Using AWS CloudFormation with AWS Global Accelerator
AWS Global Accelerator is a networking service that helps you achieve lower latency, greater performance, and higher availability for internet traffic between your users’ client devices and your applications running on AWS. By using AWS CloudFormation with Global Accelerator, customers can use the power of infrastructure as code to build Global Accelerator deployments in a safe, secure, and repeatable manner. This blog post provides an example of using CloudFormation to deploy Global Accelerator with an application.
Use CloudFormation with Global Accelerator
You can use Global Accelerator to route TCP or UDP traffic to Application Load Balancers (public or private), Network Load Balancers, private Amazon EC2 instances, or Elastic IP addresses in your VPC. Global Accelerator provides you with a set of static Anycast IP addresses that are announced from multiple AWS locations and serve as single fixed entry points for your clients. Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%. For example, AWS customer Skyscanner improved response time for their customers by 98% using Global Accelerator. You can test the performance benefits from your location with a speed comparison tool (https://speedtest.globalaccelerator.aws/).
AWS CloudFormation allows you to model your entire infrastructure and application resources with either a text file or programming language, which removes the need for manual actions or custom scripts. With CloudFormation, you work with stacks made up of templates, which can be JSON- or YAML-formatted text files. When you create a stack, CloudFormation makes underlying service calls based on the templates that you provide and provisions the resources. Learn more in the AWS CloudFormation User Guide here: How does AWS CloudFormation work?
In this walk-through, we show you how to use CloudFormation with Global Accelerator to deploy an accelerator in front of an application, to improve performance and direct traffic to optimal endpoints. In our example, we’ll deploy two CloudFormation templates. The first sets up the sample web application, and the second configures the Global Accelerator resources. You can also take advantage of the CloudFormation nested stack feature to use dedicated templates for reusable and repeatable configurations that are deployed as part of your application stack.
Step 1: Preparing the sample application
For our scenario, the first step is to deploy a sample application in AWS, which we’ll use as an endpoint in Global Accelerator. An endpoint can be a Network Load Balancer, Application Load Balancer (internet-facing or internal), Amazon EC2 instance, or Elastic IP address. For our example, we use the Load-balanced Auto Scaling group sample CloudFormation template to create a sample site on an EC2 instance behind an Application Load Balancer. Later, we’ll specify this Application Load Balancer ARN to configure the Global Accelerator endpoint.
To launch this sample application in your account, click Launch template. You see the following Create stack screen:
Choose Next, and then, on the Specify stack details page, enter a name for your CloudFormation stack. Choose the Subnets and Vpcid to use, and then choose Next to deploy the test resources included in the template. For more information, see Specifying Stack Name and Parameters in the AWS CloudFormation User Guide.
After the CloudFormation stack is successfully deployed, choose the Resources tab. In the list of Resources, find the Application Load Balancer that CloudFormation created, and copy and save the ARN. We’ll use it in the next step of the walk-through.
Note: Make sure that you configure the Application Load Balancer’s Security Group to have an inbound rule that allows HTTP traffic on port 80 for your client IP addresses.
Step 2: Deploying Global Accelerator using CloudFormation
To deploy Global Accelerator, you create an accelerator and a listener, along with one or more endpoint groups. In our example, we add the Application Load Balancer that we created in Step 1 to an endpoint group in an accelerator.
The following diagram shows an example of an accelerator. For an overview of the Global Accelerator components, see the Welcome section in the AWS Global Accelerator API Reference.
We can use CloudFormation to create an accelerator that includes these components by defining values for the Global Accelerator CloudFormation Resource Types in a CloudFormation template. The following template illustrates the Resource Types for different Global Accelerator components:
MyAccelerator: Type: AWS::GlobalAccelerator::Accelerator Properties: Name: testAccelerator IpAddressType: IPV4 Enabled: true | false IpAddresses: ["169.254.0.0", "169.254.0.1"] Tags: - Key: foo1 Value: bar1 - Key: foo2 Value: bar2
MyListener: Type: AWS::GlobalAccelerator::Listener Properties: AcceleratorArn: <actual-arn> or Ref: MyAccelerator Protocol: TCP | UDP ClientAffinity: NONE| SOURCE_IP PortRanges: - FromPort: 80 ToPort: 81 - FromPort: 8080 ToPort: 8080
AWS::GlobalAccelerator::EndpointGroup MyEndpointGroup: Type: AWS::GlobalAccelerator::EndpointGroup Properties: ListenerArn: <actual-arn> or Ref: MyListener EndpointGroupRegion: <region> or Ref AWS::Region EndpointConfigurations: - EndpointId: <actual arn or eip> or Ref: Endpoint (if in the same stack or imported) Weight: 100 ClientIPPreservationEnabled: true - EndpointId: <actual-arn or eip> or Ref: Endpoint (if in the same stack or imported) HealthCheckPort: 80 HealthCheckProtocol: TCP HealthCheckPath: “/health” ThresholdCount: 5 HealthCheckIntervalSeconds: 10
For our example, we use these Resource Types to create an accelerator that includes as an endpoint the Application Load Balancer that we created earlier. We’ll add the Application Load Balancer, referenced as LoadbalancerARN, in an endpoint group in AWS Region us-west-2. When you launch the CloudFormation stack, you’re prompted to enter the Application Load Balancer ARN that you copied and saved earlier.
Here’s what our example template looks like:
AWSTemplateFormatVersion: 2010-09-09 Description: CloudFormation template to deploy Global Accelerator Parameters: LoadbalancerARN: Description: Application Load Balancer ARN to be used as Global Accelerator endpoint Type: String Resources: SampleAccelerator: Type: 'AWS::GlobalAccelerator::Accelerator' Properties: Name: MySampleAccelerator IpAddressType: "IPV4" Enabled: true SampleListener: Type: 'AWS::GlobalAccelerator::Listener' Properties: AcceleratorArn: !Ref SampleAccelerator Protocol: TCP PortRanges: - FromPort: '80' ToPort: '80' UsWest2EndpointGroup: Type: 'AWS::GlobalAccelerator::EndpointGroup' Properties: ListenerArn: !Ref SampleListener EndpointGroupRegion: us-west-2 EndpointConfigurations: - EndpointId: !Ref LoadbalancerARN ClientIPPreservationEnabled: true Outputs: AcceleratorDNS: Description: DNS for Global Accelerator Value: !GetAtt SampleAccelerator.DnsName
To create the example accelerator, save this example text locally as a YAML file, and then launch it as a CloudFormation template in your AWS account. You’ll enter the Application Load Balancer ARN (that you copied and saved in Step 1) for the LoadbalancerARN parameter on the Specify stack details page.
Choose Next, and follow the steps to complete the wizard to deploy the stack. For more information, see Creating a Stack in the AWS CloudFormation User Guide.
Note that the CloudFormation deployment doesn’t finish until the accelerator is in the Deployed state.
Step 3: Testing access to the application
After the accelerator finishes deploying, you can access your application by using the accelerator’s DNS name, which is displayed in CloudFormation on the Outputs tab.
After you successfully connect to your application by using the accelerator, you’ll see a page that includes an information graphic and says the following: Congratulations, you have successfully launched the AWS CloudFormation sample.
Step 4: Cleaning up
To avoid incurring costs after you create this proof of concept, clean up the resources by deleting the accelerator, the Application Load Balancer and the sample application. You can delete all these resources by deleting the CloudFormation stacks. For more information, see Deleting an accelerator, Delete an Application Load Balancer, and Deleting a Stack in the AWS documentation.
- The CloudFormation stack for creating an accelerator doesn’t finish until the accelerator that includes the listener and endpoint group is fully deployed.
- The global IP addresses assigned to your accelerator by Global Accelerator are static. They don’t change even if you update the CloudFormation stack.
- If you bring your own IP address (BYOIP) to use with Global Accelerator and CloudFormation, we don’t support updating the IP addresses after you specify it in a CloudFormation template. If you want to change the IP addresses that you use with your accelerator, delete the accelerator and create a new accelerator with the new IP addresses.
- When you use a CloudFormation template to create or update an accelerator, you can specify your resources in any AWS Region. For example, you can define your accelerator and listener in a CloudFormation template in us-west-2. You can then define your endpoint groups in different CloudFormation templates in the Regions where your endpoints are. This simplifies setup, but the tradeoff is that your CloudFormation templates in various Regions aren’t related to each other. Because these cross-Region stacks are not related, make sure that, when you need to tear down the stacks, that you do so in the correct order. That is, delete the stack with the application before you delete the accelerator stack.
In this blog post, we provided an example of using CloudFormation with Global Accelerator to create an accelerator with an Application Load Balancer endpoint. You can use CloudFormation with Global Accelerator at no additional cost in all Regions where Global Accelerator is available.
You can learn more about using Global Accelerator resources in CloudFormation here.