From a022c615af4529019fd618fb1c60d356f3334b59 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Fri, 28 Feb 2025 17:27:45 +0300 Subject: [PATCH] feat(aws): introduce global accelerator --- knowledge base/cloud computing/aws/README.md | 73 +++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/knowledge base/cloud computing/aws/README.md b/knowledge base/cloud computing/aws/README.md index 4cabd04..adf5bd2 100644 --- a/knowledge base/cloud computing/aws/README.md +++ b/knowledge base/cloud computing/aws/README.md @@ -9,6 +9,7 @@ 1. [CloudWatch](#cloudwatch) 1. [Config](#config) 1. [Detective](#detective) + 1. [Global Accelerator](#global-accelerator) 1. [GuardDuty](#guardduty) 1. [EventBridge](#eventbridge) 1. [ImageBuilder](#imagebuilder) @@ -233,6 +234,70 @@ Sample templates for compliance standards and benchmarks are available. Uses ML and graphs to try and identify the root cause of security issues.
Creates visualizations with details and context by leveraging events from VPC Flow Logs, CloudTrail and GuardDuty. +### Global Accelerator + +Global service creating accelerators to improve the performance of applications.
+Supports endpoints in multiple Regions. + +**Standard** accelerators improve availability of Internet applications used by a global audience.
+Global Accelerator directs traffic over AWS' global network to endpoints in the nearest Region to the client.
+Endpoints for standard accelerators can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, +or Elastic IP addresses located in one or more Regions. + +**Custom** routing accelerators map one or more users to a specific destination among many. + +Global Accelerator provides 2 static IPv4 addresses and 2 static IPv6 addresses (for dual-stack VPCs) that are +associated with accelerators.
+Those static IP addresses are anycast addresses from AWS' edge network and remain assigned to accelerators for as +long as they exist, **even** if disabled and no longer accepting or routeing traffic.
+When deleting accelerators, the static IP addresses assigned to it are lost. + +Global Accelerator also assigns each accelerator a default DNS name, similar to +`a1234567890abcdef.awsglobalaccelerator.com` for single-stack ones or similar to +`a1234567890abcdef.dualstack.awsglobalaccelerator.com` for dual-stack ones, that points to the static IP addresses +assigned to the same accelerator. + +The static IP addresses provided by Global Accelerator serve as **single fixed entry points** for your clients.
+They accept incoming traffic onto AWS' global network from the edge location that is closest to the users.
+From there, traffic is routed based on the type of accelerator configured: + +- Standard accelerators route traffic to the optimal endpoint based on several factors including the user's location, + the health of the endpoint, and the endpoint weights one configures. +- Custom routing accelerators route each client to a specific EC2 instance and port in a subnet based on the external + static IP address and listener port that one provided. + +Global Accelerator terminates TCP connections from clients at AWS' edge locations and establishes a new TCP connection +to one's endpoints. + +Client IP addresses are preserved for endpoints on custom routing accelerators.
+Standard accelerators have the option to preserve and access the client IP address for some endpoint types. + +Global Accelerator continuously monitors the health of all standard accelerators' endpoints, and reroutes traffic for +all new connections automatically.
+Health checks are **not** used with custom routing accelerators and there is no failover, because one specifies the +destination to route traffic to. + +One can configure weights for one's endpoints in standard accelerators.
+In addition, one can use the traffic dial in Global Accelerator to increase (dial up) or decrease (dial down) the +percentage of traffic to specific endpoint groups. + +Global Accelerator sets an idle timeout to its connections.
+If no data has been sent nor received by the time that the idle timeout period elapses, it closes the connection. + +Idle timeout periods are **not** customizable. + +To prevent connection timeout, one must send a packet with a minimum of one byte of data in either direction within the +TCP connection timeout window. One **cannot** use TCP keep-alive packets to maintain a connection open. + +Idle timeouts are set to 340 seconds for TCP connections and 30 seconds for UDP connections. + +Global Accelerator continues to direct traffic for established connections to endpoints until the idle timeout is met, +**even if the endpoint is marked as unhealthy or it is removed from the accelerator**.
+It selects a new endpoint, if needed, only when a new connection starts or after an idle timeout. + +Refer [How AWS Global Accelerator works] for more and updated details.
+Also see [Using Amazon CloudWatch with AWS Global Accelerator]. + ### GuardDuty Threat detection service. @@ -520,7 +585,7 @@ Stores configuration information (primarily credentials and selected AWS Region) Initiates the connectivity to AWS services. Leveraged by service Clients and Resources.
-boto3 creates a default session automatically when needed, using the default credential profile.
+Boto3 creates a default session automatically when needed, using the default credential profile.
The default credentials profile uses the `~/.aws/credentials` file if found, or tries assuming the role of the executing machine if not. @@ -567,6 +632,9 @@ machine if not. - [Boto3 sessions] - [Boto3 paginators] - [Which log group is causing a sudden increase in my CloudWatch Logs bill?] +- [What is AWS Global Accelerator?] +- [How AWS Global Accelerator works] +- [Using Amazon CloudWatch with AWS Global Accelerator]