Amazon Route 53
Amazon Route 53 is a scalable and highly available Domain Name System service. The name is a reference to Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port 53, where DNS server requests are addressed. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names such as amazonbate.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
- In addition to being able to route AWS clients to various AWS services, including Amazon EC2 instances, Elastic Load Balancing load balancers, and Amazon S3 buckets, Route 53 also enables AWS its customers to route users to non-AWS infrastructure and to monitor the health of their application and its endpoints.
- Route 53’s servers are distributed throughout the world. Amazon Route 53 supports full, end-to-end DNS resolution over IPv6. Recursive DNS resolvers on IPv6 networks can use either IPv4 or IPv6 transport to send DNS queries to Amazon Route 53.
- Amazon Route 53 Traffic Flow makes it easy for its customers to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of which can be combined with DNS Failover in order to enable a variety of low-latency, fault-tolerant architectures.
- AWS customers can purchase and manage domain name such as www.amazonbate.com, where Route 53 will automatically configure DNS settings for the domain.
Route 53 Features
Geographical DNS:- Route 53’s Geo DNS allows customers to balance load by directing requests to specific endpoints based on the geographic location from which the request originates and enables them to customize localized content, including presenting detail pages in the right language or restricting distribution of content to only the markets you have licensed.
- Geo DNS provides three levels of geographic granularity: continent, country, and state.
- Geo DNS provides a global record which is served in cases where an end user’s location doesn’t match any of the specific Geo DNS records you have created.
- Using Geolocation routing policy, customers can route traffic based on the location of their users.
- Geolocation routing lets them choose the resources that serve their traffic based on the geographic location of their end users, meaning the location that DNS queries originate from.
- Customers can use Geoproximity routing policy, when they want to route traffic based on the location of their resources and, optionally, shift traffic from resources in one location to resources in another.
Traffic flow:- Route 53 traffic flow provides a visual editor that helps customers create complex trees and save the configuration as a traffic policy. Once that is done they can associate the traffic policy with one or more domain names (like amazonbate.com) or subdomain names (such as www.amazonbate.com) in the same hosted zone or in multiple hosted zones.
- Using Amazon Route 53 Traffic Flow’s simple visual editor, customers can easily manage how their end-users are routed to their application’s endpoints—whether in a single AWS region or distributed around the globe.
- Customers can use Multivalue answer routing policy if they want Route 53 to respond to DNS queries with up to eight healthy records selected at random.
- Multivalue answer routing lets customers configure Route 53 to return multiple values, such as IP addresses for their web servers, in response to DNS queries.
- Weighted routing policy:– Weighted routing lets customers associate multiple resources with a single domain name or subdomain name and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software.
Geoproximity routing policy:– Customers can use this policy when they want to route traffic based on the location of their resources and, optionally, shift traffic from resources in one location to resources in another.
DNS Failover:- DNS Failover help detect an outage of customers website and redirect their end users to alternate locations where their application is operating properly.
- Using Failover routing policy, customers can configure active-passive failover.
- Failover routing lets customers route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy.
- The primary and secondary records can route traffic to anything from an Amazon S3 bucket that is configured as a website to a complex tree of records.
- Route 53 health-checking agents will monitor each location (or “endpoint”) of the custoemr application to determine its availability.
- In the event an endpoint fails, Route 53 will route traffic away from the failed endpoint and to other, healthy endpoints.
Health checking:- Amazon Route 53 enables customers to configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of their application and its endpoints. It sends automated requests to customers application to verify that it’s reachable, available and functional.
- Amazon Route 53 automatically sends the website visitors to other locations to avoid site outages.
- Customers can use the visual editor to quickly find resources that are needed to update and apply the updates to one or more DNS names.
- It routes end users to the best endpoint for the application based on geo-proximity, latency, health, and other considerations.
Domain Name Service (DNS):- Route 53 translates names to IP addresses using a global network of authoritative DNS servers. AWS Route 53 customers can search and register for the domains among the available ones. They can also transfer the existing domain to manage by Route 53.
- Route 53 offers a domain name registration service for its customers, where they can search, register, and buy for the domains names. They can also transfer the existing domain to manage by Route 53.
- Route 53 will be automatically configured the DNS service for the new registered domain name, and a hosted zone will also be created for that specific domain name.
Latency Based Routing:- LBR works by routing customers users to the AWS endpoint such as EC2 instances, Elastic IPs or ELB, which provides the fastest experience based on actual performance measurements of the different AWS regions where their application is running.
- Customers use Latency routing policy when they have resources in multiple AWS Regions and do’t want to route traffic to the region that provides the best latency.
- If the customers application is hosted in multiple AWS Regions, they can improve performance for their users by serving their requests from the AWS Region that provides the lowest latency.
Resolver:- When AWS clients create a VPC, they automatically get DNS resolution within the VPC from Route 53 Resolver. This Resolver answers DNS queries for VPC domain names for EC2 instances or ELB load balancers. It also performs recursive lookup against public name servers for all other domain names.
- DNS resolvers on AWS customers network forward DNS queries to Resolver in a specified VPC. Which enables the customer DNS resolvers to easily resolve domain names for AWS resources such as EC2 instances.
- AWS Customers can create Resolver rules that specify the domain names for the DNS queries that they want to forward such as amazonbate.com, and the IP addresses of the DNS resolvers on their network that they want to forward the queries to.
AWS Customers can create conditional forwarding rules and DNS endpoints to resolve custom names mastered in Amazon Route 53 private hosted zones or in their on-premises DNS servers.There are two types of resolver endpoints, inbound and outbound:
- An inbound resolver endpoint forwards DNS queries to the DNS service for a VPC from customers network or another VPC.
- An outbound resolver endpoint forwards DNS queries from the DNS service for a VPC to customers network or another VPC.
Domain Name Service (DNS)
A domain name is the human-friendly name that are used to associat with an Internet resource. Domain locations in a DNS can be relative to one another and, as such, can be somewhat ambiguous. A Fully Qualified Domain Name (FQDN), also referred to as an absolute domain name, specifies a domain’s location in relation to the absolute root of the DNS. This means that the FQDN specifies each parent domain including the TLD. A proper FQDN ends with a dot, indicating the root of the DNS hierarchy. An IP address is a network addressable location. Each IP address must be unique within its network. For public websites, this network is the entire Internet. There are two types of IP Addresses IPv4 addresses and IPv6 addresses:
- IPv4 addresses, the most common form of addresses, consist of four sets of numbers separated by a dot(111.222.333.444), with each set having up to three digits.
- IPv6 addresses has an address space of 128 bits, which is way larger than IPv4 addresses. To be exact 340 Undecillion (34 x 10^40) IP addresses can be created using IPv6 address.
DNS Host Name
Domain Name System (DNS) is a standard by which names used on the Internet are resolved to their corresponding IP addresses. In other words Domain names are easily recognizable names for numerically addressed Internet resources.
- A domain is a general DNS concept and a hosted zone is an Amazon Route 53 concept. A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name such as www.amazon.com, and www.aws.amazon.com, but not a record named www.amazon.ca. All resource record sets within a hosted zone must have the hosted zone’s domain name as a suffix.
- A DNS hostname is a name that uniquely and absolutely names a computer; it’s composed of a host name and a domain name. DNS servers resolve DNS hostnames to their corresponding IP addresses.
- Host refers to the domain owner, who can define individual domain name, which refer to separate computers or services accessible through a domain.(amazon.com, www.amazon.com).
- Since DNS uses a hierarchical name structure, and different levels in the hierarchy are each separated with a dot (.).
- Which allows a large domain to be partitioned or extended into multiple subdomains. TLDs can have many subdomains under them.
- Host name defines a computer or resource.
- A subdomain extends the parent domain. Subdomains are a method of subdividing the domain itself.
DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser. It is also called Name Servers.
- A DNS server is a computer designated to translate domain names into IP addresses. These servers do most of the work in the DNS.
- A DNS servers can be authoritative, meaning that they give answers to queries about domains under their control
- Each server may redirect requests to other name servers or delegate responsibility for the subset of subdomains for which they are responsible.
- A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how a DNS server finally identifies which IP address should be contacted when a user requests a certain domain name.
- Zone files reside in name servers and generally define the resources available under a specific domain, or the place where one can go to get that information.
- The root zone file is a small (about 2 MB) data set, whose publication is the primary purpose of root name servers.
- The root zone file is at the apex of a hierarchical distributed database of the DNS.
All DNS servers fall into one of four categories: Authoritative nameservers, Recursive resolvers, root name servers, TLD nameservers, and. In a typical DNS lookup (when there is no caching in play), these four DNS servers work together in harmony to complete the task of delivering the IP address for a specified domain to the client
A domain name is the information that users enter into a web browser (the human-friendly version of an IP address) in order to reach a specific website. DNS is a globally service that translates human readable names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
A DNS system is much like a hierarchy, that manages the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser. These requests are called queries.
- Top-Level Domain (TLD):– A Top-Level Domain (TLD) is the most General part of the domain. The TLD is the farthest portion to the right (as separated by a dot). Common TLDs are .com, .net, .org, .gov, .edu, and .io. In the most basic terms, a top level domain (TLD) – also called a domain name extension – is the letter combination that concludes a web address.
- TLDs are at the top of the hierarchy in terms of domain names. Certain parties are given management control over TLDs by the Internet Corporation for Assigned Names and Numbers (ICANN).
- These domains are registered with the Network Information Center (InterNIC), a service of ICANN, which enforces the uniqueness of domain names across the Internet. Each domain name becomes registered in a central database, known as the WhoIS database.
- Second-Level Domain (SLD):– In simple terms, a second level domain is the name just to the left of the domain extension, the .com or .net. In the above case Here, the word “amazon” – directly to the left of the final dot – is the second level domain.
- In many ways, clients SLD is the identity of their website. Thus, It should correspond to the services it offers. That distinguishes the website from others, and therefore, is worthy of careful forethought.
- The SLD is the first point of contact internet users have with clients website. It’s the most memorable part of a URL and therefore the most important.
A hosted zone is a container for records, and records contain information about how AWS clients want to route traffic for a specific domain, such as amazon.com, and its subdomains (either acme.amazone or aws.amazon.com). A hosted zone and the corresponding domain have the same name. There are two types of hosted zones:
- A public hosted zone is a container that holds information about how AWS clients want to route traffic on the internet for a specific domain, such as example.com, and its subdomains (acme.example.com, zenith.example.com. Customers can get a public hosted zone in one of two ways:
- Where they register a domain with Route 53, we create a hosted zone for them automatically.
- When they transfer DNS service for an existing domain to Route 53, they start by creating a hosted zone for the domain.
- A private hosted zone is a container that holds information about how the customers want Amazon Route 53 to respond to DNS queries for a domain and its subdomains within one or more VPCs that you create with the Amazon VPC service.
- A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how a DNS server identifies which IP address should be contacted when a user requests a certain domain name.
- Zone files reside in name servers and generally define the resources available under a specific domain, or the place where one can go to get that information
Types of DNS Service
Authoritative DNS:– An authoritative DNS service provides an update mechanism that developers use to manage their public DNS names. It then answers DNS queries, translating domain names into IP addresses so computers can communicate with each other. Simply, an authoritative DNS nameservers are responsible providing answers to recursive DNS nameservers with the IP “mapping” of the intended website.
- Authoritative DNS has the final authority over a domain and is responsible for providing answers to recursive DNS servers with the IP address information. Amazon Route 53 is an authoritative DNS system.
A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD)
TLD name servers:– A TLD name server maintains information for all the domain names that share a common domain extension, such as .com, .net, or whatever comes after the last dot in a url.
- A TLD is the highest level of domain names in the root zone of the DNS of the Internet. For all domains in lower levels, it is the last part of the domain name, that is, the label that follows the last dot of a fully qualified domain name.
- A Fully Qualified Domain Name (FQDN) is referred also as an absolute domain name specifies a domain’s location in relation to the absolute root of the DNS.
- This means that the FQDN specifies each parent domain including the TLD. A proper FQDN ends with a dot, indicating the root of the DNS hierarchy.
In a typical DNS lookup (when there is no caching in play), these four DNS servers work together in harmony to complete the task of delivering the IP address for a specified domain to the client (the client is usually a stub resolver – a simple resolver built into an operating system).
A root name server:– A root name server (also called a DNS root server) is responsible answering client requests in the domain name system’s root zone (the root zone marks the largest layer in the DNS’ name space).
- The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts.
- The root name server doesn’t execute the name resolution itself and instead it informs the requesting client about which other name server it can obtain further information about the desired IP address.
- Root name servers know the IP addresses of the authoritative nameservers that handle DNS queries for the Top Level Domains (TLD) like “.com”, “.edu” or “.gov”.
- A root server accepts a recursive resolver’s query and the root name server responds by directing the recursive resolver to a TLD nameserver, based on the extension of that domain root name servers are on.
- It is overseen by a nonprofit called the Internet Corporation for Assigned Names and Numbers (ICANN).
Recursive DNS(DNS recursor):– Recursive DNS nameservers are responsible for providing the proper IP address of the intended domain name to the requesting host. In this case customers typically do not make queries directly to authoritative DNS services. Instead, they generally connect to another type of DNS service known a resolver, or a recursive DNS service. A recursive DNS service doesn’t own any DNS records, it acts as an intermediary, that can get the DNS information on customers behalf.
- A recursive resolver is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root name server, followed by another request to a TLD nameserver, and and then one last request to an authoritative nameserver.
- If a recursive DNS has the DNS reference cached, or stored for a period of time, then it answers the DNS query by providing the source or IP information. If not, it passes the query to one or more authoritative DNS servers to find the information.
Amazon Machine Image
Each zone file contains records. A record is a single mapping between a resource and a name. These can map a domain name to an IP address or define resources for the domain, such as name servers or mail servers.
- A Start of Authority (SOA) record is mandatory in all zone files, it specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone. Each zone contains a single SOA record. The SOA record stores information about the following:
- The name of the DNS server for that zone
- The administrator of the zone
- The current version of the data file
- The number of seconds that a secondary name server should wait before checking for updates
- The number of seconds that a secondary name server should wait before retrying a failed zone transfer
- The maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire
- The default TTL value (in seconds) for resource records in the zone.
A (Address Record):- Returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host,but it is also used for DNSBLs, storing subnet masks in RFC 1101, etc.
CNAME (Canonical Name Record):- Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name.
MX (Mail Exchange Record):- Maps a domain name to a list of message transfer agents for that domain
AAAA IPv6 (Address Record):- Returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
TXT (Text Record):- Originally for arbitrary human-readable text in a DNS record. Since the early 1990s, however, this record more often carriesmachine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, DNS-SD, etc.
PTR (Pointer Record):- Pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD.
SRV (Service locator):- Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX.
SPF (Sender Policy Framework):- SPF(99) (from RFC 4408) was specified as part of the Sender Policy Framework protocol as an alternative to storing SPF data in TXT records, using the same format. It was later found that the majority of SPF deployments lack proper support for this record type, and support for it was discontinued in RFC 7208.
NS (Name Server record):- Delegates a DNS zone to use the given authoritative name server global network.
Monitoring is an important part of maintaining the reliability, availability, and performance of clients AWS solutions. It is a good practice to collect monitoring data from all of the parts of the AWS solution so that they can more easily debug a multi-point failure if one occurs. By creating a monitoring plan that includes the following information:
- The purpose of monitoring.
- The resources that will be used to monitor.
- The number of times it was monitored.
- The tools that was to monitor.
- The entity who perform the monitoring.
- The entity who should be notified when something goes wrong.
Monitoring Domain Registrations
The Amazon Route 53 dashboard provides detailed information about the status of its customers domain registrations such as:
Status of new domain registrations
Status of domain transfers to Route 53
List of domains that are approaching the expiration date
Using CloudWatch, which collect and process data into readable, near real-time metrics, AWS customers can monitor their resources by creating Amazon Route 53 health checks, public hosted zones, and the number of DNS queries that are forwarded by Route 53 Resolver endpoints.
Route 53 is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Route 53. CloudTrail captures all API calls for Route 53 as events, including calls from the Route 53 console and from code calls to the Route 53 APIs.
Logging DNS Queries
Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query, the resolver will continue to return the cached response without forwarding the query to Route 53 until the TTL for the corresponding record expires. AWS customers can configure Amazon Route 53 to log information about the queries that Route 53 receives using the following:
- Domain or subdomain that was requested
- Date and time of the request
- DNS record type (such as A or AAAA)
- Route 53 edge location that responded to the DNS query
- DNS response code, such as
Elastic Load Balancing (ELB)
Elastic Load Balancing is an AWS service that distributes incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in multiple Availability Zones. Elastic Load Balancing scales customers’ load balancer as traffic to their application changes over time. It can automatically scale to the vast majority of workloads.
- Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make applications fault tolerant.
- To load balance HTTP requests use Application Load Balancer.
- For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications using Network Load Balancer is the best option.
- If the application is built within the EC2 Classic network then using Classic Load Balancer is recommended by AWS.
- Privately access Elastic Load Balancing APIs from customers Amazon VPC can be accessed by creating VPC endpoints. With VPC endpoints, the routing between the VPC and Elastic Load Balancing APIs is handled by the AWS network without the need for an Internet gateway, NAT gateway, or VPN connection.
- An Application Load Balancer is integrated with AWS Certificate Management (ACM). Which makes it very simple to bind a certificate to the load balancer thereby making the entire SSL offload process very easy.
Elastic Load Balancing automatically distributes incoming traffic across multiple targets including Amazon EC2 instances, containers, IP addresses, and Lambda functions in multiple Availability Zones.
- Elastic Load Balancing can also load balance across a Region, routing traffic to healthy targets in different Availability Zones.
- The Amazon Elastic Load Balancing Service Level Agreement commitment is 99.99% availability for a load balancer
Elastic Load Balancing allows customers to monitor their applications and its performance in real time with Amazon CloudWatch metrics, logging, and request tracing.
- This improves visibility into the behavior of their applications, uncovering issues and identifying performance bottlenecks in the application stack at the granularity of an individual request.
- Elastic Load Balancing can detect unhealthy targets, stop sending traffic to them, and then spread the load across the remaining healthy targets.
Elastic Load Balancing also allows customers to use IP addresses to route requests to application targets. Which offers customers flexibility in how they virtualize their application targets.
- It enables customers to host more applications on the same instance
- This enables the applications to have individual security groups and use the same network port to further simplify inter-application communication in microservice-based architecture.
Elastic Load Balancing works with Amazon VPC to provide robust security features, that includes integrated certificate management and SSL/TLS decryption, which allows customers the flexibility to centrally manage the SSL settings of the load balancer and offload CPU intensive work from your application.
- Together, they give AWS customers the flexibility to centrally manage TLS settings and offload CPU intensive workloads from their applications.
- Using Amazon VPC to create and manage security groups associated with load balancers to provide additional networking and security options.
- Customers can create an internal (non-internet-facing) load balancer.
- Customers can load balance HTTP/HTTPS applications for layer 7-specific features, or use strict layer 4 load balancing for applications that rely on the TCP and UDP protocols.
Elastic Load Balancing is capable of handling rapid changes in network traffic patterns. Additionally, deep integration with Auto Scaling ensures sufficient application capacity to meet varying levels of application load without requiring manual intervention.
- Elastic Load Balancing provides integration with Amazon CloudWatch metrics and request tracing in order to monitor performance of customers applications in real time.
Elastic Load Balancing offers ability to load balance across AWS and on-premises resources using the same load balancer.
- This makes it easy for customers to migrate, burst, or failover on-premises applications to the cloud.
ELB AWS Services
Elastic Load Balancing works with the following services to improve the availability and scalability of your applications.
- Amazon EC2 — Virtual servers that run your applications in the cloud. You can configure your load balancer to route traffic to your EC2 instances.
- Amazon ECS — Enables you to run, stop, and manage Docker containers on a cluster of EC2 instances. You can configure your load balancer to route traffic to your containers.
- Amazon EC2 Auto Scaling — Ensures that you are running your desired number of instances, even if an instance fails. Amazon EC2 Auto Scaling also enables you to automatically increase or decrease the number of instances as the demand on your instances changes. If you enable Auto Scaling with Elastic Load Balancing, instances that are launched by Auto Scaling are automatically registered with the load balancer. Likewise, instances that are terminated by Auto Scaling are automatically de-registered from the load balancer.
- AWS Certificate Manager — When you create an HTTPS listener, you can specify certificates provided by ACM. The load balancer uses certificates to terminate connections and decrypt requests from clients.
- Amazon CloudWatch — Enables you to monitor your load balancer and to take action as needed..
- AWS Global Accelerator — Improves the availability and performance of your application. Use an accelerator to distribute traffic across multiple load balancers in one or more AWS Regions.
- Route 53 — Provides a reliable and cost-effective way to route visitors to websites by translating domain names into the numeric IP addresses that computers use to connect to each other. For example, it would translate www.example.com into the numeric IP address 192.0.2.1. AWS assigns URLs to your resources, such as load balancers. However, you might want a URL that is easy for users to remember. For example, you can map your domain name to a load balancer.
- AWS WAF — You can use AWS WAF with your Application Load Balancer to allow or block requests based on the rules in a web access control list (web ACL).
Types of load Balancer
Elastic Load Balancing supports three types of load balancers.There is a key difference in how the load balancer types are configured. With Application Load Balancers and Network Load Balancers, you register targets in target groups, and route traffic to the target groups. With Classic Load Balancers, you register instances with the load balancer.
Network Load Balancers
Network Load Balancer operates at the connection level (Layer 4), routing connections to targets – Amazon EC2 instances, microservices, and containers – within Amazon Virtual Private Cloud (Amazon VPC) based on IP protocol data. Ideal for load balancing of both TCP and UDP traffic, Network Load Balancer is capable of handling millions of requests per second while maintaining ultra-low latencies. Network Load Balancer is optimized to handle sudden and volatile traffic patterns while using a single static IP address per Availability Zone. It is integrated with other popular AWS services such as Auto Scaling, Amazon EC2 Container Service (ECS), Amazon CloudFormation and AWS Certificate Manager (ACM).
- Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. Network Load Balancer is also
Application Load Balancers
Application Load Balancer operates at the request level (layer 7), routing traffic to targets – EC2 instances, containers, IP addresses and Lambda functions based on the content of the request. Ideal for advanced load balancing of HTTP and HTTPS traffic, Application Load Balancer provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications. Application Load Balancer simplifies and improves the security of your application, by ensuring that the latest SSL/TLS ciphers and protocols are used at all times.
- Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.
Classic Load Balancers
Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network. We recommend Application Load Balancer for Layer 7 and Network Load Balancer for Layer 4 when using Virtual Private Cloud (VPC).
- Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.
Amazon ELB Integration
When pulling these concepts together to build an application that is highly available and resilient to failures, consider these building blocks:
- In every AWS region, an Elastic Load Balancing load balancer is set up with cross-zone load balancing and connection draining. This distributes the load evenly across all instances in all Availability Zones, and it ensures requests in flight are fully served before an Amazon EC2 instance is disconnected from an Elastic Load Balancing load balancer for any reason.
- Each Elastic Load Balancing load balancer delegates requests to Amazon EC2 instances running in multiple Availability Zones in an auto-scaling group. This protects the application from Availability Zone outages, ensures that a minimal amount of instances is always running, and responds to changes in load by properly scaling each group’s Amazon EC2 instances.
- Each Elastic Load Balancing load balancer has health checks defined to ensure that it delegates requests only to healthy instances. Each Elastic Load Balancing load balancer also has an Amazon Route 53 health check associated with it to ensure that requests are routed only to load balancers that have healthy Amazon EC2 instances.
- The application’s production environment (for example, prod.domain.com) has Amazon Route 53 alias records that point to Elastic Load Balancing load balancers. The production environment also uses a latency-based routing policy that is associated with Elastic Load Balancing health checks. This ensures that requests are routed to a healthy load balancer, thereby providing minimal latency to a client.
- The application’s failover environment (for example, fail.domain.com) has an Amazon Route 53 alias record that points to an Amazon CloudFront distribution of an Amazon S3 bucket hosting a static version of the application.
- The application’s subdomain (for example, www.domain.com) has an Amazon Route 53 alias record that points to prod.domain.com (as primary target) and fail.domain .com (as secondary target) using a failover routing policy. This ensures www.domain.com routes to the production load balancers if at least one of them is healthy or the “fail whale” if all of them appear to be unhealthy.
- The application’s hosted zone (for example, domain.com) has an Amazon Route 53 alias record that redirects requests to www.domain.com using an Amazon S3 bucket of the same name.
- Application content (both static and dynamic) can be served using Amazon CloudFront. This ensures that the content is delivered to clients from Amazon CloudFront edge locations spread all over the world to provide minimal latency. Serving dynamic content from a Content Delivery Network (CDN), where it is cached for short periods of time (that is, several seconds), takes the load off of the application and further improves its latency and responsiveness.
- The application is deployed in multiple AWS regions, protecting it from a regional outage.
Each listener contains a default rule, and one listener contains another rule that routes requests to a different target group. One target is registered with two target groups.
Registering a Damian
To use a domain name such as example.com, you need to find a domain name that isn’t already in use by someone else and register it. When you register a domain name, you reserve it for your exclusive use everywhere on the internet, typically for one year. By default, we automatically renew your domain name at the end of each year, but you can disable automatic renewal. This Getting Started tutorial shows you how to perform the following tasks:
- Register a domain name, such as example.com
- Create an Amazon S3 bucket and configure it to host a website
- Create a sample website and save the file in your S3 bucket
- Configure Amazon Route 53 to route traffic to your new website