Add one or more virtual private cloud (VPC) subnet endpoints for this regional endpoint group.
Endpoints for custom routing accelerators define the VPC subnets that can receive traffic through a custom routing accelerator. Each subnet can contain one or many Amazon EC2 instance destinations.
When you add a VPC subnet endpoint, Global Accelerator generates new port mappings that you can use to route traffic to the destination EC2 instance IP addresses in the subnet. Then you can use the
Step 5 (optional): Delete your accelerator
Global Accelerator API to get a static list of all the port mappings for the subnet, and use the mapping to deterministically direct traffic to specific EC2 instances.
NoteThe steps here show how to add endpoints in the console. If you're creating your accelerator programmatically, you add endpoints with endpoint groups. For more information, see CreateCustomRoutingEndpointGroup in the AWS Global Accelerator API Reference.
To add endpoints
1. On the Add endpoints page, in the section for the endpoint group that you want to add the endpoint to, choose a subnet ID for Endpoint.
2. Optionally, do one of the following to enable traffic to EC2 instance destinations in the subnet:
• To allow traffic to be directed to all EC2 endpoints and ports on the subnet, select Allow all traffic
• To allow traffic to specific EC2 endpoints and ports on the subnet, select Allow traffic to specific destination socket addresses. Then specify the IP addresses and ports or port ranges to allow.
Finally, choose Allow these destinations.
By default, no traffic is allowed to subnet endpoints. If you don't select an option to allow traffic, traffic is denied to all destinations in the subnet.
NoteIf you want to enable traffic to specific EC2 instances and ports in the subnet, you can do that programmatically. For more information, see AllowCustomRoutingTraffic in the AWS Global Accelerator API Reference.
3. Choose Next.
After you choose Next, on the Global Accelerator, dashboard you'll see a message that your accelerator is in progress. When the process is finished, the accelerator status in the dashboard is Active.
Step 5 (optional): Delete your accelerator
If you created an accelerator as a test or if you're no longer using an accelerator, you can delete it. On the console, disable the accelerator, and then you can delete it. You don't have to remove listeners and endpoint groups from the accelerator.
To delete an accelerator by using an API operation instead of the console, you must first remove all listeners and endpoint groups that are associated with the accelerator as well as disable it. For more information, see the DeleteCustomRoutingAccelerator operation in the AWS Global Accelerator API Reference.
Be aware of the following when you delete an accelerator:
• When you create an accelerator, Global Accelerator provides you with a set of two static IP addresses.
The IP addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them. As a best practice, ensure that you have permissions in place to avoid inadvertently deleting accelerators. You can use IAM policies like tag-based permissions with Global Accelerator to limit the users who have permissions to delete an accelerator. For more information, see Tag-based policies (p. 90).
To delete an accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
Step 5 (optional): Delete your accelerator
2. Choose the accelerator that you want to delete.
3. Choose Edit.
4. Choose Disable accelerator, and then choose Save.
5. Choose the accelerator that you want to delete.
6. Choose Delete accelerator.
7. In the confirmation dialog box, choose Delete.
Common actions that you can use with AWS Global Accelerator
This section lists common AWS Global Accelerator actions that you can use with Global Accelerator resources, with links to relevant documentation.
Actions to use with standard resources
The following table lists common Global Accelerator actions that you can use with Global Accelerator standard accelerators, with links to relevant documentation.
Action Using the Global Accelerator
Console Using the Global Accelerator
API Create a standard accelerator See Getting started with a
standard accelerator (p. 12) See CreateAccelerator Create a listener for a standard
accelerator See Listeners for standard
accelerators in AWS Global Accelerator (p. 26)
See CreateListener
Create a endpoint group for a
standard accelerator See Endpoint groups for standard accelerators in AWS Global Accelerator (p. 28)
See CreateEndpointGroup
Update a standard accelerator See Standard accelerators in AWS Global
Accelerator (p. 22)
See UpdateAccelerator
List your accelerators See Viewing your
accelerators (p. 24) See ListAccelerator Get all information about an
accelerator See Viewing your
accelerators (p. 24) See DescribeAccelerator Delete an accelerator See Creating or updating a
standard accelerator (p. 23) See DeleteAccelerator
Actions to use with custom routing resources
The following table lists common Global Accelerator actions that you can use with custom routing accelerators, with links to relevant documentation.
Action Using the Global Accelerator
Console Using the Global Accelerator
API Create a custom routing
accelerator See Getting started
with a custom routing accelerator (p. 16)
See
CreateCustomRoutingAccelerator
Action Using the Global Accelerator
Console Using the Global Accelerator
API Create a listener for a custom
routing accelerator See Listeners for custom routing accelerators in AWS Global Accelerator (p. 46)
See
CreateCustomRoutingListener Create an endpoint group for a
custom routing accelerator See Endpoint groups for custom routing accelerators in AWS
accelerators See Viewing your custom
routing accelerators (p. 45) See
ListCustomRoutingAccelerator Get all information about a
custom routing accelerator See Viewing your custom
routing accelerators (p. 45) See
DescribeCustomRoutingAccelerator Delete a custom routing
accelerator See Creating or updating
a custom routing accelerator (p. 44)
See
DeleteCustomRoutingAccelerator Get the static port mapping for
a custom routing accelerator N/A See
ListCustomRoutingPortMappings Allow all destination traffic for
a subnet in a custom routing accelerator
a subnet in a custom routing accelerator
Standard accelerators
Work with standard accelerators in AWS Global Accelerator
This chapter includes procedures and recommendations for creating standard accelerators in AWS Global Accelerator. With a standard accelerator, Global Accelerator chooses the closest healthy endpoint for your traffic.
If instead you want to use custom application logic to direct one or more users to a specific endpoint among many endpoints, create a custom routing accelerator. For more information, see Work with custom routing accelerators in AWS Global Accelerator (p. 39).
To set up a standard accelerator, do the following:
1. Create an accelerator, and choose the standard accelerator option.
2. Add a listener with a specific set of ports or port range, and choose the protocol to accept: TCP, UDP, or both.
3. Add one or more endpoint groups, one for each AWS Region in which you have endpoint resources.
4. Add one or more endpoints to endpoint groups. This isn't required, but traffic won't be routed if you don't have any endpoints. Endpoints can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses.
The following sections step through working with standard accelerators, listeners, endpoint groups, and endpoints.
Topics
• Standard accelerators in AWS Global Accelerator (p. 22)
• Listeners for standard accelerators in AWS Global Accelerator (p. 26)
• Endpoint groups for standard accelerators in AWS Global Accelerator (p. 28)
• Endpoints for standard accelerators in AWS Global Accelerator (p. 32)
Standard accelerators in AWS Global Accelerator
A standard accelerator in AWS Global Accelerator directs traffic to optimal endpoints over the AWS global network to improve the availability and performance of your internet applications that have a global audience. Each accelerator includes one or more listeners. A listener processes inbound connections from clients to Global Accelerator, based on the protocol (or protocols) and port (or port range) that you configure.
When you create an accelerator, by default, Global Accelerator provides you with a set of two static IP addresses. If you bring your own IP address range to AWS (BYOIP), you can instead assign static IP addresses from your own pool to use with your accelerator. For more information, see Bring your own IP addresses (BYOIP) in AWS Global Accelerator (p. 53).
Important
The IP addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you delete an accelerator,
Creating or updating a standard accelerator
you lose the Global Accelerator static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them. As a best practice, ensure that you have permissions in place to avoid inadvertently deleting accelerators. You can use IAM policies with Global Accelerator, for example, tag-based permissions, to limit the users who have permissions to delete an accelerator. For more information, see Tag-based policies (p. 90).
This section explains how to create, edit, or delete a standard accelerator on the Global Accelerator console. If you want to use API operations with Global Accelerator, see the AWS Global Accelerator API Reference.
Topics
• Creating or updating a standard accelerator (p. 23)
• Deleting an accelerator (p. 24)
• Viewing your accelerators (p. 24)
• Add an accelerator when you create a load balancer (p. 24)
• Using global static IP addresses instead of regional static IP addresses (p. 25)
Creating or updating a standard accelerator
This section explains how to create or update standard accelerators on the console. To work with Global Accelerator programmatically, see the AWS Global Accelerator API Reference.
To create a standard accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. Choose Create accelerator.
3. Provide a name for your accelerator.
4. For Accelerator type, select Standard.
5. Optionally, if you brought your own IP address ranges to AWS (BYOIP), you can specify a static IP address for your accelerator, one from each address pool. Make this choice for each of the two static IP addresses for your accelerator.
• For each static IP address, choose the IP address pool to use.
NoteYou must choose a different IP address pool for each static IP address. This restriction is because Global Accelerator assigns each address range to a different network zone, for high availability.
• If you chose your own IP address pool, also choose a specific IP address from the pool. If you choose the default Amazon IP address pool, Global Accelerator assigns a specific IP address to your accelerator.
6. Optionally, add one or more tags to help you identify your accelerator resources.
7. Choose Next to add listeners, endpoint groups, and endpoints.
To edit a standard accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. In the list of accelerators, choose one, and then choose Edit.
3. On the Edit accelerator page, make any changes that you like. For example, you can disable the accelerator so that it no longer accepts or routes traffic, or so that you can delete it. Or, if the accelerator is disabled, you can enable it.
Deleting an accelerator
4. Choose Save changes.
Deleting an accelerator
If you created an accelerator as a test or if you're no longer using an accelerator, you can delete it. On the console, disable the accelerator, and then you can delete it. You don't have to remove listeners and endpoint groups from the accelerator.
To delete an accelerator by using an API operation instead of the console, you must first remove all listeners and endpoint groups that are associated with the accelerator, and then disable it. For more information, see the DeleteAccelerator operation in the AWS Global Accelerator API Reference.
To disable an accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. In the list, choose an accelerator that you want to disable.
3. Choose Edit.
4. Choose Disable accelerator, and then choose Save.
To delete an accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. In the list, choose an accelerator that you want to delete.
3. Choose Delete.
Note
If you haven't disabled the accelerator, Delete is unavailable.
4. In the confirmation dialog box, choose Delete.
Important
When you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator, so you can no longer route traffic by using them.
Viewing your accelerators
You can view information about your accelerators on the console. To see descriptions of your accelerators programmatically, see ListAccelerators and DescribeAccelerator in the AWS Global Accelerator API
Reference.
To view information about your accelerator
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. To see details about an accelerator, in the list, choose an accelerator, and then choose View.
Add an accelerator when you create a load balancer
When you create an Application Load Balancer in the AWS Management Console, you can optionally add an accelerator at the same time. Elastic Load Balancing and Global Accelerator work together to transparently add the accelerator for you. The accelerator is created in your account, with the load balancer as an endpoint. Using an accelerator provides static IP addresses and improves the availability and performance of your applications. (Learn more about accelerators by reading What is AWS Global Accelerator? (p. 1).)
Using global static IP addresses instead of regional static IP addresses Important
To create an accelerator, you must have the correct permissions in place. For more information, see Permissions required for console access, authentication management, and access
control (p. 85).
Configure and view your accelerator
You must update your DNS configuration to direct traffic to the static IP addresses or DNS name for the accelerator. Traffic won't go through the accelerator to your load balancer until your configuration changes are complete.
After you create your load balancer by choosing the Global Accelerator add-on on the Amazon EC2 console, go to the Integrated services tab to see the static IP addresses and Domain Name System (DNS) name for your accelerator. You use this information to start routing user traffic to the load balancer over the AWS global network. For more information about the DNS name assigned to your accelerator, see DNS addressing and custom domains in AWS Global Accelerator (p. 52).
You can view and configure your accelerator by navigating to Global Accelerator in the AWS Management Console. For example, you can see the accelerators that are associated with your account or add additional load balancers to your accelerator. For more information, see Viewing your accelerators (p. 24) and Creating or updating a standard accelerator (p. 23).
Pricing
With AWS Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see AWS Global Accelerator Pricing.
Stop using the accelerator
If you'd like to stop routing traffic through Global Accelerator to your load balancer, do the following:
1. Update your DNS configuration to point your traffic directly to the load balancer.
2. Delete the load balancer from the accelerator. For more information, see To remove an endpoint in Adding, editing, or removing a standard endpoint (p. 33).
3. Delete the accelerator. For more information, see Deleting an accelerator (p. 24).
Using global static IP addresses instead of regional static IP addresses
If you want to use a static IP address in front of an AWS resource, such as an Amazon EC2 instance, you have several options. For example, you can allocate an Elastic IP address, which is a static IPv4 address that you can associate with an Amazon EC2 instance or network interface in a single AWS Region.
If you have a global audience, you can create an accelerator with Global Accelerator to get two global static IP addresses that are announced from AWS edge locations around the world. If you already have AWS resources set up for your applications, in one or multiple Regions, including Amazon EC2 instances, Network Load Balancers, and Application Load Balancers, you can easily add those to Global Accelerator to front them with global static IP addresses.
Opting to use global static IP addresses provisioned by Global Accelerator can also improve the availability and performance of your applications. With Global Accelerator, static IP addresses accept incoming traffic onto the AWS global network from the edge location that is closest to your users.
Listeners for standard accelerators
Maximizing time that traffic is on the AWS network can provide a faster and better customer experience.
For more information, see How AWS Global Accelerator works (p. 3).
You can add an accelerator from the AWS Management Console or by using API operations with the AWS CLI or SDKs. For more information, see Creating or updating a standard accelerator (p. 23).
Note the following when you add an accelerator:
• The global static IP addresses provisioned by Global Accelerator remain assigned to you for as long as your accelerator exists, even if you disable the accelerator and it no longer accepts or routes traffic.
However, if you delete an accelerator, you lose the static IP addresses that are assigned to it. For more information, see Deleting an accelerator (p. 24).
• With Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see AWS Global Accelerator Pricing.
Listeners for standard accelerators in AWS Global Accelerator
With AWS Global Accelerator, you add listeners that process inbound connections from clients based on the ports and protocols that you specify. Listeners support TCP, UDP, or both TCP and UDP protocols.
You define a standard listener when you create your standard accelerator, and you can add more listeners at any time. You associate each listener with one or more endpoint groups, and you associate each endpoint group with one AWS Region.
Topics
• Adding, editing, or removing a standard listener (p. 26)
• Client affinity (p. 27)
Adding, editing, or removing a standard listener
This section explains how to work with listeners on the AWS Global Accelerator console. To complete these tasks by using an API operation instead of the console, see CreateListener, UpdateListener, and DeleteListener in the AWS Global Accelerator API Reference.
To add a listener
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. On the accelerators page, choose an accelerator.
3. Choose Add listener.
4. On the Add listener page, enter the ports or port ranges that you want to associate with the listener. Listeners support ports 1-65535.
5. Choose the protocol for the ports that you entered.
6. Optionally, choose to enable client affinity. Client affinity for a listener means that Global
Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose Source IP.
The default is None, which means that client affinity is not enabled and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.
Client affinity
For more information, see Client affinity (p. 27).
7. Choose Add listener.
To edit a standard listener
1. Open the Global Accelerator console at https://console.aws.amazon.com/globalaccelerator/home.
2. On the accelerators page, choose an accelerator.
3. Choose a listener, and then choose Edit listener.
4. On the Edit listener page, change the ports, port ranges, or protocols that you want to associate with the listener.
5. Optionally, choose to enable client affinity. Client affinity for a listener means that Global
Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose Source IP.
Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose Source IP.