Static anycast IP addresses
AWS Global Accelerator provides you with static IP addresses that serve as a fixed entry point to your applications hosted in a single or multiple AWS Regions. These IP addresses are anycast from AWS edge locations, meaning that these IP addresses are announced from multiple AWS edge locations at the same time, enabling traffic to ingress onto the AWS global network as close to your users as possible. You can associate these addresses to regional AWS resources or endpoints, such as Application Load Balancers, Network Load Balancers, EC2 Instances, and Elastic IP addresses. You don’t need to make any client-facing changes or update DNS records as you modify or replace endpoints. AWS Global Accelerator’s IP addresses serve as the front-end interface of your applications and are static, meaning that they are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic.
Fault tolerance using network zones
AWS Global Accelerator has a fault-isolating design that increases the availability of your applications. Upon provisioning an AWS Global Accelerator resource, you are allocated two IPv4 static addresses that are serviced by independent network zones. Similar to Availability Zones, these network zones are isolated units with their own set of physical infrastructures and service IP addresses from a unique IP subnet. If one IP address from a network zone becomes unavailable due to IP address blocking by certain client networks, or network disruptions, then client applications can retry on the healthy static IP address from the other isolated network zone.
Global performance-based routing
AWS Global Accelerator uses the vast, congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user and, in case of an application failure, provides instant failover to the next best endpoint.
Fine-grained traffic control
AWS Global Accelerator gives you the option to dial up or down the traffic to a specific AWS Region using traffic dials. For each region (or endpoint group), you can set a traffic dial to control the percentage of traffic that is directed to that region. The percentage is applied only to traffic that is already directed to that region based on proximity and health of the endpoints. The traffic dial lets you easily do performance testing or blue/green deployment testing for new releases across different AWS Regions, for example. In the case of a failure, the traffic is reassigned to the other endpoints to maintain high availability. By default, traffic dials are set at one hundred percent across all endpoint groups, letting AWS Global Accelerator select the best endpoint for your applications.
Continuous availability monitoring
AWS Global Accelerator continuously monitors the health of your application endpoints by using TCP, HTTP and HTTP(s) health checks. It instantly reacts to changes in the endpoints’ health or configuration, and redirects user traffic to healthy endpoints that deliver the best performance and availability to your users.
AWS Global Accelerator enables you to build applications where keeping state is essential. For stateful applications that require you to consistently route users to the same endpoint, you can choose to direct all requests from a user to the same endpoint, irrespective of the port and protocol.
Distributed denial of service (DDoS) resiliency at the edge
By default, AWS Global Accelerator is protected by AWS Shield Standard, which minimizes application downtime and latency from denial of service attacks by using always-on network flow monitoring and automated in-line mitigation. You can also enable AWS Shield Advanced for automated resource-specific enhanced detection and mitigation, as well as 24x7 access to AWS DDoS Response Team (DRT) for manual mitigations of sophisticated DDoS attacks. AWS Shield Advanced also provides complete visibility into DDoS attacks and DDoS cost protection for scaling. This ensures scalable, reliable and cost efficient DDoS protection at edge for your applications.