high-availability architectures

You can use Route 53 Failover routing policy with health checks on the origin domain name that’s configured as the origin in CloudFront. When the primary origin becomes unhealthy, Route 53 detects it, and then starts resolving the origin domain name with the IP address of the secondary origin. CloudFront honors the origin DNS TTL, which means that traffic will start flowing to the secondary origin within the DNS TTL. The most optimal configuration (Fast Check activated, a failover threshold of 1, and 60 second DNS TTL) means that the failover will take 70 seconds at minimum to occur. When it does, all of the traffic is switched to the secondary origin, since it’s a stateful failover. Note that this design can be further extended with Route 53 Application Recovery Control for more sophisticated application failover across multiple AWS Regions, Availability Zones, and on-premises. This approach can be combined with CloudFront Origin Failover functionality for GET/HEAD requests to reduce errors while Route 53 fails over to the secondary origin. This pattern is described in this blog.

When the different origins don't share the same domain name, such as for S3 based origins, Route 53 can't be used in the proposed way above. In this scenario, you need a Lambda@Edge function configured on origin request event to query Route 53 for which origin to select, then reroute the request to the selected origin, by changing the origin domain name and with the Host header. To learn more about this implementation, read the following Contentful Case Study.

Application that are using Global Accelerator can benefit from its native failover functionalities. Using Global Accelerator, your application can be deployed in a single AWS Region across multiple Availability Zones or across multiple AWS Regions. Global Accelerator monitors the health of your application endpoints using health checks, and routes traffic away from unhealthy endpoints within tens of seconds.

CloudFront can be used with Route 53 latency-based policy to route user requests to nearest AWS region where you have replicated origin in an Active-Active multi-region architecture. To do this, configure the origin domain name in CloudFront with latency based policy in Route 53. When CloudFront resolves the origin domain name to connect and send the request to the origin, Route 53 returns the nearest origin IP based on latency. Note that the location from which CloudFront resolves the origin domain name depends on the distribution configuration and the traffic type. In general, the domain name is resolved in the edge location for dynamic requests, and in Regional Edge Caches for cacheable content. This blog guides you through an active-active multi-region deployment for API Gateway.

When the different origins don't share the same domain name, such as for S3 based origins, Route 53 can't be used in the above proposed way. In this scenario, you need a Lambda@Edge configured on origin request event to route to the nearest origin. To learn more about this implementation, read the followings blogs:

• Using Amazon CloudFront and Amazon S3 to build multi-Region active-active geo proximity applications
• Reduce latency for end-users with multi-region APIs with CloudFront. In this blog, you will learn about implementing a multi region AppSync based GraphQL API.

In certain scenarios, request routing requires application level logic. When the logic is simple such as routing to different origins based on path (e.g. route /api1 to origin 1 and /api2 tp origin 2), you can simply use the native cache behavior capability of CloudFront. If the logic is more sophisticated, then Lambda@Edge on origin request event allows you to route traffic based on application level attributes, such as URL, cookies, headers, country, etc.. The logic can be stateless and fully embedded in the function code, or can be stored in a external location such as S3 or DynamoDB from which Lambda@Edge fetches the routing rule to execute it.