Cargando...
Cargando...
Route users to optimal endpoints over AWS's private backbone — not the unpredictable public internet
AWS Global Accelerator is a networking service that improves the availability and performance of your applications by routing traffic through AWS's global private network infrastructure using static anycast IP addresses. Unlike CloudFront (which caches content at edge locations), Global Accelerator proxies traffic at the network layer (TCP/UDP) to your actual application endpoints — such as ALBs, NLBs, EC2 instances, or Elastic IPs — across one or more AWS Regions. It provides two static anycast IPv4 addresses that serve as a fixed entry point to your application, eliminating the need for DNS-based failover delays.
Improve global application performance and availability by routing user traffic over AWS's private network instead of the public internet, with instant failover via anycast and no DNS propagation delays.
Use When
Avoid When
Static anycast IPv4 addresses (2 per accelerator)
IPs are announced from all AWS edge locations simultaneously — traffic enters the nearest edge and travels AWS backbone to destination
TCP and UDP protocol support
Supports both TCP and UDP — critical differentiator from CloudFront which only supports HTTP/HTTPS/WebSocket
Health checks and automatic failover
Continuously monitors endpoint health and reroutes traffic in under 30 seconds — no DNS TTL delay
Traffic dials (per endpoint group)
0–100% traffic dial per endpoint group enables blue/green deployments and gradual traffic shifts between regions
Endpoint weights
Weighted routing within an endpoint group allows canary releases and A/B testing at the endpoint level
Client affinity (session stickiness)
NONE (default) or SOURCE_IP — routes all requests from same client IP to same endpoint; useful for stateful applications
Custom routing accelerator
Deterministically routes traffic to specific EC2 instances and ports — ideal for gaming servers and real-time communications
AWS Shield Standard (included)
All Global Accelerator accelerators are automatically protected by AWS Shield Standard at no extra charge — DDoS protection at the edge
AWS Shield Advanced compatibility
Can be enrolled in Shield Advanced for enhanced DDoS protection with 24/7 DRT access
Bring Your Own IP (BYOIP)
You can use your own IP address ranges with Global Accelerator — useful for maintaining existing firewall rules
IPv6 support
Dual-stack support available — Global Accelerator can accept IPv6 traffic and convert to IPv4 for backend endpoints
Content caching
Global Accelerator does NOT cache content — it is a proxy/routing service only; use CloudFront for caching
S3 as direct endpoint
S3 buckets cannot be Global Accelerator endpoints — use CloudFront for S3 acceleration
Lambda as endpoint
Lambda functions are not supported as endpoints — use API Gateway + CloudFront for Lambda-backed APIs
Cross-account endpoint support
Endpoints in other AWS accounts can be added to an accelerator — useful for multi-account architectures
Flow logs
Publishes connection-level logs to S3 — captures source IP, destination, bytes transferred, and health status
CloudWatch metrics
Metrics include NewFlowCount, ProcessedBytesIn/Out, and endpoint health — monitor accelerator performance
Layered acceleration: CDN caching + network routing
high freqCloudFront sits in front for cacheable HTTP/S content (images, static assets) while Global Accelerator handles dynamic, non-cacheable TCP/UDP traffic or provides static IPs for whitelisting. They are complementary, not competing — use both when you have mixed workloads. In exam scenarios, if the question mentions 'caching' or 'static content', CloudFront wins; if it mentions 'TCP/UDP', 'static IP', or 'sub-second failover', Global Accelerator wins.
Global front-door + Regional load balancing
high freqGlobal Accelerator routes to ALBs or NLBs in multiple regions. The ALB/NLB handles regional distribution across AZs and instances. Global Accelerator provides the global anycast entry point; ELB provides regional HA. ELB alone does NOT provide global routing — a critical exam distinction. ELB is regional, Global Accelerator is global.
DNS routing vs. anycast routing comparison
high freqRoute 53 latency-based routing uses DNS to direct users to the nearest region, but DNS changes take time to propagate (TTL-dependent, typically 60–300 seconds). Global Accelerator uses anycast — failover is near-instant (under 30 seconds) with no DNS propagation delay. For exam: Route 53 health checks + failover = DNS-based (minutes); Global Accelerator = network-layer (seconds). Use both together for defense-in-depth: Route 53 for domain resolution to the accelerator's static IPs, Global Accelerator for intelligent routing.
S3 Transfer Acceleration alternative clarification
high freqS3 Transfer Acceleration uses CloudFront edge locations to accelerate S3 uploads/downloads — it is NOT Global Accelerator. Global Accelerator cannot use S3 as an endpoint. This is a common exam trap: 'accelerate S3 transfers globally' = S3 Transfer Acceleration (CloudFront-based), NOT Global Accelerator.
Hybrid connectivity with global acceleration
medium freqOn-premises users connecting via Direct Connect bypass Global Accelerator's public anycast entry points since they're already on AWS private network. Global Accelerator is most valuable for public internet users. For hybrid architectures, Direct Connect provides dedicated private connectivity while Global Accelerator serves internet-facing users — they serve different connectivity paths.
DDoS protection at the global edge
medium freqGlobal Accelerator is automatically protected by AWS Shield Standard. Because traffic enters at AWS edge locations (not your origin), volumetric DDoS attacks are absorbed at the edge before reaching your application. Adding Shield Advanced provides additional protection, cost protection, and access to the Shield Response Team (SRT). This is a security benefit of Global Accelerator beyond just performance.
Multi-region network architecture
medium freqIn complex multi-region architectures, Global Accelerator provides the global internet-facing entry point, while Transit Gateway handles inter-VPC and inter-region private connectivity. They operate at different layers: Global Accelerator at the internet edge, Transit Gateway within the AWS private network. Exam scenarios may present both — identify which layer each service operates at.
The #1 differentiator: Global Accelerator provides 2 STATIC anycast IPv4 addresses that NEVER change. If an exam question mentions 'static IP', 'firewall whitelisting', 'IP whitelisting for compliance', or 'IP addresses that don't change' — Global Accelerator is almost certainly the answer over CloudFront or Route 53.
FAILOVER SPEED is the other critical differentiator: Global Accelerator fails over in under 30 seconds with NO DNS propagation delay because it uses anycast routing, not DNS. Route 53 failover depends on TTL (can be 60–300+ seconds). If a question asks about 'near-instant failover', 'sub-second failover', or 'minimize failover time' — Global Accelerator beats Route 53 latency-based routing.
Protocol support is a key decision factor: Global Accelerator supports TCP AND UDP. CloudFront only supports HTTP, HTTPS, and WebSocket. If a question involves UDP, gaming, VoIP, or non-HTTP protocols — Global Accelerator is the only CloudFront alternative that provides global acceleration.
ELB is REGIONAL, not global. A common exam distractor is suggesting that an ALB or NLB 'distributes traffic globally'. ELB only distributes within a single Region across AZs. To achieve global distribution, you need Global Accelerator (or Route 53) in front of regional ELBs.
Static IPs = Global Accelerator. Any exam scenario mentioning 'static IP addresses', 'firewall whitelisting', or 'IP addresses that cannot change' points to Global Accelerator — CloudFront uses DNS names (not static IPs), and ELB DNS names can change.
Global Accelerator ≠ CloudFront: Global Accelerator has NO caching — it's a network routing service (TCP/UDP). CloudFront IS a CDN with caching (HTTP/HTTPS only). Choose based on: caching needed? → CloudFront. TCP/UDP or static IPs needed? → Global Accelerator.
ELB is REGIONAL only — it cannot route between AWS Regions. Global Accelerator is the global layer that sits in front of regional ELBs to provide cross-region routing and failover. Never confuse ELB's cross-AZ with cross-Region routing.
Traffic dials vs endpoint weights: Traffic dials (0-100%) control what percentage of traffic goes to an entire endpoint GROUP (region). Endpoint weights control distribution WITHIN an endpoint group. Use traffic dials for blue/green regional deployments; use weights for A/B testing within a region. SAP-C02 loves this distinction.
Global Accelerator does NOT cache content. It is a pure network-layer routing/proxy service. If the exam scenario involves reducing latency for cacheable content (images, CSS, JS, video), CloudFront is always the better answer. Global Accelerator only accelerates by using the AWS private backbone — the content still comes from your origin every time.
S3 Transfer Acceleration ≠ Global Accelerator. S3 Transfer Acceleration uses CloudFront edge locations to speed up S3 PUT/GET operations. It is a separate S3 feature with no relation to Global Accelerator. If asked 'how to accelerate S3 uploads from globally distributed users' — answer is S3 Transfer Acceleration, NOT Global Accelerator (S3 is not a supported endpoint type).
Global Accelerator is NOT in the AWS Free Tier. You are charged immediately for every hour an accelerator exists, even with zero traffic. This is a cost-optimization consideration for SAA-C03 questions — don't leave accelerators running if not needed.
Client affinity (stickiness) options are only NONE or SOURCE_IP — there is no cookie-based stickiness like ALB. For stateful applications that need session persistence at the global accelerator level, SOURCE_IP affinity routes all requests from the same client IP to the same endpoint. For cookie-based stickiness, that must be handled at the ALB layer.
Shield Standard is automatically included with Global Accelerator at no extra cost. Because anycast routes traffic through AWS edge locations, DDoS attacks are mitigated at the edge before reaching your origin infrastructure. This is a security benefit worth mentioning in architecture justifications on SAP-C02.
Common Mistake
Global Accelerator and CloudFront do the same thing — both accelerate global traffic, so they're interchangeable.
Correct
They solve fundamentally different problems. CloudFront is a CDN that CACHES content at 400+ edge locations — it reduces latency by serving content from the edge. Global Accelerator does NOT cache anything — it routes traffic over AWS's private backbone to your actual origin. CloudFront = cache closer to user. Global Accelerator = better path to your origin. CloudFront only supports HTTP/HTTPS; Global Accelerator supports TCP and UDP.
This is the most tested misconception. Exam questions will describe a scenario and offer both as options. Key discriminators: (1) Does the content change frequently or need to be cached? → CloudFront. (2) Is it TCP/UDP or non-HTTP? → Global Accelerator. (3) Does the question mention 'static IP' or 'firewall whitelist'? → Global Accelerator. (4) Does the question mention 'caching', 'edge caching', or 'static assets'? → CloudFront.
Common Mistake
ELB (ALB/NLB) provides global load balancing and can replace Global Accelerator for distributing traffic across regions.
Correct
ELB is strictly a REGIONAL service. An ALB or NLB distributes traffic across Availability Zones within a single AWS Region — it has no concept of routing between regions. To achieve multi-region distribution, you must place Global Accelerator (or Route 53) in front of regional ELBs. Global Accelerator then routes to the optimal regional ELB based on latency and health.
Exam questions frequently use ALB as a distractor when the correct answer is Global Accelerator + ALB. Remember: ELB = AZ-level HA within one region. Global Accelerator = region-level routing across multiple regions.
Common Mistake
Route 53 latency-based routing provides the same failover speed as Global Accelerator.
Correct
Route 53 failover is DNS-based and subject to TTL caching. Even with a TTL of 60 seconds, clients that have cached the old DNS record won't get updated routing until the TTL expires — this can take minutes. Global Accelerator uses anycast routing at the network layer, so failover happens in under 30 seconds with NO DNS propagation delay because the static IPs never change.
Questions about 'minimizing failover time', 'near-instant failover', or 'reducing RTO' will have Global Accelerator as the answer over Route 53. The phrase 'DNS propagation delay' is a hint that Global Accelerator is the better solution.
Common Mistake
S3 Cross-Region Replication (CRR) combined with Route 53 latency routing is equivalent to a CDN or Global Accelerator for content delivery.
Correct
S3 CRR replicates data to multiple regions, and Route 53 can route users to the nearest region — but this is NOT content delivery optimization in the CDN sense. There is no edge caching, no TCP-level optimization, and failover still depends on DNS TTL. For true content delivery acceleration, use CloudFront (for HTTP caching) or S3 Transfer Acceleration (for upload speed). Global Accelerator cannot use S3 as an endpoint.
SAA-C03 questions sometimes present S3 CRR + Route 53 as a cost-effective alternative to CloudFront. It's not equivalent — CRR is for data durability and compliance, not performance optimization.
Common Mistake
Global Accelerator provides content delivery from edge locations, similar to how CloudFront serves cached content.
Correct
Global Accelerator edge locations are ENTRY POINTS only — they accept your traffic and route it over the AWS private backbone to your actual endpoint in an AWS Region. No content is stored or cached at edge locations. The user experience improvement comes from avoiding the unpredictable public internet, not from serving content closer to the user.
The phrase 'edge location' appears in both CloudFront and Global Accelerator contexts, causing confusion. Remember: CloudFront edge = cache. Global Accelerator edge = on-ramp to AWS private network.
Common Mistake
DNS-based routing (Route 53) alone provides the same performance benefits as Global Accelerator because it routes users to the nearest region.
Correct
Route 53 latency routing chooses which regional endpoint to send a user to, but once the DNS resolution happens, the actual TCP/IP traffic still travels over the unpredictable public internet to that endpoint. Global Accelerator routes traffic over AWS's private backbone after it enters the nearest edge location — the path quality is fundamentally different and more consistent.
The key insight: Route 53 optimizes WHERE you go (which region). Global Accelerator optimizes HOW you get there (private backbone vs public internet). For latency-sensitive applications, both the destination and the path matter.
GASI = Global Accelerator Static IPs (2 always, never change) — 'GASI never changes, like a great friend's phone number'
CloudFront CACHES, Global Accelerator CHASES (chases the best path over AWS backbone) — if content is cached at edge, CloudFront; if you're chasing optimal network path, Global Accelerator
ELB = 'Every Load Balanced (regionally)' — it never crosses regional borders without help from Global Accelerator or Route 53
The '30-second rule': Global Accelerator failover < 30 seconds. Route 53 failover = TTL seconds (60-300+). When exam says 'minimize failover time', think Global Accelerator.
TCP+UDP = Global Accelerator territory. HTTP-only = CloudFront territory. Both TCP+UDP AND HTTP? = Global Accelerator (it handles all).
CertAI Tutor · SAP-C02, SAA-C03, CLF-C02 · 2026-02-21
In the Same Category
Comparisons
Guides & Patterns