AWS Networking & CDN
Global Accelerator
Improve global application availability using the AWS edge network
AWS Global Accelerator is a networking service that routes your application traffic through the AWS global network instead of the public internet, improving availability and performance by up to 60% for global users. It provides two static anycast IP addresses that serve as a fixed entry point and automatically reroutes traffic to the nearest healthy endpoint when failures occur.
How Global Accelerator Works
Global Accelerator uses anycast routing to direct users to the nearest AWS edge location. From there, traffic travels over the AWS private backbone to your endpoints, avoiding the unpredictable public internet for the majority of the path.
| Component | Description | Key Detail |
|---|---|---|
| Accelerator | Top-level resource with two static anycast IPs | IPs never change; clients hard-code these instead of DNS |
| Listener | Processes inbound connections on specific ports/protocols | TCP or UDP; port ranges supported |
| Endpoint Group | Regional grouping of endpoints with traffic dial | One per region; traffic dial 0-100% for gradual shifts |
| Endpoint | ALB, NLB, EC2 instance, or Elastic IP | Weighted endpoints within a group for local load balancing |
| Edge Location | Entry point where client traffic enters AWS backbone | 90+ PoPs globally; client connects to nearest via anycast |
| Traffic Dial | Percentage of traffic to send to an endpoint group | Set to 0 for instant regional failover during incidents |
The two static IPs are the biggest differentiator from CloudFront. When you need a fixed IP address for whitelisting in client firewalls, or when you're dealing with non-HTTP protocols, Global Accelerator is the right tool. CloudFront IPs change over time and cannot be whitelisted reliably.
Global Accelerator vs CloudFront
Both use the AWS edge network, but they serve different purposes and complement each other.
| Feature | Global Accelerator | CloudFront |
|---|---|---|
| Primary purpose | Network routing optimization; static IPs | Content caching and delivery |
| Protocol support | TCP and UDP (any protocol) | HTTP and HTTPS only |
| Caching | No caching; pure routing | Extensive edge caching |
| Static IPs | Yes (two anycast IPs per accelerator) | No (IPs change; use DNS only) |
| DDoS protection | AWS Shield Standard built-in | AWS Shield Standard built-in |
| WAF integration | No | Yes |
| Health checking | Active health checks; automatic failover | Origin health checks via origin groups only |
| Pricing | $0.025/hr + $0.01/GB | $0.0085/GB+ (varies by region) |
| Best for | Gaming, IoT, VoIP, non-HTTP APIs, IP whitelisting | Web apps, APIs, static sites, media delivery |
Global Accelerator does not cache content. Every request still reaches your origin - it just gets there faster via the AWS backbone. If your goal is reducing origin load and improving cache hit rates for HTTP content, CloudFront is the right choice, not Global Accelerator.
Health Checking and Automatic Failover
Global Accelerator actively monitors endpoint health and reroutes traffic in under 30 seconds when an endpoint or region becomes unhealthy.
| Health Check Setting | Options | Recommendation |
|---|---|---|
| Protocol | TCP, HTTP, HTTPS | HTTP/HTTPS for application health; TCP for non-HTTP |
| Interval | 10s or 30s | 10s for faster failover detection |
| Threshold | 3 consecutive failures | Can be reduced via support request |
| Path (HTTP/HTTPS) | Custom health check URL | Use /health endpoint that verifies backend dependencies |
Traffic dial at the endpoint group level allows zero-traffic routing for a region during incidents. Set traffic dial to 0 to instantly drain a region without changing DNS or client configuration. The other regions automatically absorb the traffic based on their weights.
# Create a Global Accelerator
aws globalaccelerator create-accelerator \
--name my-accelerator \
--ip-address-type IPV4 \
--enabled
# Create a listener
aws globalaccelerator create-listener \
--accelerator-arn arn:aws:globalaccelerator::123:accelerator/abc \
--protocol TCP \
--port-ranges FromPort=443,ToPort=443
# Update traffic dial to 0 for emergency regional isolation
aws globalaccelerator update-endpoint-group \
--endpoint-group-arn arn:aws:globalaccelerator::123:accelerator/abc/listener/def/endpoint-group/ghi \
--traffic-dial-percentage 0Pricing
| Component | Cost | Notes |
|---|---|---|
| Accelerator (fixed per region) | $0.025/hr (~$18/month) | Per accelerator regardless of traffic |
| Data transfer premium (US/EU) | $0.015/GB | Premium over standard data transfer rates |
| Data transfer premium (Asia) | $0.030/GB | Higher premium for Asia-Pacific regions |
| AWS Shield Advanced | Optional; $3,000/month | Enhanced DDoS protection with financial guarantees |
Compare Global Accelerator total cost against the latency improvement for your user base. For applications with mostly regional users, a well-configured CloudFront distribution or multi-region ALB may be sufficient. Global Accelerator shines for truly global user bases or non-HTTP workloads.
Interview Focus Points
- 1What is the key difference between Global Accelerator and CloudFront? When would you use each?
- 2Why would you choose Global Accelerator over a multi-region Route 53 latency routing setup?
- 3How does anycast routing work and how does Global Accelerator use it?
- 4Explain the traffic dial feature and give a scenario where you'd use it.
- 5A gaming company needs low-latency UDP routing to multiple regions. Which AWS service would you recommend and why?
- 6How does Global Accelerator handle regional failover compared to Route 53 failover?
- 7Why do some clients require static IPs and how does Global Accelerator address this?