VPC Security and Control
Basic Networking Concepts
Introduction to AWS PrivateLink
VPC Sharing using the AWS Resource Access Manager
Inter-Regional and Intra-Regional Communication Patterns
Understanding Direct Connect, Implementation and Configuration
Understanding AWS Direct Connect - Connectivity Options
Examining AWS Routing
DNS & Content Delivery on AWS
Managing Public and Private SSL/TLS Certificates using AWS Certificate Manager
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam.
Want more? Try a Lab Playground or do a Lab Challenge!
- Get a foundational understanding of VPCs, their security, and connectivity
- Learn about VPC sharing using the AWS Resource Access Manager
- Discover inter-regional and intra-regional communication patterns in AWS
- Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
- Understand routing in AWS, including static and dynamic routing
- Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
- Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront
Hello and welcome to this lecture covering the AWS Global Accelerator, which is a Global AWS service and therefore not tied to a specific region.
The ultimate aim of the AWS Global Accelerator is to get UDP and TCP traffic from your end user clients to your applications faster and quicker and more reliably, through the use of the AWS global infrastructure and specified endpoints, instead of having to traverse the public internet, which is not as reliable and carries a higher security risk.
Global Accelerator uses two static IP addresses associated with a DNS name which is used as a fixed source to gain access to your application which could be sitting behind a load balancer, such as a network or application load balancer, or directly connected to your EC2 instance or the Elastic IP address. These IP addresses can be mapped to multiple different endpoints, each operating in a different region if a multi-region application is deployed to enhance performance of routing choices.
Because the routing of your request is based across the AWS Global Infrastructure, Global Accelerator intelligently routes customers requests across the most optimized path using its global reach of edge locations, for the lowest latency and avoids any resources that are unhealthy. This helps to improve regional failover and high availability across your deployment.
To set up and configure AWS Global Accelerator there are effectively four steps to follow.
Firstly, you must create your accelerator and give it a name. You must also select if you want to use two IP addresses from AWS' pool of IP addresses or use your own. For each accelerator created, you must select two IP addresses.
Next, you need to create a listener. The listener is used to receive and process incoming connections based upon both the protocol and ports specified, which can either be UDP or TCP based.
Once your listener is created you must associate it with an endpoint group. Each endpoint group is associated with a different region, and within each group there are multiple endpoints. You can also set a traffic dial for the endpoint group, and this is essentially a percentage of how much traffic you would like to go to that endpoint group. And this helps you with blue and green deployments of your application to control the amount of traffic to specific regions. At the stage of adding your endpoint groups you can also configure health checks to allow the global accelerator to understand what should be deemed as healthy and unhealthy.
Finally, you must associate and register your endpoints for your application. And this can either be an application load balancer, a network load balancer, an EC2 instance or an EIP. For each endpoint, you can also assign a weight to route the percentage of traffic to that endpoint in each of your endpoint groups.
Let me now provide a very quick demonstration to show you how this creation looks within the AWS Console.
Okay so I'm logged in to my AWS Management Console and I need to go to the Global Accelerator which is under the Network and Content Delivery category. So if I select the Global Accelerator, now at the moment I don't have any Global Accelerators configured. So from here I'll simply click Create Accelerator.
Now, to start with, I need to select a name for my accelerator. So let me just call this MyAccelerator. Now here we have the IP address type, which is IPv4, and then we have the IP address pool selection. And the default is to use Amazon's pool of IP addresses but if you want to use your own pool of addresses, then this is where you could change it. And also you can add any tags to this service if you need to.
So onto the next stage, this is where we add our listeners. So we can add in a port, for example, port 80. Either TCP or UDP as the protocol, and then you also have Client affinity here. And we can see that if you have state full applications, Global Accelerator can direct all requests from a user at a specific client IP address to the same endpoint resource to maintain client affinity. The default for this option is None. We don't need that for this demonstration, so I'm just gonna leave that as None. And if you want to add any more listeners, simply click on Add Listener, and fill in the relevant details.
For this demonstration, I'm just gonna leave it as the one listener. Once your listeners are configured as you need to, click on Next. And here we have our endpoint groups. Here you select your regions that you want your application to reside in. So, for example, I'll select the London region. And also we have our traffic dial, which as I explained previously, is essentially the percentage of traffic to this region. We can add additional endpoints, so we can have multiple regions if we want to. And you can keep going, add in more more regions. So let's go and remove those two, just leave it as the one region. If you select on the configure Health checks, then you can set your health check configuration as need be just so the AWS Global Accelerator knows what it deems as healthy.
Once you have set your health checks, then you can select Next. On the final stage we need to add our endpoints. So here we have our endpoint group, and we select add endpoint. Now we can either add an Application Load Balancer, Network Load Balancer, an EC2 instance or an Elastic IP address. For this example, I'm gonna select an EC2 instance. And I won't need to select the specific instance. I have one here called MyApplication. And again we have weight information, which directs the amount of traffic to each of your endpoint in your groups. I only have the single endpoint in this group, so I'm just gonna change that to 255. It can be from zero all the way to 255.
To add additional endpoints, simply click on Add endpoint. Select the endpoint that you'd like and then the related resource. I'm just gonna have the one endpoint in this endpoint group. And then once you've done that, simply click Create accelerator. And this would take a few minutes to configure itself and become active. And as you can see the status is in progress.
Also, as I explained earlier, we can see that this Global Accelerator has been given a DNS name, which results to this two static IP addresses. And these are the two IP addresses from the AWS pool of addresses. So that means you can add or change your endpoint groups and related endpoints in any of the regions without having to change the DNS name or the static IP addresses that it results to. So it's very easy to change and increase region availability and high availability for your Global Accelerator. And it's as simple as that.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.