Static anycast IP addresses
AWS Global Accelerator provides you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions. These IP addresses are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible. You can associate these addresses to regional AWS resources or endpoints, such as Application Load Balancers, Network Load Balancers, EC2 instances, and Elastic IP addresses. AWS Global Accelerator’s IP addresses serve as the frontend interface of your applications. By using these static IP addresses, you don’t need to make any client-facing changes or update DNS records as you modify or replace endpoints. The addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic.
Fault tolerance using network zones
AWS Global Accelerator has a fault-isolating design that increases the availability of your applications. When you create an accelerator, AWS Global Accelerator allocates two IPv4 static addresses for you that are serviced by independent network zones. Similar to Availability Zones, these network zones are isolated units with their own set of physical infrastructure and service IP addresses from a unique IP subnet. If one IP address from a network zone becomes unavailable, due to network disruptions or IP address blocking by certain client networks, your client applications can retry using the healthy static IP address from the other isolated network zone.
Global performance-based routing
AWS Global Accelerator uses the vast, congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user. If there’s an application failure, AWS Global Accelerator provides instant failover to the next best endpoint.
Fine-grained traffic control
AWS Global Accelerator gives you the option to dial up or dial down traffic to a specific AWS Region by using traffic dials. For each Region (or endpoint group), you can set a traffic dial to control the percentage of traffic that is directed to that Region. The percentage is applied only to traffic that is already directed to that Region, based on proximity and health of the endpoints. The traffic dial lets you easily do performance testing or blue/green deployment testing for new releases across different AWS Regions, for example. If an endpoint fails, AWS Global Accelerator assigns your user traffic to the other endpoints, to maintain high availability. By default, traffic dials are set to 100% across all endpoint groups so that AWS Global Accelerator can select the best endpoint for your applications.
Continuous availability monitoring
AWS Global Accelerator continuously monitors the health of your application endpoints by using TCP, HTTP, and HTTPS health checks. It instantly reacts to changes in the health or configuration of your endpoints, and redirects user traffic to healthy endpoints that deliver the best performance and availability to your users.
AWS Global Accelerator enables you to build applications that require maintaining state. For stateful applications where you need to consistently route users to the same endpoint, you can choose to direct all requests from a user to the same endpoint, regardless of the port and protocol.
Distributed denial of service (DDoS) resiliency at the edge
By default, AWS Global Accelerator is protected by AWS Shield Standard, which minimizes application downtime and latency from denial of service attacks by using always-on network flow monitoring and automated in-line mitigation. You can also enable AWS Shield Advanced for automated resource-specific enhanced detection and mitigation, as well as 24x7 access to the AWS DDoS Response Team (DRT) for manual mitigations of sophisticated DDoS attacks. AWS Shield Advanced also provides complete visibility into DDoS attacks and DDoS cost protection for scaling. This ensures scalable, reliable, and cost-efficient DDoS protection at the edge for your applications.