count of where each request was processed.

for ((i=0;i<100;i++)); do curl http://198.51.100.0/ >> output.txt; done; cat output.txt | sort | uniq -c ; rm output.txt;

If you've adjusted the traffic dial on any endpoint groups, this command can help you confirm that your accelerator is directing the correct percentages of traffic to different groups. For more information, see the detailed examples in the following blog post, Traffic management with AWS Global Accelerator.

Step 6 (optional): Delete your accelerator

If you created an accelerator as a test or if you're no longer using an accelerator, you can delete it. On the console, disable the accelerator, and then you can delete it. You don't have to remove listeners and endpoint groups from the accelerator.

To delete an accelerator by using an API operation instead of the console, you must first remove all listeners and endpoint groups that are associated with the accelerator as well as disable it. For more information, see the DeleteAccelerator operation in the AWS Global Accelerator API Reference.

Be aware of the following when you remove endpoints or endpoint groups, or delete an accelerator:

  • When you create an accelerator, Global Accelerator provides you with a set of two static IP addresses. The IP addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them. As a best practice, ensure that you have permissions in place to avoid inadvertently deleting accelerators. You can use IAM policies with Global Accelerator, for example, tag-based permissions, to limit the users who have permissions to delete an accelerator. For more information, see Tag-based policies.

  • If you terminate an EC2 instance before you remove it from an endpoint group in Global Accelerator, and then you create another instance with the same private IP address, and health checks pass, Global Accelerator will route traffic to the new endpoint. If you don't want this to happen, remove the EC2 instance from the endpoint group before you terminate the instance.

To delete an accelerator

  1. Open the Global Accelerator console at https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Global Accelerator:.

  2. Choose the accelerator that you want to delete.

  3. Choose Edit.

  4. Choose Disable accelerator, and then choose Save.

  5. Choose the accelerator that you want to delete.

  6. Choose Delete accelerator.

  7. In the confirmation dialog box, choose Delete.

Getting started with a custom routing accelerator

This section provides steps for creating a custom routing accelerator that routes traffic deterministically to Amazon EC2 instance destinations in virtual private cloud (VPC) subnet endpoints.

Tasks

Before you begin

Before you create a custom routing accelerator, create a resource that you can add as an endpoint to direct traffic to. A custom routing accelerator endpoint must be a virtual private cloud (VPC) subnet, which can include multiple Amazon EC2 instances. For instructions for creating the resources see the following:

When you create a resource to add to Global Accelerator, be aware of the following:

  • When you add an EC2 instance endpoint in Global Accelerator, you enable internet traffic to flow directly to and from the endpoint in VPCs by targeting it in a private subnet. The VPC that contains the EC2 instance must have an internet gateway attached to it, to indicate that the VPC accepts internet traffic. For more information, see Secure VPC connections in AWS Global Accelerator.

Important

Make sure that you’re in the AWS Region US West (Oregon). You must be in this Region to create or update accelerators.

Step 1: Create a custom routing accelerator

Note

To complete this task by using an API operation instead of the console, see CreateCustomRoutingAccelerator in the AWS Global Accelerator API Reference.

To create an accelerator

  1. Open the Global Accelerator console at https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Global Accelerator:.

  2. Provide a name for your accelerator.

  3. For Accelerator type, select Custom routing.

  4. Optionally, add one or more tags to help you identify your accelerator resources.

  5. Choose Next to add listeners, endpoint groups, and VPC subnet endpoints.

Step 2: Add listeners

Create a listener to process inbound connections from your users to Global Accelerator.

The range that you specify when you create a listener defines how many listener port and destination IP address combinations that you can use with your custom routing accelerator. For maximum flexibility, we recommend that you specify a large port range. Each listener port range that you specify must include a minimum of 16 ports.

Note

To complete this task by using an API operation instead of the console, see CreateCustomRoutingListener in the AWS Global Accelerator API Reference.

To create a listener

  1. On the Add listener page, enter the ports or port ranges that you want to associate with the listener. Listeners support ports 1-65535.

  2. Choose the protocol or protocols for the ports that you entered.

  3. Optionally, choose Add listener to add an additional listener.

  4. When you're finished adding listeners, choose Next.

Step 3: Add endpoint groups

Add one or more endpoint groups, each of which is associated with a specific AWS Region. For each endpoint group, specify one or more sets of port ranges and protocols. Global Accelerator uses these to direct traffic to Amazon EC2 instances in subnets in the Region.

For each port range that you provide, you also specify the protocol to use: UDP, TCP, or both UDP and TCP.

Note

To complete this task by using an API operation instead of the console, see CreateCustomRoutingEndpointGroup in the AWS Global Accelerator API Reference.

To add an endpoint group

  1. On the Add endpoint groups page, in the section for a listener, choose a Region.

  2. For Ports and protocols sets, enter port ranges and protocols for your Amazon EC2 instances.

    • Enter a From port and a To port to specify a range of ports.

    • For each port range, specify the protocol or protocols for that range.

    The port range doesn't have to be a subset of your listener port range, but there must be enough total ports in the listener port range to support the total number of ports that you specify.

  3. Choose Save.

  4. Optionally, choose Add endpoint group to add additional endpoint groups for this listener or other listeners.

  5. Choose Next.

Step 4: Add VPC subnet endpoints

Add one or more virtual private cloud (VPC) subnet endpoints for this regional endpoint group. Endpoints for custom routing accelerators define the VPC subnets that can receive traffic through a custom routing accelerator. Each subnet can contain one or many Amazon EC2 instance destinations.

When you add a VPC subnet endpoint, Global Accelerator generates new port mappings that you can use to route traffic to the destination EC2 instance IP addresses in the subnet. Then you can use the Global Accelerator API to get a static list of all the port mappings for the subnet, and use the mapping to deterministically direct traffic to specific EC2 instances.

Note

The steps here show how to add endpoints in the console. If you're creating your accelerator programmatically, you add endpoints with endpoint groups. For more information, see CreateCustomRoutingEndpointGroup in the AWS Global Accelerator API Reference.

To add endpoints

  1. On the Add endpoints page, in the section for the endpoint group that you want to add the endpoint to, choose a subnet ID for Endpoint.

  2. Optionally, do one of the following to enable traffic to EC2 instance destinations in the subnet:

    • To allow traffic to be directed to all EC2 endpoints and ports on the subnet, select Allow all traffic

    • To allow traffic to specific EC2 endpoints and ports on the subnet, select Allow traffic to specific destination socket addresses. Then specify the IP addresses and ports or port ranges to allow. Finally, choose Allow these destinations.

    By default, no traffic is allowed to subnet endpoints. If you don't select an option to allow traffic, traffic is denied to all destinations in the subnet.

    Note

    If you want to enable traffic to specific EC2 instances and ports in the subnet, you can do that programmatically. For more information, see AllowCustomRoutingTraffic in the AWS Global Accelerator API Reference.

  3. Choose Next.

After you choose Next, on the Global Accelerator, dashboard you'll see a message that your accelerator is in progress. When the process is finished, the accelerator status in the dashboard is Active.

Step 5 (optional): Delete your accelerator

If you created an accelerator as a test or if you're no longer using an accelerator, you can delete it. On the console, disable the accelerator, and then you can delete it. You don't have to remove listeners and endpoint groups from the accelerator.

To delete an accelerator by using an API operation instead of the console, you must first remove all listeners and endpoint groups that are associated with the accelerator as well as disable it. For more information, see the DeleteCustomRoutingAccelerator operation in the AWS Global Accelerator API Reference.

Be aware of the following when you delete an accelerator:

  • When you create an accelerator, Global Accelerator provides you with a set of two static IP addresses. The IP addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them. As a best practice, ensure that you have permissions in place to avoid inadvertently deleting accelerators. You can use IAM policies like tag-based permissions with Global Accelerator to limit the users who have permissions to delete an accelerator. For more information, see Tag-based policies.

To delete an accelerator

  1. Open the Global Accelerator console at https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Global Accelerator:.

  2. Choose the accelerator that you want to delete.

  3. Choose Edit.

  4. Choose Disable accelerator, and then choose Save.

  5. Choose the accelerator that you want to delete.

  6. Choose Delete accelerator.

  7. In the confirmation dialog box, choose Delete.