Q: What is AWS Global Accelerator?
A: AWS Global Accelerator is a networking service that helps you improve the availability and performance of the applications that you offer to your global users. AWS Global Accelerator is easy to set up, configure, and manage. It provides static IP addresses that provide a fixed entry point to your applications and eliminate the complexity of managing specific IP addresses for different AWS Regions and Availability Zones. AWS Global Accelerator always routes user traffic to the optimal endpoint based on performance, reacting instantly to changes in application health, your user’s location, and policies that you configure. You can test the performance benefits from your location with a speed comparison tool. Like other AWS services, AWS Global Accelerator is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees.
Q: What can I do with AWS Global Accelerator?
A: By using AWS Global Accelerator, you can:
- Associate the static IP addresses provided by AWS Global Accelerator to regional AWS resources or endpoints, such as Network Load Balancers, Application Load Balancers, EC2 Instances, and Elastic IP addresses. The IP addresses are anycast from AWS edge locations so they provide onboarding to the AWS global network close to your users.
- Easily move endpoints between Availability Zones or AWS Regions without needing to update your DNS configuration or change client-facing applications.
- Dial traffic up or down for a specific AWS Region by configuring a traffic dial percentage for your endpoint groups. This is especially useful for testing performance and releasing updates.
- Control the proportion of traffic directed to each endpoint within an endpoint group by assigning weights across the endpoints.
Q: How do I get started with AWS Global Accelerator?
A: You can get started with setting up AWS Global Accelerator by using the API or through the AWS Management Console or by using an AWS CloudFormation template. Because AWS Global Accelerator is a global service, it’s not tied to any specific AWS Region. Here are three easy steps to set up AWS Global Accelerator for your application:
- Create an accelerator: When you create your accelerator, AWS Global Accelerator provisions two static IP addresses for it. Then you configure one or more listeners to process inbound connections from end clients to your accelerator, based on the protocol and port that you specify.
- Configure endpoint groups: You choose one or more regional endpoint groups to associate to your accelerator’s listener by specifying the AWS Regions to which you want to distribute traffic. Your listener routes requests to the registered endpoints in this endpoint group. AWS Global Accelerator monitors the health of endpoints within the group using the health check settings defined for each endpoint. You can configure a traffic dial percentage for each endpoint group, which controls the amount of traffic that an endpoint group accepts. By default, the traffic dial is set to 100% for all regional endpoint groups.
- Register endpoints for endpoint groups: You register one or more regional resources, such as Application Load Balancers, Network Load Balancers, EC2 Instances, or Elastic IP addresses, in each endpoint group. Then you can set weights to choose how much traffic is routed to each endpoint.
Q: How does AWS Global Accelerator work together with Elastic Load Balancing (ELB)?
A: Both of these services solve the challenge of routing user requests to healthy application endpoints. AWS Global Accelerator relies on ELB to provide the traditional load balancing features such as support for internal and non-AWS endpoints, pre-warming, and Layer 7 routing. However, while ELB provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions.
A regional ELB load balancer is an ideal target for AWS Global Accelerator. By using a regional ELB load balancer, you can precisely distribute incoming application traffic across backends, such as Amazon EC2 instances or Amazon ECS tasks, within an AWS Region. AWS Global Accelerator complements ELB by extending these capabilities beyond a single AWS Region, allowing you to provision a global interface for your applications in any number of Regions. If you have workloads that cater to a global client base, we recommend that you use AWS Global Accelerator. If you have workloads hosted in a single AWS Region and used by clients in and around the same Region, you can use an Application Load Balancer or Network Load Balancer to manage your resources.
Q: How is AWS Global Accelerator different from Amazon CloudFront?
A: AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions. Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services integrate with AWS Shield for DDoS protection.
Q: Can I use AWS Global Accelerator for my on-premises services?
A: You can’t directly configure on-premises resources as endpoints for your static IP addresses, but you can configure a Network Load Balancer (NLB) in each AWS Region to address your on-premises endpoints. Then you can register the NLBs as endpoints in your AWS Global Accelerator configuration.
Q: Can I deterministically route multiple users to a specific endpoint IP and port behind my accelerator?
A: Yes. By using a custom routing accelerator, you can use your own application logic to route user traffic to a specific Amazon EC2 IP and port in a single or multiple AWS Regions. An example use case is a multi-player game where you want to assign multiple players to a single session on a game server, based on factors such as geographic location, player skill, and gaming configuration. Other examples are VoIP, EdTech, and social media applications that assign multiple users to a specific media server to initiate voice, video, and messaging sessions.
Q: Can I use AWS Global Accelerator for object storage with Amazon S3?
A: You can use Amazon S3 Multi-Region Access Points to get the benefits of Global Accelerator for object storage. S3 Multi-Region Access Points use Global Accelerator transparently to provide a single global endpoint to access a data set that spans multiple S3 buckets in different AWS Regions. This allows you to build multi-region applications with the same simple architecture used in a single region, and then to run those applications anywhere in the world. Application requests made to an S3 Multi-Region Access Point’s global endpoint automatically route over the AWS global network to the S3 bucket with the lowest network latency. This allows applications to automatically avoid congested network segments on the public internet, improving application performance and reliability.
Q: What benefits does AWS Global Accelerator provide?
A: AWS Global Accelerator includes the following benefits:
Instant regional failover: AWS Global Accelerator automatically checks the health of your applications and routes user traffic only to healthy application endpoints. If the health status changes or you make configuration updates, AWS Global Accelerator reacts instantaneously to route your users to the next available endpoint.
High availability: AWS Global Accelerator has a fault-isolating design that increases the availability of your application. When you create an accelerator, you are allocated two IPv4 static IP addresses that are serviced by independent network zones. Similar to Availability Zones, these network zones are isolated units with their own physical infrastructure and serve static IP addresses from a unique IP subnet. If one static IP address becomes unavailable due to IP address blocking or unreachable networks, AWS Global Accelerator provides fault tolerance to client applications by rerouting to a healthy static IP address from the other isolated network zone.
No variability around clients that cache IP addresses: Some client devices and internet resolvers cache DNS answers for long periods of time. So when you make a configuration update, or there’s an application failure or change in your routing preference, you don’t know how long it will take before all of your users receive updated IP addresses. With AWS Global Accelerator, you don’t have to rely on the IP address caching settings of client devices. Change propagation takes a matter of seconds, which reduces your application downtime.
Improved performance: AWS Global Accelerator ingresses traffic from the edge location that is closest to your end clients through anycast static IP addresses. Then traffic traverses the congestion-free and redundant AWS global network, which optimizes the path to your application that is running in an AWS Region. AWS Global Accelerator chooses the optimal AWS Region based on the geography of end clients, which reduces first-byte latency and improves performance by as much as 60%.
Easy manageability: The static IP addresses provided by AWS Global Accelerator are fixed and provide a single entry point to your applications. This lets you easily move your endpoints between Availability Zones or between AWS Regions, without having to update your DNS configuration or client-facing applications. Use cases include A/B testing, application updates, and failover simulations. Corporate proxies can also whitelist your application’s static IP addresses in their firewalls.
Fine-grained control: AWS Global Accelerator lets you set a traffic dial for your regional endpoint groups, to dial traffic up or down for a specific AWS Region when you conduct performance testing or application updates. In addition, if you have stateful applications, you can choose to direct all requests from a user to the same endpoint, regardless of the source port and protocol, to maintain client affinity. These features give you fine-grained control.
Q: I operate only in a single AWS Region. Can I get any benefit from AWS Global Accelerator?
A: Yes. While you might not want to use the intelligent traffic routing capabilities of AWS Global Accelerator, there are a number of advantages to using static IP addresses. First, by using these addresses, you increase the Quality of Service (QoS) for your users by onboarding their traffic onto the AWS global network as close to them as possible. Typically, traffic must take multiple hops through the public internet, over potentially congested and non-redundant network paths, to reach your destination AWS Region. With AWS Global Accelerator, you get to leverage the AWS globally redundant network to help improve your application availability and performance. Second, you have the freedom to easily move your application between AWS Regions without changing your public interface. This means that you can plan for the future, knowing that if your needs change, you can easily migrate or add additional AWS Regions without worrying about how your users will connect to your applications.
Q: How does AWS Global Accelerator make it easy to move to a multi-Region setup?
A: You may want to run your applications in multiple AWS Regions for regional redundancy and to improve performance by running your applications closer to your users. By providing a network layer between your application and clients, AWS Global Accelerator can perform health checks, and then automatically route traffic around failed endpoints, without disrupting clients. This graceful shutdown and startup of new endpoints improves availability and performance for your users while ensuring that internet traffic is routed to the closest available endpoint.
Q: How does AWS Global Accelerator help support multi-Region failover?
A: AWS Global Accelerator provides you with a set of static IP addresses that can map to multiple application endpoints across AWS Regions, to improve redundancy. If your application experiences failure in a specific AWS Region, AWS Global Accelerator automatically detects the unhealthy endpoints and redirects traffic to the next optimal AWS Region, ensuring high availability and disaster recovery.
Q: How fast will my application failover between AWS Regions?
A: AWS Global Accelerator can detect an unhealthy endpoint and take it out of service in less than one minute.
Q: What compliance certifications does AWS Global Accelerator support?
A: AWS Global Accelerator certifications make it easier for you to verify our high security standards and meet your own regulatory and compliance obligations. It has been assessed to comply with PCI DSS, ISO 9001, 27001, 27017, 27018, 27018, and SOC (System & Organization Control), in addition to being HIPAA-eligible.
Bring your own IP
Q: Can I use my own IP addresses with Global Accelerator?
A: You can Bring Your Own IP address ranges (BYOIP) to AWS Global Accelerator, which enables you to use your own IP addresses as a fixed entry point to your application endpoints. This allows you to move your on-premises applications that have hardcoded IP address dependencies to AWS, without making any client-facing changes. This is helpful for example in regulated environments that require allow-listing of IP address ranges. The accelerators that use your own IP addresses work exactly the same as your accelerators which use Amazon-provided IP addresses. For more details, please read the documentation.
Q: Can I advertise an IPv4 pool through Global Accelerator and from the AWS Regions through Amazon EC2?
A: No, you can only advertise an IPv4 pool from either one of the services.
Q: How are Global Accelerator’s static IP addresses different from EC2 Elastic IP addresses?
A: While Global Accelerator’s IP addresses and EC2 Elastic IP addresses are both static addresses, there are some differences between the two. First, Global Accelerator’s IP addresses can be associated with one or more endpoints - Application Load Balancers, Network Load Balancers or EC2 instances, in any number of AWS Regions. This allows you to easily scale out your applications to multiple AZ’s or AWS Regions. Elastic IPs on the other hand are tied to a single AWS resource, such as a load balancer or an EC2 instance, in a single AWS Region. Second, Global Accelerator’s IP addresses can only support client-generated connections, unlike Elastic IPs which support both, client and server -generated connections. Third, Global Accelerator’s IP addresses are advertised from the AWS’s expansive network of edge locations. Traffic ingresses onto the highly performant and available AWS network as close as possible to your users. Elastic IPs are advertised from a single AWS Region at a time.
Q: How many IP ranges can I bring via BYOIP?
A: You can bring a maximum of two IP ranges to your account.
Q: What is the most specific prefix that I can bring via BYOIP?
A: Via BYOIP, the most specific address range that you can bring is /24. The first 24 bits of the IP address specify the network number. For example, 198.51.100 is the network number for IP address 198.51.100.0.
Q: Which RIR prefixes can I use for BYOIP?
A: You can use ARIN, RIPE, and APNIC registered prefixes.
Q: Can I convert my Amazon-provided Elastic IP address ranges into Global Accelerator IP addresses and advertise these globally?
A: No, you can only bring IP address ranges that you own to AWS Global Accelerator. These ranges will be those that you have purchased from internet registries.
Q: What is a custom routing accelerator?
A: A custom routing accelerator is a new type of accelerator in Global Accelerator. It allows you to use your own application logic to deterministically route one or more users to a specific Amazon EC2 instance destination in a single or multiple AWS Regions. This is useful for use cases where you want to control which session on an EC2 instance your user traffic is sent to. One example is a multi-player gaming application where you want to assign multiple players to a single session on a game server, based on factors such as geographic location, player skill, and gaming configuration. Other examples are VoIP, EdTech, and social media applications that assign multiple users to a specific media server to initiate voice, video, and messaging sessions. With a custom routing accelerator, you can direct multiple users to a unique port on your accelerator, and their traffic will be routed to a specific destination IP address and port that your application session is running on.
Q: How is a custom routing accelerator different from a standard accelerator?
A: Standard accelerators automatically route traffic to a healthy endpoint that is nearest to your user. Since they're designed to load balance traffic, you can't deterministically route multiple users to a specific EC2 destination behind your accelerator. Custom routing accelerators allows you to do just that. Another difference is that standard routing accelerators support Network Load Balancers, Application Load Balancers, EC2 instances, and Elastic IPs as endpoints. Custom routing accelerators support only VPC subnet endpoints, each containing one or more EC2 instances that are running your application.
Q: How does custom routing work?
A: With a custom routing accelerator, you can deterministically route multiple users to a specific destination IP address and port that your application session is running on. You simply direct users to a specific port on your Global Accelerator. Users can connect to either of the two static anycast IP addresses allocated to your accelerator. When your users connect to your endpoints by using the accelerator IP address and port, your traffic enters the AWS global network at the closest edge location. Your custom routing accelerator has mapped this accelerator port to a specific EC2 instance and port within a VPC subnet, and routes your user traffic there. The mapping from the accelerator port to your EC2 instances within each VPC subnet is preconfigured and static. This means that your application can query for the mapping using an API, store it, and then use it to control how Global Accelerator routes client traffic. If you add or remove endpoints after creating an accelerator, the mappings for existing endpoints don't change.
Q: What are VPC subnet endpoints?
A: A VPC subnet endpoint is a new type of endpoint introduced with this feature. Each VPC subnet endpoint, which could be in a single or multiple Regions, contains the IP addresses of the EC2 instances that host your application. With a custom routing accelerator, you can put your accelerator in front of up to thousands of EC2 instances running in a single or multiple VPCs. Custom routing accelerators support VPC subnet endpoints with a maximum size of /17 and route traffic only to EC2 instances within each subnet.
Q: How can I monitor whether clients can reach my VPC subnet endpoints through Global Accelerator?
A: Custom routing accelerators don't provide external health checks for your VPC subnet endpoints or the EC2 instances in them. In this scenario, every accelerator port is mapped to a specific EC2 instance private IP address and port. So your application can monitor the health of your EC2 instances, and then if an instance becomes unhealthy, you can control traffic fail over to another specific healthy instance by directing user traffic to a different accelerator IP address and port combination.
Q: What if I need to route to more than 64,000 destinations?
A: If you anticipate needing more destinations, you can simply set up more custom routing accelerators with additional endpoints located in additional subnets. Then update your custom application logic to use the IP addresses of the new accelerator and the new port mapping to reach each instance and port.
Q: Does AWS Global Accelerator support IPv4 and IPv6?
A: The service currently supports IPv4 addresses.
Q: What protocols does AWS Global Accelerator support?
A: AWS Global Accelerator supports both TCP and UDP protocols.
Q: How is AWS Global Accelerator different from a DNS-based traffic management solution?
A: First, some client devices and internet resolvers cache DNS answers for long periods of time. So when you make a configuration update, or there’s an application failure or change in your routing preference, you don’t know how long it will take before all of your users receive updated IP addresses. With AWS Global Accelerator, you don’t have to rely on the IP address caching settings of client devices. Change propagation takes a matter of seconds, which reduces your application downtime. Second, with Global Accelerator, you get static IP addresses that provide a fixed entry point to your applications. This lets you easily move your endpoints between Availability Zones or between AWS Regions, without having to update the DNS configuration or client-facing applications.
Q: Can I use AWS Global Accelerator with AWS Direct Connect?
A: We recommend that you don’t advertise IP addresses that you use to communicate with AWS Global Accelerator over your AWS Direct Connect public virtual interface. Direct Connect does not advertise IP address prefixes for Global Accelerator over a public virtual network. For more information about public virtual interfaces and Direct Connect, see Using Public Virtual Interfaces.