Networking & Content Delivery

Using AWS CloudFormation with AWS Global Accelerator

AWS Global Accelerator is a networking service that helps you achieve lower latency, greater performance, and higher availability for internet traffic between your users’ client devices and your applications running on AWS. By using AWS CloudFormation with Global Accelerator, customers can use the power of infrastructure as code to build Global Accelerator deployments in a safe, secure, and repeatable manner. This blog post provides an example of using CloudFormation to deploy Global Accelerator with an application.

Use CloudFormation with Global Accelerator

You can use Global Accelerator to route TCP or UDP traffic to Application Load Balancers (public or private), Network Load Balancers, private Amazon EC2 instances, or Elastic IP addresses in your VPC. Global Accelerator provides you with a set of static Anycast IP addresses that are announced from multiple AWS locations and serve as single fixed entry points for your clients. Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%. For example, AWS customer Skyscanner improved response time for their customers by 98% using Global Accelerator. You can test the performance benefits from your location with a speed comparison tool (https://speedtest.globalaccelerator.aws/).

 

AWS CloudFormation allows you to model your entire infrastructure and application resources with either a text file or programming language, which removes the need for manual actions or custom scripts. With CloudFormation, you work with stacks made up of templates, which can be JSON- or YAML-formatted text files. When you create a stack, CloudFormation makes underlying service calls based on the templates that you provide and provisions the resources. Learn more in the AWS CloudFormation User Guide here: How does AWS CloudFormation work?

In this walk-through, we show you how to use CloudFormation with Global Accelerator to deploy an accelerator in front of an application, to improve performance and direct traffic to optimal endpoints. In our example, we’ll deploy two CloudFormation templates. The first sets up the sample web application, and the second configures the Global Accelerator resources. You can also take advantage of the CloudFormation nested stack feature to use dedicated templates for reusable and repeatable configurations that are deployed as part of your application stack.

Step 1: Preparing the sample application

For our scenario, the first step is to deploy a sample application in AWS, which we’ll use as an endpoint in Global Accelerator. An endpoint can be a Network Load Balancer, Application Load Balancer (internet-facing or internal), Amazon EC2 instance, or Elastic IP address. For our example, we use the Load-balanced Auto Scaling group sample CloudFormation template to create a sample site on an EC2 instance behind an Application Load Balancer. Later, we’ll specify this Application Load Balancer ARN to configure the Global Accelerator endpoint.

To launch this sample application in your account, click Launch template. You see the following Create stack screen:

Create stack

Choose Next, and then, on the Specify stack details page, enter a name for your CloudFormation stack. Choose the Subnets and Vpcid to use, and then choose Next to deploy the test resources included in the template. For more information, see Specifying Stack Name and Parameters in the AWS CloudFormation User Guide.

Specify stack details
After the CloudFormation stack is successfully deployed, choose the Resources tab. In the list of Resources, find the Application Load Balancer that CloudFormation created, and copy and save the ARN. We’ll use it in the next step of the walk-through.

CloudFormation Stack Statuc

Note: Make sure that you configure the Application Load Balancer’s Security Group to have an inbound rule that allows HTTP traffic on port 80 for your client IP addresses.

 

Step 2: Deploying Global Accelerator using CloudFormation

To deploy Global Accelerator, you create an accelerator and a listener, along with one or more endpoint groups. In our example, we add the Application Load Balancer that we created in Step 1 to an endpoint group in an accelerator.

The following diagram shows an example of an accelerator. For an overview of the Global Accelerator components, see the Welcome section in the AWS Global Accelerator API Reference.

We can use CloudFormation to create an accelerator that includes these components by defining values for the Global Accelerator CloudFormation Resource Types in a CloudFormation template. The following template illustrates the Resource Types for different Global Accelerator components:

AWS::GlobalAccelerator::Accelerator

MyAccelerator:
  Type: AWS::GlobalAccelerator::Accelerator
  Properties:
     Name:  testAccelerator
     IpAddressType: IPV4
     Enabled: true | false
     IpAddresses: ["169.254.0.0", "169.254.0.1"]
     Tags: 
       - Key: foo1
         Value: bar1
       - Key: foo2
         Value: bar2

AWS::GlobalAccelerator::Listener

MyListener:
  Type: AWS::GlobalAccelerator::Listener
  Properties:
     AcceleratorArn: <actual-arn> or Ref: MyAccelerator
     Protocol: TCP | UDP
     ClientAffinity: NONE| SOURCE_IP
     PortRanges:
     - FromPort: 80
      ToPort: 81
     - FromPort: 8080 
      ToPort: 8080

AWS::GlobalAccelerator::EndpointGroup

AWS::GlobalAccelerator::EndpointGroup
MyEndpointGroup:
  Type: AWS::GlobalAccelerator::EndpointGroup
  Properties:
    ListenerArn: <actual-arn> or Ref: MyListener
    EndpointGroupRegion: <region> or Ref AWS::Region
    EndpointConfigurations:
       - EndpointId: <actual arn or eip> or Ref: Endpoint (if in the same stack or imported)
         Weight: 100
         ClientIPPreservationEnabled: true
       - EndpointId: <actual-arn or eip> or Ref: Endpoint (if in the same stack or imported)
   HealthCheckPort: 80
   HealthCheckProtocol: TCP
   HealthCheckPath: “/health”
   ThresholdCount: 5
   HealthCheckIntervalSeconds: 10

For our example, we use these Resource Types to create an accelerator that includes as an endpoint the Application Load Balancer that we created earlier. We’ll add the Application Load Balancer, referenced as LoadbalancerARN, in an endpoint group in AWS Region us-west-2. When you launch the CloudFormation stack, you’re prompted to enter the Application Load Balancer ARN that you copied and saved earlier.

Here’s what our example template looks like:

AWSTemplateFormatVersion: 2010-09-09
Description: CloudFormation template to deploy Global Accelerator
Parameters:
  LoadbalancerARN:
    Description: Application Load Balancer ARN to be used as Global Accelerator endpoint
    Type: String
Resources:
  SampleAccelerator:
    Type: 'AWS::GlobalAccelerator::Accelerator'
    Properties:
      Name: MySampleAccelerator
      IpAddressType: "IPV4"
      Enabled: true
  SampleListener:
    Type: 'AWS::GlobalAccelerator::Listener'
    Properties:
      AcceleratorArn: !Ref SampleAccelerator
      Protocol: TCP
      PortRanges:
        - FromPort: '80'
          ToPort: '80'
  UsWest2EndpointGroup:
    Type: 'AWS::GlobalAccelerator::EndpointGroup'
    Properties:
      ListenerArn: !Ref SampleListener
      EndpointGroupRegion: us-west-2
      EndpointConfigurations:
        - EndpointId: !Ref LoadbalancerARN
          ClientIPPreservationEnabled: true
Outputs:
  AcceleratorDNS:
    Description: DNS for Global Accelerator
    Value: !GetAtt SampleAccelerator.DnsName

To create the example accelerator, save this example text locally as a YAML file, and then launch it as a CloudFormation template in your AWS account. You’ll enter the Application Load Balancer ARN (that you copied and saved in Step 1) for the LoadbalancerARN parameter on the Specify stack details page.

AGA Stack parameter screen

Choose Next, and follow the steps to complete the wizard to deploy the stack. For more information, see Creating a Stack in the AWS CloudFormation User Guide.

Note that the CloudFormation deployment doesn’t finish until the accelerator is in the Deployed state.

 

Step 3: Testing access to the application

After the accelerator finishes deploying, you can access your application by using the accelerator’s DNS name, which is displayed in CloudFormation on the Outputs tab.

AGA Stack Output

After you successfully connect to your application by using the accelerator, you’ll see a page that includes an information graphic and says the following: Congratulations, you have successfully launched the AWS CloudFormation sample.

Application Successful Page

 

Step 4: Cleaning up

To avoid incurring costs after you create this proof of concept, clean up the resources by deleting the accelerator, the Application Load Balancer and the sample application. You can delete all these resources by deleting the CloudFormation stacks. For more information, see Deleting an accelerator, Delete an Application Load Balancer, and Deleting a Stack in the AWS documentation.

Considerations:

  • The CloudFormation stack for creating an accelerator doesn’t finish until the accelerator that includes the listener and endpoint group is fully deployed.
  • The global IP addresses assigned to your accelerator by Global Accelerator are static. They don’t change even if you update the CloudFormation stack.
  • If you bring your own IP address (BYOIP) to use with Global Accelerator and CloudFormation, we don’t support updating the IP addresses after you specify it in a CloudFormation template. If you want to change the IP addresses that you use with your accelerator, delete the accelerator and create a new accelerator with the new IP addresses.
  • When you use a CloudFormation template to create or update an accelerator, you can specify your resources in any AWS Region.  For example, you can define your accelerator and listener in a CloudFormation template in us-west-2.  You can then define your endpoint groups in different CloudFormation templates in the Regions where your endpoints are.  This simplifies setup, but the tradeoff is that your CloudFormation templates in various Regions aren’t related to each other.  Because these cross-Region stacks are not related, make sure that, when you need to tear down the stacks, that you do so in the correct order. That is, delete the stack with the application before you delete the accelerator stack.

Conclusion

In this blog post, we provided an example of using CloudFormation with Global Accelerator to create an accelerator with an Application Load Balancer endpoint. You can use CloudFormation with Global Accelerator at no additional cost in all Regions where Global Accelerator is available.

You can learn more about using Global Accelerator resources in CloudFormation here.

 

Shakeel Ahmad

Shakeel Ahmad

Shakeel Ahmad is a Solutions Architect based out of Melbourne, Australia specializing in Networking & Cloud Infrastructure. He has a BS in Computer Science and a Master of Science in Network Systems. He’s passionate about technology and helping customers architect and build solutions to adopt the art of the possible on AWS.

Sohaib Tahir

Sohaib Tahir

Sohaib Tahir is a Senior Solutions Architect for US State and Local Government Public Sector team specializing in Networking and Cloud Automation. He holds a BE degree in Telecom Engineering from NED University and a MS in Electrical Engineering from Wichita State University. He provides technical and architectural guidance to customers for building solutions on AWS.