I am stuck on a possible implementation for a problem I am facing in AWS.
I have multiple websites that are hosted with S3 using CloudFront in us-east-1. If there is an outage in that region, I want to reroute traffic from those UIs to a website hosted with S3 using CloudFront in another region (just a basic error page, all UIs from us-east-1 need to be rerouted to the same one error page in the new region).
After doing research, I am seeing a lot of documentation for Route 53 DNS Failover handling. However, we don't use Route 53 for traffic routing, so I don't think these solutions apply for this particular problem. Does anyone have any advice on possible solutions?
Using CloudFront's Origin Groups feature, you can group the two S3 endpoints and configure the criteria for when CloudFront should failover to the secondary origin (e.g., 500-504 error). When you create your cache behavior, you'll use the Origin Group as your origin. Details: Optimizing high availability with CloudFront origin failover
Related
I am creating a Cloud Front distribution in AWS. I have a ELB created in Hong Kong region.
When I am selecting Origin Domain, My ELB in Hong Kong region is not coming in drop down. While, I tried with creating ELB in N.Virginia region and it is visible.
Is there any such restrictions imposed by AWS or I am doing something wrong?
I replicated the setup you described in my own AWS account and it happened there as well: The ELB did not show up in the Origin list. While I am not sure why this is the case, an easy workaround for you is to just manually enter the ELB's DNS name as the Origin. My test ELB had the DNS record test-1224452099.ap-east-1.elb.amazonaws.com, so I put http://test-1224452099.ap-east-1.elb.amazonaws.com as the Origin for my CloudFront Distribution. That worked. For production use, above URL should of course be HTTPS, not HTTP.
Please note: You might have to edit the rules of the ELB's security group if the ELB is not reachable from CloudFront. You can use a managed prefix list for this: https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-cloudfront-managed-prefix-list/
Imagine if your CloudFront Origin is on your on-premise data center https://mydatacenter.example.com this should normally will not appear in the CF Origin list but it should work as long as the website is publicly accessible.
I am planning to deploy my api gateway to multiple regions in AWS. I implement a health endpoint in the gateway in each region and configure them in route53 healthy check. So route53 will forward the request to the healthy regions if one region fails on healthy check.
My question is in case of all regions are healthy, will route53 route traffic to the closest region? For example, if there are 2 regions configured in route53, ap-southeast-1 and ap-southeast-2, can route53 route the traffic to ap-southeast-2 if the request is from Sydney since it is closer? If yes, how does route53 decide which one is closer?
Yes, you can do that using Route 53 Geolocation routing policy, which can be used when you want to serve your site based on the location of the client or user.
There are three routing policies in R53 that you may consider:
Geolocation routing policy – Use when you want to route traffic based on the location of your users.
Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
how does route53 decide which one is closer?
Geolocation is based the location that DNS queries originate from.
Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources.
Latency-based routing is based on latency measurements performed over a period of time.
For all these, AWS can also use EDNS0 edns-client-subnet extension.
I am deploying applications in AWS multiple regions. There are a few lambdas sitting behind API gateway. And I'd like to use route53 routing policy to route traffic to different regions.
The policy I'd like to use is Latency-based policy which means route53 routes traffic to resources based on its response time. I have read this doc https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html and https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-latency.html.
It works a little different than my thought. What I am looking for is the use the latency based on the response time in my API gateway or ALB. But based on the doc, it seems that latency is based on DNS resolve name server. Is there a way for me to use the latency based on cloudwatch metric like IntegrationLatency?
The majority of my website traffic is from North America and the UK. Is it possible to "simply" use AWS Route 53 with GeoLocation routing instead of using a CDN? What I envision is deploying my app on an ELB in both North America and the UK and then have a GeoLocation routing policy in Route 53 which sends traffic to the appropriate ELB. The reasons I'd do this are to avoid the CloudFront CDN costs for a $600/month dedicated SSL... sort of a poor mans CDN.
I'd love to hear from others if this is possible, and effective.
I believe you will like one of the products that was recently added to the AWS catalog. With the AWS Global Accelerator you get a single IP address, and your traffic will be routed to the optimal region depending on user's location, but also on service health.
And of course you can always use the generic cloudfront domain for SSL, or a custom domain for SSL using SNI and that would be for free. You only need to pay $600 if you want a custom domain with a dedicated IP, so no SNI. Given the status of SNI support, it might be the case it's good enough for your user base.
As of late 2021, AWS Route 53's Geolocation Routing feature supports this use case...
Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from. For example, you might want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region.
Recently AWS had a biggest outage with S3 on US-east-1. We would like to expand to multiple regions now deploying lambda and S3 data to other regions. I would like to retain one single url that can detect if the region has an outage and forward the call to the active region. If both regions are active, closest region will receive the request.
I tried with AWS Route53 and it did not help with https. Since Cloudfront cannot accept the same cname on more than one distribution.