Static anycast IP addresses
AWS Global Accelerator provides you with static IP addresses that serve as a fixed entry point to your applications hosted in any number of AWS Regions. These IP addresses are anycast from AWS edge locations, meaning that these IP addresses are announced from multiple AWS edge locations at the same time, enabling traffic to ingress onto the AWS global network as close to your users as possible. You can associate these addresses to regional AWS resources or endpoints, such as Network Load Balancers, Application Load Balancers, and Elastic IP addresses. You don’t need to make any client-facing changes or update DNS records as you modify or replace endpoints. AWS Global Accelerator’s IP addresses are static and serve as the front-end interface of your applications.
Fault tolerance using network zones
AWS Global Accelerator has a fault-isolating design that increases the availability of your applications. Upon provisioning an AWS Global Accelerator resource, you are allocated two IPv4 static addresses that are serviced by independent network zones. Similar to Availability Zones, these network zones are isolated units with their own set of physical infrastructures and service IP addresses from a unique IP subnet. If one IP address from a network zone becomes unavailable due to IP address blocking by certain client networks, or network disruptions, then client applications can retry on the healthy static IP address from the other isolated network zone.
Global performance-based routing
AWS Global Accelerator supports management of network layer traffic at a global level, offering a single front-end for both TCP and UDP workloads. AWS Global Accelerator routes TCP and UDP traffic to the closest healthy application endpoint and, in case of an application failure, provides instant failover to the next best endpoint.
Fine-grained traffic control
AWS Global Accelerator gives you the option to dial up or down the traffic to a specific AWS region using values between zero and one hundred for your endpoint groups. This is especially valuable for testing performance and updates. In the case of a failure, the traffic is reassigned to the other endpoints to maintain high availability. By default, traffic dials are set at one hundred percent across all endpoint groups, letting AWS Global Accelerator select the best endpoint for your applications.
AWS Global Accelerator enables you to build applications where keeping state is essential. For stateful applications that require you to consistently route users to the same endpoint, you can choose to direct all requests from a user to the same endpoint, irrespective of the port and protocol.
Automatic health checks
AWS Global Accelerator continuously monitors the health of your application endpoints and routes around failed applications instantly. It supports TCP, HTTP and HTTP(s) health checks.
Distributed denial of service (DDoS) resiliency at the edge
By default, AWS Global Accelerator is protected by AWS Shield Standard, which minimizes application downtime and latency from denial of service attacks by using always-on network flow monitoring and automated in-line mitigation. You can also enable AWS Shield Advanced for automated resource-specific enhanced detection and mitigation, as well as 24x7 access to AWS DDoS Response Team (DRT) for manual mitigations of sophisticated DDoS attacks. AWS Shield Advanced also provides complete visibility into DDoS attacks and DDoS cost protection for scaling. This ensures scalable, reliable and cost efficient DDoS protection at edge for your applications.