Create safety rules in Application Recovery Controller - Amazon Route 53 Application Recovery Controller

Create safety rules in Application Recovery Controller

When you work with several routing controls at the same time in Amazon Route 53 Application Recovery Controller, you might decide that you want safeguards in place to avoid unintended consequences. For example, you might want to prevent inadvertently turning off all the routing controls for an application, which would stop all traffic flow, resulting in a fail-open scenario. Or you might want to implement a master "on/off" switch to disable a set of routing controls, perhaps to prevent automation from rerouting traffic. To establish safeguards like these for routing control in Application Recovery Controller, you create safety rules.

You configure safety rules with a combination of routing controls, rules, and other options that you specify. Each safety rule is associated with a single control panel, but a control panel can have more than one safety rule.

There are two types of safety rules, assertion rules and gating rules, which you can use to safeguard failover in different ways.

Assertion rule

With an assertion rule, when you change a routing control state or set of routing control states, Application Recovery Controller enforces that the criteria that you set when you configured the rule is met, or else the routing control states aren't changed.

An example of when this is useful is to prevent a fail-open scenario, like a scenario where you stop traffic from going to one cell but do not start traffic flowing to another cell. To avoid this, an assertion rule makes sure that at least one routing control in a set of routing controls in a control panel is On at any given time. This ensures that traffic is allowed to flow to at least one Region or Availability Zone for an application.

To see an example AWS CLI command that creates an assertion rule to enforce this criteria, see Create safety rules in Get started with routing control by using the AWS CLI.

For detailed information about the assertion rule API operation properties, see AssertionRule in the Recovery Control Configuration API Reference Guide for Amazon Route 53 Application Recovery Controller.

Gating rule

With a gating rule, you can enforce an overall "on/off switch" over a set of routing controls so that whether those routing control states can be changed is enforced based on a set of criteria that you specify in the rule. The simplest criteria is whether a single routing control that you specify as the "switch" is set to On or Off.

To implement this, you create a gating routing control, to use as the overall switch, and target routing controls, to control traffic flow to different Regions or Availability Zones. Then, to prevent manual or automated state updates to the target routing controls that you've configured for the gating rule, you set the gating routing control state to Off. To allow updates, you set it to On.

To see an example AWS CLI command that creates a gating rule that implements this kind of overall switch, see Create safety rules in Get started with routing control by using the AWS CLI.

For detailed information about the gating rule API operation properties, see GatingRule in the Recovery Control Configuration API Reference Guide for Amazon Route 53 Application Recovery Controller.

Create a safety rule on the Route 53 console

The steps in this section explain how to create a safety rule on the Amazon Route 53 console. The steps are similar whether you create an assertion rule or a gating rule. The differences are noted in the procedure.

To create a safety rule

  1. Open the Amazon Route 53 console at https://console.aws.amazon.com/route53/home.

  2. Under Application Recovery Controller, choose Routing control.

  3. On the Routing control page, choose a control panel.

  4. On the control panel details page, choose Action, and then choose Add safety rule.

  5. Choose a type of rule to add: Assertion rule or Gating rule.

  6. Choose a name and, optionally, change the wait period.

  7. Specify the configuration options for the safety rule.

    • For an assertion rule, specify the asserted routing controls.

    • For a gating rule, specify the gating routing control and target routing controls.

    For both rules, specify the rule configuration by choosing the type and threshold, and whether the rule is inverted.

    Note

    To learn more about specifying an assertion rule, see the information provided for AssertionRule operation in the Recovery Control Configuration API Reference Guide for Amazon Route 53 Application Recovery Controller. To learn more about specifying a gating rule, see the information provided for the GatingRule operation in the Recovery Control Configuration API Reference Guide for Amazon Route 53 Application Recovery Controller.

  8. Choose Create.

Edit or delete a safety rule on the Route 53 console

The steps in this section explain how to edit or delete a safety rule on the Amazon Route 53 console. You can make only limited edits to a safety rule, to change the name or update the wait period. To make more extensive changes, delete and recreate the safety rule.

To learn about using API operations with Amazon Route 53 Application Recovery Controller, see the Common actions that you can use with Amazon Route 53 Application Recovery Controller.

To delete a safety rule

  1. Open the Amazon Route 53 console at https://console.aws.amazon.com/route53/home.

  2. Under Application Recovery Controller, choose Routing control.

  3. On the Routing control page, choose a control panel.

  4. On the control panel details page, choose a safety rule, and then choose Delete or Edit.