Introduction#

What use cases?

  • route by geo
  • route by weights
  • route by latency
  • and so on

What is the best practice?

  • register a domain with Route 53 ease the integration
  • integrate a domain from another account
  • TTL 60 seconds for demo purpose (quick update)

Architecture#

144642634-ce323da2-8064-44ce-8c57-35389b1feb73

CDK Stack#

create a web server (EC2) by userData

const ec2InSg = new aws_ec2.Instance(this, `ec2WebIcaDemo`, {
  instanceName: `ec2WebIcaDemo-${this.region}`,
  vpc: vpc,
  vpcSubnets: {
    subnetType: aws_ec2.SubnetType.PUBLIC
  },
  instanceType: aws_ec2.InstanceType.of(
    aws_ec2.InstanceClass.T2,
    aws_ec2.InstanceSize.SMALL
  ),
  machineImage: aws_ec2.MachineImage.latestAmazonLinux(),
  keyName: keyNamePair,
  role: role,
  securityGroup: sg
})

add userData

ec2InSg.addUserData(
  fs.readFileSync('./lib/script/userdata-ap-southeast-1.sh', 'utf8')
)

security group open port 80

const sg = new aws_ec2.SecurityGroup(this, `SgForWebIcaDemo`, {
  securityGroupName: `SgForWebIcaDemo-${this.region}`,
  description: 'allow port 80',
  allowAllOutbound: true,
  vpc: vpc
})


// open port 80
sg.addIngressRule(
  aws_ec2.Peer.anyIpv4(),
  aws_ec2.Port.tcp(80),
  'Allow HTTP from the world'
)

SSM and VPC interface endpoint

const vpc = new aws_ec2.Vpc(this, `VpcIcaDemo`, {
  gatewayEndpoints: {
    s3: {
      service: aws_ec2.GatewayVpcEndpointAwsService.S3
    }
  }
})


// role
const role = new aws_iam.Role(this, `RoleForEc2ToAccessSSM`, {
  roleName: `RoleForEc2ToAccessSSM-${this.region}`,
  assumedBy: new aws_iam.ServicePrincipal('ec2.amazonaws.com')
})


role.addManagedPolicy(
  aws_iam.ManagedPolicy.fromManagedPolicyArn(
    this,
    `PolicyForEc2ToAccessSSM-${this.region}`,
    'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
  )
)

hosted zone

const hostedZone = aws_route53.HostedZone.fromHostedZoneAttributes(
  this,
  'EntestHostedZone',
  {
    hostedZoneId: hostedZoneId,
    zoneName: domainName
  }
)

create an A record

const recordApSoutheast1 = new aws_route53.ARecord(
  this,
  'RecordForApSoutheast1',
  {
    recordName: `${subdomain}.${domainName}`,
    zone: hostedZone,
    target: aws_route53.RecordTarget.fromIpAddresses(webServerApSoutheast1Ip),
    ttl: Duration.seconds(60)
  }
)

route by weight

const recordApSoutheast1 = new aws_route53.ARecord(
  this,
  'RecordForApSoutheast1',
  {
    recordName: `${subdomain}.${domainName}`,
    zone: hostedZone,
    target: aws_route53.RecordTarget.fromIpAddresses(webServerApSoutheast1Ip),
    ttl: Duration.seconds(60)
  }
)

route by geo

TODO

Discussion#

  • Review record type
  • Choose a routing policy
    • simple routing
    • failover routing
    • geo routing
    • geo-proximity routing
    • latency routing
    • weighted routing