Global Accelerator behind Cloudfront
I made a PoC that used Global Accelerator behind Cloudfront.
I haven't found any article regarding such solution being possible, AWS docs also didn't clearly state such scenario is possible.
AWS Console didn't help - I couldn't select Global Accelerator as the origin from the dropdown menu and entering it's domain didn't suggest anything, so I felt that adding custom origin is not possible - but it is!
I needed to find a way to serve 2 separate environments in different VPCs for the customer that wanted to bring up a brand new infrastructure based on EKS, but being able to use both old and new environment on the testing phase - to ensure that EKS environment works identically as the old application setup.
Application Load Balancer couldn't serve this purpose for different VPCs.
Cloudfront doesn't let you configure different origins with the same weight in a single Cloudfront Distribution - you can only configure a failover origin - that didn't support my case.
I had all the things configured, so I only needed to add Global Accelerator between Cloudfront Distribution and ALBs and configure ACM Certificate for my testing domain used in this scenario.
How to set this all up
We need the following resources:
ACM Certificate for Global Accelerator
ACM Certificate for Cloudfront
Route53 records to route the traffic to Cloudfront
Route53 records to route the traffic to Global Accelerator
Ingresses for target environments (Application Load Balancers of both environments in my scenario)
My traffic flow for this case looks like in the following diagram:
I purposely didn't use AWS icons for the resources as I want you to focus on just the solution without being distracted by the icons - not everyone is fluent with them.
I might add another diagram using the icons in the future.
We need to do the following:
Configure the ACM Certificates for the Global Accelerator - they need to be in the same region as the Global Accelerator
Set up Cloudfront distribution (if you don't have one) and point it to Global Accelerator
Configure the ACM Certificates for this Cloudfront distribution (they need to be in
us-east-1as Cloudfront distributions are located there)
Add our endpoints to the Global Accelerator and configure weights for them - mine were the same, I wanted even amount of traffic to reach both environments - your scenario can differ and you can change the weights over time, depending on how confident you are with the new infrastructure.
Point our domain with Route53 (or any other DNS actually, but let's keep all in AWS) to Cloudfront (if you don't have one)
Test if everything works as expected
The guide assumes you have some AWS experience already and not everything is clearly stated here.
Did you know such scenario is possible?
Do you have any other interesting cases for Global Accelerator?
I will be happy for your comments!