# Working with standard accelerators in AWS Global Accelerator
<a name="work-with-standard-accelerators"></a>

This chapter includes procedures and recommendations for creating standard accelerators in AWS Global Accelerator, including configuring accelerators, listeners, endpoint groups, and endpoints. With a standard accelerator, Global Accelerator chooses the closest healthy endpoint for your traffic.

If instead you want to use custom application logic to direct one or more users to a specific endpoint among many endpoints, create a custom routing accelerator. For more information, see [Working with custom routing accelerators in AWS Global Accelerator](work-with-custom-routing-accelerators.md).

To set up a standard accelerator, do the following:

1. Create an accelerator, and choose the standard accelerator option.

1. For **Address type**, select **IPv4** or **Dual-stack**.

1. Optionally, configure static IP addresses with bring your own IP address.

1. Add a listener with a specific set of ports or port range, and choose the protocol to accept: TCP or UDP.

1. Add one or more endpoint groups, one for each AWS Region in which you have endpoint resources.

1. Add one or more endpoints to the endpoint groups. This isn't required, but traffic won't be routed if you don't have any endpoints. To learn about the types of endpoints and requirements, see [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md).

The following sections provide steps for adding, deleting, and configuring standard accelerators and their components, including listeners, endpoint groups, and endpoints.

**Topics**
+ [Standard accelerators in AWS Global Accelerator](about-accelerators.md)
+ [Listeners for standard accelerators in AWS Global Accelerator](about-listeners.md)
+ [Endpoint groups for standard accelerators in AWS Global Accelerator](about-endpoint-groups.md)
+ [Endpoints for standard accelerators in AWS Global Accelerator](about-endpoints.md)

# Standard accelerators in AWS Global Accelerator
<a name="about-accelerators"></a>

A *standard accelerator* in AWS Global Accelerator directs traffic over the AWS global network to endpoints that you include in specified AWS Regions. Each accelerator includes one or more listeners. A listener processes inbound connections from clients to Global Accelerator, based on the protocol (or protocols) and port (or port range) that you configure. 

For standard accelerators, Global Accelerator directs traffic to the optimal regional endpoint based on health, client location, and policies that you configure, which increases the availability of your applications. Endpoints for standard accelerators can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses that are located in one AWS Region or multiple Regions.

**Important**  
By default, Global Accelerator provides you with static IP addresses that are associated with your accelerator The IP addresses are assigned to your accelerator for as long as it exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, when you *delete* an accelerator, you lose the Global Accelerator static IP addresses that are assigned to the accelerator, so that you can no longer route traffic by using them. As a best practice, ensure that you have permissions in place to avoid inadvertently deleting accelerators. You can use IAM policies with Global Accelerator, for example, tag-based permissions, to limit the users who have permissions to delete an accelerator. For more information, see [ABAC with Global Accelerator](security_iam_service-with-iam.md#security_iam_service-with-iam-tags).

This section includes procedures for working with a standard accelerator on the Global Accelerator console. If you want to use API operations with Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

**Topics**
+ [Create accelerator](about-accelerators.creating-editing.md)
+ [Update accelerator](about-accelerators.editing.md)
+ [Delete accelerator](about-accelerators.deleting.md)
+ [View your accelerators](about-accelerators.viewing.md)
+ [Adding an accelerator when you create a load balancer](about-accelerators.alb-accelerator.md)
+ [Compare using global static IP addresses to regional static IP addresses](about-accelerators.eip-accelerator.md)

# Create accelerator
<a name="about-accelerators.creating-editing"></a>

This section explains how to create a standard accelerator on the console. To work with Global Accelerator programmatically, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To create a standard accelerator


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. Choose **Create accelerator**.

1. Provide a name for your accelerator.

1. For **Accelerator type**, select **Standard**.

1. For **IP address type**, select **IPv4** or **DUAL-STACK**.

1. Optionally, if you brought your own IP address ranges to AWS (BYOIP), you can specify a static IP address for your accelerator, one from each address pool. Make this choice for each of the two static IP addresses for your accelerator.
   + For each static IP address, choose the IP address pool to use.
**Note**  
You must choose a different IP address pool for each static IP address. This restriction is because Global Accelerator assigns each address range to a different network zone, for high availability.
   + If you chose your own IP address pool, also choose a specific IP address from the pool. If you choose the default Amazon IP address pool, Global Accelerator assigns a specific IP address to your accelerator.

   For more information about the requirements for specifying or updating static IP addresses with BYOIP, see [Requirements when you update an accelerator to change the IP address.](using-byoip.update-accelerator.md#AGAUpdateAccRequirements)

1. Optionally, add one or more tags to help you identify your accelerator resources.

1. Choose **Next** to add listeners, endpoint groups, and endpoints.

# Update accelerator
<a name="about-accelerators.editing"></a>

This section explains how to update a standard accelerator on the console. To work with Global Accelerator programmatically, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To update a standard accelerator


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. In the list of accelerators, choose one, and then choose **Edit**.

1. On the **Edit accelerator** page, make changes, such as the following:
   + Change the name of the accelerator.
   + Disable the accelerator so that it no longer accepts or routes traffic, or so that you can delete it. 
   + Enable the accelerator, if it is disabled.
   + Update the IP address type. If it's set to IPv4, change it to dual-stack. Or if it's dual-stack, change it to IPv4.
   + Update tags.

1. Choose **Save changes**.

If you disable an accelerator, be aware of the following:
+ Global Accelerator static IP addresses remain assigned to your accelerator even if you disable the accelerator and it no longer accepts or routes traffic. Your accelerator retains the same static IP addresses for as long as the accelerator exists.
+ If you delete the accelerator, however, you lose the Global Accelerator static IP addresses that are assigned to it. At that time, you can no longer route traffic by using the addresses.

If you make changes to the IP address type, be aware of the following:
+ Only an accelerator that has dual-stack endpoints can be changed to an IP address type of dual-stack.
+ If you change the IP address type for an accelerator from dual-stack to IPv4, Global Accelerator saves the IPv6 IP addresses that are assigned to the accelerator. This means that if you change the IP address type for the accelerator back to dual-stack, the original IPv6 static IP addresses are restored for the accelerator. 

If you want to change other functionality for your accelerator, such as adding or removing endpoints, updating traffic dials, or adjusting endpoint weights, see the specific sections that cover those topics, such as the following:
+ [Add a standard listener](about-listeners.creating-listeners.md)
+ [Add a standard endpoint group](about-endpoint-groups.create-endpoint-group.md)
+ [Add a standard endpoint](about-endpoints-adding-endpoints.md)

# Delete accelerator
<a name="about-accelerators.deleting"></a>

If you created an accelerator as a test or if you're no longer using an accelerator, you can delete it. On the console, disable the accelerator, and then you can delete it. You don't have to remove listeners and endpoint groups from the accelerator.

To delete an accelerator by using an API operation instead of the console, you must first remove all listeners and endpoint groups that are associated with the accelerator, and then disable it. For more information, see the [DeleteAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteAccelerator.html) operation in the *AWS Global Accelerator API Reference*.

**Warning**  
When you delete an accelerator, you lose the static IP addresses that are assigned to the accelerator and you can no longer route traffic by using them.

# To disable an accelerator


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. In the list, choose an accelerator that you want to disable.

1. Choose **Edit**.

1. Choose **Disable accelerator**, and then choose **Save**.

# To delete an accelerator


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. In the list, choose an accelerator that you want to delete.

1. Choose **Delete**.
**Note**  
If you haven't disabled the accelerator, **Delete** is unavailable.

1. In the confirmation dialog box, choose **Delete**.

# View your accelerators
<a name="about-accelerators.viewing"></a>

You can view information about your accelerators on the console. To see descriptions of your accelerators programmatically, see [ListAccelerators](https://docs.aws.amazon.com/global-accelerator/latest/api/API_ListAccelerators.html) and [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) in the *AWS Global Accelerator API Reference*.

# To view information about your accelerator


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. To see details about an accelerator, in the list, choose an accelerator, and then choose **View**.

# Adding an accelerator when you create a load balancer
<a name="about-accelerators.alb-accelerator"></a>

When you create an Application Load Balancer or Network Load Balancer in the AWS Management Console, you can optionally [ add an accelerator at the same time](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html). Elastic Load Balancing and Global Accelerator work together to transparently add the accelerator for you. The accelerator is created in your account, with the load balancer as an endpoint. Using an accelerator provides static IP addresses and improves the availability and performance of your applications. (Learn more about accelerators by reading [What is AWS Global Accelerator?](what-is-global-accelerator.md).)

**Important**  
To create an accelerator, you must have the correct permissions in place. For more information, see [Identity-based policy examples for AWS Global Accelerator](security_iam_id-based-policy-examples.md).

## Configure and view your accelerator
<a name="about-accelerators.elb-accelerator.config"></a>

You must update your DNS configuration to direct traffic to the static IP addresses or DNS name for the accelerator. Traffic won't go through the accelerator to your load balancer until your configuration changes are complete. 

After you create your load balancer by choosing the Global Accelerator add-on on the Amazon EC2 console, go to the **Integrated services** tab to see the static IP addresses and Domain Name System (DNS) name for your accelerator. You use this information to start routing user traffic to the load balancer over the AWS global network. For more information about the DNS name assigned to your accelerator, see [DNS addressing and custom domains in AWS Global Accelerator](dns-addressing-custom-domains.md).

You can view and configure your accelerator by [ navigating to Global Accelerator](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:) in the AWS Management Console. For example, you can see the accelerators that are associated with your account or add additional load balancers to your accelerator. For more information, see [View your accelerators](about-accelerators.viewing.md) and [Create accelerator](about-accelerators.creating-editing.md).

## Pricing
<a name="about-accelerators.elb-accelerator.pricing"></a>

With AWS Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see [AWS Global Accelerator Pricing](https://aws.amazon.com/global-accelerator/pricing).

## Stop using the accelerator
<a name="about-accelerators.elb-accelerator.deleting"></a>

If you'd like to stop routing traffic through Global Accelerator to your load balancer, do the following:

1. Update your DNS configuration to point your traffic directly to the load balancer.

1. Delete the load balancer from the accelerator. For more information, see *To remove an endpoint* in [Add a standard endpoint](about-endpoints-adding-endpoints.md).

1. Delete the accelerator. For more information, see [Delete accelerator](about-accelerators.deleting.md).

# Compare using global static IP addresses to regional static IP addresses
<a name="about-accelerators.eip-accelerator"></a>

If you want to use a static IP address in front of an AWS resource, such as an Amazon EC2 instance, you have several options. For example, you can allocate an Elastic IP address, which is a static IPv4 or IPv6 address that you can associate with an Amazon EC2 instance or network interface in a single AWS Region.

If you have a global audience, you can create an accelerator with Global Accelerator to get global static addresses that are announced from AWS edge locations around the world. For IPv4, Global Accelerator provides two global static IPv4 addresses. For dual-stack, Global Accelerator provides a total of four global static IP addresses: two IPv4 addresses and two IPv6 addresses. If you already have AWS resources set up for your applications, in one or multiple Regions, including Amazon EC2 instances, Network Load Balancers, and Application Load Balancers, you can easily add those to Global Accelerator to front them with global static IP addresses. For more information, see [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md).

Opting to use global static IP addresses provisioned by Global Accelerator can also improve the availability and performance of your applications. With Global Accelerator, static IP addresses accept incoming traffic onto the AWS global network from the edge location that is closest to your users. Maximizing time that traffic is on the AWS network can provide a faster and better customer experience. For more information, see [How AWS Global Accelerator works](introduction-how-it-works.md).

You can add an accelerator from the AWS Management Console or by using API operations with the AWS CLI or SDKs. For more information, see [Create accelerator](about-accelerators.creating-editing.md).

Note the following when you add an accelerator:
+ The global static IP addresses provisioned by Global Accelerator remain assigned to you for as long as your accelerator exists, even if you disable the accelerator and it no longer accepts or routes traffic. However, if you delete an accelerator, you lose the static IP addresses that are assigned to it. For more information, see [Delete accelerator](about-accelerators.deleting.md).
+ With Global Accelerator, you pay only for what you use. You are charged an hourly rate and data transfer costs for each accelerator in your account. For more information, see [AWS Global Accelerator Pricing](https://aws.amazon.com/global-accelerator/pricing).

# Listeners for standard accelerators in AWS Global Accelerator
<a name="about-listeners"></a>

With AWS Global Accelerator, you add listeners that process inbound connections from clients based on the ports and protocols that you specify. Listeners support TCP and UDP protocols.

You define a standard listener when you create your standard accelerator, and you can add more listeners at any time. You associate each listener with one or more endpoint groups, and you associate each endpoint group with one AWS Region.

Optionally, you can configure *client affinity* for a listener. With client affinity, Global Accelerator directs all requests from a user at a specific source (client) IP address to the same endpoint resource. Choosing this option maintains client affinity for your users.

**Topics**
+ [Add a standard listener](about-listeners.creating-listeners.md)
+ [Edit a standard listener](about-listeners.creating-listeners-edit.md)
+ [Remove a standard listener](about-listeners.creating-listeners-remove.md)
+ [How client affinity works in Global Accelerator](about-listeners-client-affinity.md)

# Add a standard listener
<a name="about-listeners.creating-listeners"></a>

This section provides the steps to create a standard listener on the AWS Global Accelerator console. To complete this task by using an API operation instead of the console, see [https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateListener.html](https://docs.aws.amazon.com/global-accelerator/latest/api/API_CreateListener.html), in the *AWS Global Accelerator API Reference*.

# To add a listener


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **accelerators** page, choose an accelerator.

1. Choose **Add listener**.

1. On the **Add listener** page, enter the ports or port ranges that you want to associate with the listener. Listeners support ports 1-65535.

1. Choose the protocol for the ports that you entered.

1. Optionally, choose to enable client affinity. Client affinity for a listener means that Global Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose **Source IP**.

   The default is **None**, which means that client affinity is not enabled and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.

   For more information, see [How client affinity works in Global Accelerator](about-listeners-client-affinity.md).

1. Choose **Add listener**.

# Edit a standard listener
<a name="about-listeners.creating-listeners-edit"></a>

This section provides the steps to edit a standard listener on the AWS Global Accelerator console. To complete this task by using an API operation instead of the console, see [https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateListener.html](https://docs.aws.amazon.com/global-accelerator/latest/api/API_UpdateListener.html) in the *AWS Global Accelerator API Reference*.

# To edit a standard listener


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **accelerators** page, choose an accelerator.

1. Choose a listener, and then choose **Edit listener**.

1. On the **Edit listener** page, change the ports, port ranges, or protocols that you want to associate with the listener.

1. Optionally, choose to enable client affinity. Client affinity for a listener means that Global Accelerator ensures that connections from a specific source (client) IP address are always routed to the same endpoint. To enable this behavior, in the dropdown list, choose **Source IP**.

   The default is **None**, which means that client affinity is not enabled and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.

   For more information, see [How client affinity works in Global Accelerator](about-listeners-client-affinity.md).

1. Choose **Save**.

# Remove a standard listener
<a name="about-listeners.creating-listeners-remove"></a>

This section provides the steps to remove a standard listener on the AWS Global Accelerator console. To complete this task by using an API operation instead of the console, see [https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteListener.html](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DeleteListener.html) in the *AWS Global Accelerator API Reference*.

# To remove a listener


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **accelerators** page, choose an accelerator.

1. Choose a listener, and then choose **Remove**.

1. In the confirmation dialog box, choose **Remove**.

# How client affinity works in Global Accelerator
<a name="about-listeners-client-affinity"></a>

If you have stateful applications that you use with a standard accelerator, you can configure *client affinity* to have Global Accelerator direct all requests from a user at a specific source (client) IP address to the same endpoint resource. Choosing this option maintains client affinity for your users.

By default, client affinity for a standard listener is set to **None** and Global Accelerator distributes traffic equally between the endpoints in the endpoint groups for the listener.

Global Accelerator uses a consistent-flow hashing algorithm to choose the optimal endpoint for a user's connection. If you configure client affinity for your Global Accelerator resource to be **None**, Global Accelerator uses the 5-tuple properties—source IP, source port, destination IP, destination port, and protocol—to select the hash value. Next, it chooses the endpoint that provides the best performance. If a given client uses different ports to connect to Global Accelerator and you've specified this setting, Global Accelerator can't ensure that connections from the client are always routed to the same endpoint. 

If you want to maintain client affinity by routing a specific user—identified by their source IP address—to the same endpoint each time they connect, set client affinity to **Source IP**. When you specify this option, Global Accelerator uses the 2-tuple properties—source IP and destination IP—to select the hash value and route the user to the same endpoint whenever they connect. Additionally, Global Accelerator honors client affinity by routing all connections with the same source IP address to the same endpoint group.

On occasion, network maintenance or disruptions created by variations in internet traffic routing can cause client traffic to shift to different Global Accelerator edge locations. When this happens, if the edge location that now serves the client traffic prefers a different AWS Region, then client affinity is not guaranteed to be maintained.

In addition, be aware that when you've set endpoint weights in your accelerator, in specific, limited scenarios, Global Accelerator overrides those weights, to help ensure availability. When Global Accelerator is load balancing traffic across endpoints in an endpoint group, it must, in certain circumstances, choose between preserving availability for client traffic and abiding by endpoint weights. For example, with accelerators where the client IP address is preserved, Global Accelerator might need to override an endpoint weight setting to help avoid connection collisions.

# Endpoint groups for standard accelerators in AWS Global Accelerator
<a name="about-endpoint-groups"></a>

An endpoint group routes requests to one or more registered endpoints in AWS Global Accelerator. When you add a listener in a standard accelerator, you specify the endpoint groups for Global Accelerator to direct traffic to. An endpoint group, and all the endpoints in it, must be in one AWS Region. You can add different endpoint groups for different purposes, for example, for blue/green deployment testing.

Global Accelerator directs traffic to endpoint groups in standard accelerators based on the location of the client and the health of the endpoint group. If you like, you can also set the percentage of traffic to send to an endpoint group. You do that by using the traffic dial to increase (dial up) or decrease (dial down) traffic to the group. The percentage is applied only to the traffic that Global Accelerator is already directing to the endpoint group, not all traffic coming to a listener. 

You can define health check settings for Global Accelerator for each endpoint group. By updating health check settings, you can change your requirements for polling and verifying the health of Amazon EC2 instance and Elastic IP address endpoints. For Network Load Balancer and Application Load Balancer endpoints, configure health check settings on the Elastic Load Balancing console. 

Global Accelerator continually monitors the health of all endpoints that are included in a standard endpoint group, and routes requests only to the active endpoints that are healthy. For more information, see [Ensure health check access for your accelerator](about-endpoint-groups-health-check-options.md) If there aren't any healthy endpoints to route traffic to, Global Accelerator routes requests to all endpoints.

This section explains how to work with endpoint groups for standard accelerators on the AWS Global Accelerator console. If you want to use API operations with Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

**Topics**
+ [Add a standard endpoint group](about-endpoint-groups.create-endpoint-group.md)
+ [Edit a standard endpoint group](about-endpoint-groups.edit-endpoint-group.md)
+ [Remove a standard endpoint group](about-endpoint-groups.delete-endpoint-group.md)
+ [Use traffic dials to adjust traffic flow to Regions](about-endpoint-groups-traffic-dial.md)
+ [Override listener ports for restricted ports or connection collisions](about-endpoint-groups-port-override.md)
+ [Ensure health check access for your accelerator](about-endpoint-groups-health-check-options.md)

# Add a standard endpoint group
<a name="about-endpoint-groups.create-endpoint-group"></a>

You work with endpoint groups on the AWS Global Accelerator console or by using an API operation. You can add or remove endpoints from an endpoint group at any time.

This section explains how to add a standard endpoint groups on the AWS Global Accelerator console. If you want to use API operations with Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To add a standard endpoint group


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **Accelerators** page, choose an accelerator.

1. In the **Listeners** section, for **Listener ID**, choose the ID of the listener that you want to add an endpoint group to.

1. Choose **Add endpoint group**.

1. In the section for a listener, specify a Region for the endpoint group by choosing one from the dropdown list.

1. Optionally, for **Traffic dial**, enter a number from 0 to 100 to set a percentage of traffic for this endpoint group. The percentage is applied only to the traffic that is already directed to this endpoint group, not all listener traffic. By default, the traffic dial is set to 100.

1. Optionally, to override the listener port used for routing traffic to endpoints and reroute traffic to specific ports on your endpoints, choose **Configure port overrides**. For more information, see [Override listener ports for restricted ports or connection collisions](about-endpoint-groups-port-override.md).

1. Optionally, to specify custom health check values to be applied to EC2 instance and Elastic IP address endpoints, choose **Configure health checks**. For more information, see [Ensure health check access for your accelerator](about-endpoint-groups-health-check-options.md).

1. Optionally, choose **Add endpoint group** to add additional endpoint groups for this listener or other listeners.

1. Choose **Add endpoint group**.

# Edit a standard endpoint group
<a name="about-endpoint-groups.edit-endpoint-group"></a>

This section explains how to edit a standard endpoint groups on the AWS Global Accelerator console. If you want to use API operations with Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To edit an endpoint group


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **Accelerators** page, choose an accelerator.

1. In the **Listeners** section, for **Listener ID**, choose the ID of the listener that the endpoint group is associated with.

1. Choose **Edit endpoint group**.

1. On the **Edit endpoint group** page, change the Region, adjust the traffic dial percentage, or choose **Configure health checks** to modify the health check settings.

1. Choose **Save**.

# Remove a standard endpoint group
<a name="about-endpoint-groups.delete-endpoint-group"></a>

This section explains how to remove a standard endpoint groups on the AWS Global Accelerator console. If you want to use API operations with Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

**Warning**  
Removing an endpoint group can cause traffic disruption or degraded availability. Make sure to confirm that you have a failover process in place, if needed, before you remove an endpoint group.

# To remove a standard endpoint group


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **Accelerators** page, choose an accelerator.

1. In the **Listeners** section, choose a listener.

1. In the **Endpoint groups** section, choose an endpoint group, and then choose **Remove**.

1. On the confirmation dialog box, choose **Remove**.

# Use traffic dials to adjust traffic flow to Regions
<a name="about-endpoint-groups-traffic-dial"></a>

For each standard endpoint group, you can set a traffic dial to control the percentage of traffic that is directed to the endpoint group (AWS Region). The percentage is applied only to traffic that is already directed to the endpoint group, not to all listener traffic.

Note that when you change a traffic dial, the updated setting applies to only new connections. Existing connections are not terminated to adjust the current traffic flow. Health checks are not affected by traffic dial settings.

By default, the traffic dial is set to 100 (that is, 100%) for all regional endpoint groups in an accelerator. The traffic dial lets you easily do performance testing or blue/green deployment testing for new releases across different AWS Regions, for example. 

Here are a few examples to illustrate how you can use traffic dials to change the traffic flow to endpoint groups.

**Upgrade your application by Region**  
If you want to upgrade an application in a Region or do maintenance, first set the traffic dial to 0 to cut off traffic for the Region. When you complete the work and you're ready bring the Region back into service, adjust the traffic dial to 100 to dial the traffic back up. 

**Mix traffic between two Regions**  
This example shows how traffic flow works when you change the traffic dials for two regional endpoint groups at the same time. Let’s say that you have two endpoint groups for your accelerator—one for the `us-west-2` Region and one for the `us-east-1` Region—and you've set the traffic dials to 50% for each endpoint group.  
Now, say you have 100 requests coming to your accelerator, with 50 from the East Coast of the United States and 50 from the West Coast. The accelerator directs the traffic as follows:  
+ The first 25 requests on each coast (50 requests in total) are served from their nearby endpoint group. That is, 25 requests are directed to the endpoint group in `us-west-2` and 25 are directed to the endpoint group in `us-east-1`.
+ The next 50 requests are directed to the opposite Regions. That is, the next 25 requests from the East Coast are served by `us-west-2`, and the next 25 requests from the West Coast are served by `us-east-1`.
The result in this scenario is that both endpoint groups serve the same amount of traffic. However, each one receives a mix of traffic from both Regions.

**Load sharing multi-Region architectures**  
You can configure the traffic dial and endpoint weights to implement complex scenarios as well, to configure load sharing between application endpoints. With these Global Accelerator features, you can deploy and run applications in multi-Region architectures, including active-active and active-standby setups. For more information and detailed examples, see the following blog post: [ Deploying multi-Region applications in AWS using AWS Global Accelerator](https://aws.amazon.com/blogs/networking-and-content-delivery/deploying-multi-region-applications-in-aws-using-aws-global-accelerator/)

# Override listener ports for restricted ports or connection collisions
<a name="about-endpoint-groups-port-override"></a>

By default, an accelerator routes user traffic to endpoints in AWS Regions using the protocol and port ranges that you specify when you create a listener. For example, if you define a listener that accepts TCP traffic on ports 80 and 443, the accelerator routes traffic to those ports on an endpoint.

However, when you add or update an endpoint group, you can override the listener port used for routing traffic to endpoints. For example, you can create a port override in which the listener receives user traffic on ports 80 and 443, but your accelerator routes that traffic to ports 1080 and 1443, respectively, on the endpoints.

One benefit of using port overrides can be to help avoid connection collisions, which can cause intermittent connectivity issues in Global Accelerator, resulting in TCP connection time delays, in certain scenarios. These collisions can occur when users (with the same source IP and source port) access resources in Global Accelerator. You can prevent the collisions, and thus avoid the delays, by configuring port overrides in your accelerators. For more information, see [How to avoid connection collisions that result in TCP connection time delays](about-endpoints.avoid-connection-collisions.md).

Overriding a port can also help you avoid issues with listening on restricted ports. It's safer to run applications that don't require superuser (root) privileges on your endpoints. However, in Linux and other UNIX-like systems, you must have superuser privileges to listen on restricted ports (TCP or UDP ports below 1024). By mapping a restricted port on a listener to a non-restricted port on an endpoint, you avoid this issue. You can accept traffic on restricted ports while running applications without root access on your endpoints behind Global Accelerator. For example, you can override a listener port 443 to an endpoint port 8443.

For each port override, you specify a listener port that accepts traffic from users and the endpoint port that Global Accelerator will route that traffic to. For more information, see [Add a standard endpoint group](about-endpoint-groups.create-endpoint-group.md).

When you create a port override, keep the following in mind:
+ **Endpoint ports can’t overlap listener port ranges.** The endpoint ports that you specify in a port override cannot be included in any of the listener port ranges that you've configured for the accelerator. For example, say that you have two listeners for an accelerator, and you've defined the port ranges for those listeners as 100-199 and 200-299, respectively. When you create a port override, you can't define one from listener port 100 to endpoint port 210, for example, because the endpoint port (210) is included in a listener port range that you defined (200-299).
+ **No duplicate endpoint ports.** If one port override in an accelerator specifies an endpoint port, you can’t specify the same endpoint port with port override from a different listener port. For example, you can’t specify a port override from listener port 80 to endpoint port 90 together with an override from listener port 81 to endpoint port 90.
+ **Health check continues to use the original port.** If you specify a port override for a port that is configured as a health check port, the health check still uses the original port, not the override port. For example, say that you specify health checks on listener port 80, and you also specify a port override from listener port 80 to endpoint port 480. Health checks continue to use endpoint port 80. However, user traffic that comes in through port 80 goes to port 480 on the endpoint.

  This behavior maintains consistency between Network Load Balancer, Application Load Balancer, EC2 instance, and Elastic IP address endpoints. Because Network Load Balancers and Application Load Balancers don’t map health check ports to a different endpoint ports when you specify a port override in Global Accelerator, it would be inconsistent for Global Accelerator to map health check ports to different endpoint ports for EC2 instance and Elastic IP address endpoints.
+ **Security group settings must allow port access.** Make sure that your security groups allow traffic to arrive at endpoint ports that you've designated in port overrides. For example, if you override listener port 443 to endpoint port 1433, make sure that any port restrictions set in your security group for that Application Load Balancer or Amazon EC2 endpoint allow inbound traffic on port 1433.

# Ensure health check access for your accelerator
<a name="about-endpoint-groups-health-check-options"></a>

Each listener for a standard accelerator routes requests only to healthy, active endpoints. When you add an endpoint, it must pass a health check to be considered healthy. AWS Global Accelerator also regularly sends health check requests to all endpoints on standard accelerators, to test their status. Global Accelerator automatically runs these regular health checks. After each health check is completed, the listener closes the connection that was established for the health check. 

Note that if there aren't any healthy endpoints to route traffic to, Global Accelerator routes incoming client requests to *all* endpoints in the endpoint group. For more information, see [How failover works for unhealthy endpoints](about-endpoints-endpoint-weights.unhealthy-endpoints.md).

Details about how health checks work, and guidance about using health checks, depends on the type of endpoint resource. This topic provides information about how to work with health checks for different endpoint types, including steps for updating health check options in Global Accelerator (applies to EC2 instance or Elastic IP address endpoints).

## Ensure access for your accelerator health checks
<a name="about-endpoint-groups-health-check-options.how-it-works"></a>

To ensure access for health checks to complete successfully for EC2 instance or Elastic IP address endpoints, make sure that your router and firewall rules allow inbound traffic from the IP addresses associated with Amazon Route 53 health checkers. To see the list of IP address ranges associated with Route 53 health checkers, see [IP address ranges of Route 53 servers](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html) in the *Amazon Route 53 Developer Guide*.

Global Accelerator health checks work by receiving traffic for Route 53 health checks, which is forwarded to the configured health check port for the endpoint group. Typically, the ports configured for health checks match the listener configuration. If you configure a different port for health checks instead, review your security group configuration to make sure that you don't allow public traffic on the port. 

For example, if your listener is configured on port 80, then your health check port is also 80. If you choose to configure health ports on another port, for example, port 83, then make sure that you configure your security groups to allow traffic on port 83 only from IP addresses that are in the IP address range for Route 53 health checks.

## Health check guidance for different endpoint types
<a name="about-endpoint-groups-health-check-options.hc-by-endpoint-type"></a>

Review the information in this section for guidelines about the health checks that you specify for each endpoint type for your accelerator.

In addition, make sure that the health checks that you choose for endpoints with HTTP workloads are representative of the overall health of your application, and that you follow the guidance for ensuring access to health checks that is described in the preceding section, [Ensure security and access for health checks](#GAX-HCsecurityaccessguidance).

The following guidelines apply to each specified endpoint type:
+ For Network Load Balancer or Application Load Balancer endpoints, be aware of the following:
  + The [health check options](#GAX-HCsetoptions) that you choose in Global Accelerator do not affect Network Load Balancers or Application Load Balancers that you've added as endpoints. That is, health check options that you specify in Global Accelerator are used for Amazon EC2 and Elastic IP address health checks, but not for health checks on load balancer endpoints.

    For load balancer endpoints, configure health checks by using Elastic Load Balancing configuration options. For more information, see [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html).
  + Global Accelerator considers an Application Load Balancer healthy if every target group has at least one healthy target. For more information, see [Health checks for your target groups](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html).
  + Global Accelerator considers a Network Load Balancer healthy if there is at least one healthy Availability Zone. An Availability Zone is healthy if it has a healthy target in all load balancer target groups that it is in. 

    Be aware that when you enable cross-zone load balancing, healthy targets in Network Load Balancer target groups contribute to the health of the target group in all Availability Zones. This is how Global Accelerator evaluates the health of an AZ in a target group regardless of which AZs are actually healthy. This means that with cross-zone load balancing, if every target group contains a healthy target, Global Accelerator considers the Network Load Balancer to be healthy. However, at all times, Global Accelerator only considers a Network Load Balancer healthy if the number of healthy targets meets the Network Load Balancer minimum healthy target count setting, `minimum_healthy_targets`.
+ For EC2 instance or Elastic IP address endpoints, be aware of the following:
  + When you add EC2 instance or Elastic IP address endpoints to a listener configured with TCP, you can specify the port to use for health checks. By default, if you don't specify a port for health checks, Global Accelerator uses the listener port that you specified for your accelerator.
  + When you add these endpoint types with a UDP listener, Global Accelerator uses the listener port and the TCP protocol for health checks, so you must have a TCP server on your endpoint.

    Make sure to check that the port that you've configured for the TCP server on each endpoint is the same as the port that you specify for the health check in Global Accelerator. If the port numbers aren't the same, or if you haven't set up a TCP server for the endpoint, Global Accelerator marks the endpoint as unhealthy, regardless of the endpoint's health.
  + Make sure to follow the [guidance for security and access](#GAX-HCsecurityaccessguidance) when you configure ports for health checks for your EC2 instance or Elastic IP address endpoints.

## Set health check options
<a name="about-endpoint-groups-health-check-options.set-hc-options"></a>

To set health check options for your accelerator, specify one or more of the following options when you create an accelerator or when you edit an endpoint group.

You can add the following health check options for an endpoint group.

**Health check port**  
The port to use when Global Accelerator performs health checks on endpoints that are part of this endpoint group.  
Note that you can't set a port override for health check ports.

**Health check protocol**  
The protocol to use when Global Accelerator performs health checks on endpoints that are part of this endpoint group.

**Health check interval**  
The interval, in seconds, between each health check for an endpoint.

**Threshold count**  
The number of consecutive health checks required before considering an unhealthy target healthy or a healthy target unhealthy.

# Endpoints for standard accelerators in AWS Global Accelerator
<a name="about-endpoints"></a>

Endpoints for standard accelerators in AWS Global Accelerator can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. In AWS Global Accelerator, static IP addresses serve as a single point of contact for clients, and, with a standard accelerator, Global Accelerator distributes incoming traffic across healthy endpoints. Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to. 

Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners. A resource must be valid and active when you add it as an endpoint.

**Important**  
Accelerators that you configure as dual-stack (that is, accelerators that you want to support IPv4 and IPv6) require that you add only endpoints that also support dual-stack. Network Load Balancers, Application Load Balancers, and Amazon EC2 instances can be added as dual-stack endpoints.

Global Accelerator continually monitors the health of all endpoints that are included in a standard endpoint group. It routes traffic only to the active endpoints that are healthy. If Global Accelerator doesn’t have any healthy endpoints to route traffic to, it routes traffic to all endpoints in the AWS Region.

**Topics**
+ [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md)
+ [Add a standard endpoint](about-endpoints-adding-endpoints.md)
+ [Edit a standard endpoint](about-endpoints-adding-endpoints-edit.md)
+ [Remove a standard endpoint](about-endpoints-adding-endpoints-remove.md)
+ [How endpoint weights work to manage traffic volume](about-endpoints-endpoint-weights.md)
+ [How failover works for unhealthy endpoints](about-endpoints-endpoint-weights.unhealthy-endpoints.md)
+ [How to avoid connection collisions that result in TCP connection time delays](about-endpoints.avoid-connection-collisions.md)

# Requirements for resources you add as accelerator endpoints
<a name="about-endpoints-caveats"></a>

Be aware of the following requirements and limitations for different types of resources that you can add as endpoints for standard accelerators in AWS Global Accelerator. Some requirements apply regardless of the type of resource that you add.

**All resource types**  
+ Before you enable client IP address preservation for an endpoint, there are additional requirements to keep in mind. For more information, see [Transition endpoints with client IP address preservation](about-endpoints.sipp.md).
+ To add an endpoint to a dual-stack accelerator, the endpoint must have client IP address preservation enabled.
+ When you add resources as endpoints behind Global Accelerator, we recommend that you don't also send traffic directly to the same endpoints over the internet. Sending direct traffic can lead to connection collision issues. For more information, see [How to avoid connection collisions that result in TCP connection time delays](about-endpoints.avoid-connection-collisions.md).
+ The resources that you add as endpoints for an accelerator and the accelerator itself must be owned by the same account, unless you configure cross-account support. However, the target instances behind a load balancer endpoint can be owned by different accounts. In this scenario, the accounts that own the target instances must be given permission to access a subnet owned by the account that owns the load balancer and accelerator. For more information, see [Configure cross-account access in Global Accelerator](cross-account-resources.md).
+ Before you terminate or delete a resource that you've added as an endpoint behind an accelerator, we recommend that you remove the endpoint from Global Accelerator endpoint groups. 

**Application Load Balancer endpoints**  
+ An Application Load Balancer endpoint can be internet-facing or internal. 
+ Dual-stack Application Load Balancers can be added as endpoints. 
+ Global Accelerator only supports Application Load Balancers running inside an AWS Region. Global Accelerator does not support an Application Load Balancer running as an endpoint in a Local Zone.

**Network Load Balancer endpoints**  
+ A Network Load Balancer endpoint can be internet-facing or internal.
+ Client IP address preservation is only supported for Network Load Balancers that support security groups.
+ Client IP address preservation is supported for Network Load Balancers with TCP and UDP listeners, but not with TLS termination.
+ Dual-stack Network Load Balancers can be added as endpoints for IPv4 or dual-stack accelerators, but there are a few restrictions: 
  + For IPv4 accelerators, when you add a dual-stack Network Load Balancer, you cannot enable client IP address preservation for the endpoint in Global Accelerator.
  + The Network Load Balancer must support security groups.
+ Global Accelerator only supports Network Load Balancers running inside an AWS Region. Global Accelerator does not support a Network Load Balancer running as an endpoint in a Local Zone.
+ For Network Load Balancer endpoints, we recommend that you disable cross-zone traffic for the load balancers to avoid connection collisions, which can result in increased TCP connection time. For more information, see [How to avoid connection collisions that result in TCP connection time delays](about-endpoints.avoid-connection-collisions.md). 
+ Global Accelerator does not support using shared subnets to target Network Load Balancer endpoints with client IP address preservation.
+ Global Accelerator does not support upgrading to dual-stack an existing IPv4 accelerator with Network Load Balancer endpoints.

  If you plan to update to dual-stack an IPv4 accelerator that has existing traffic towards a Network Load Balancer endpoint, you must first remove the Network Load Balancer endpoint, then update the accelerator. This will result in a period of downtime for the Network Load Balancer, during the update. Then, after the update is complete, you can add the Network Load Balancer endpoint again so that traffic can resume.

**Amazon EC2 instance endpoints**  
+ An EC2 instance endpoint can't be one of the following types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, or T1.
+ EC2 instances are supported as endpoints in specific AWS Regions. For more information, see [AWS Region availability for AWS Global Accelerator](preserve-client-ip-address.regions.md).

  Global Accelerator only supports EC2 instances inside an AWS Region. Global Accelerator does not support routing to an Elastic IP address as an endpoint in a Local Zone.
+ We recommend that you remove an EC2 instance from Global Accelerator endpoint groups before you terminate the instance. If you terminate an EC2 instance before you remove it from an endpoint group in Global Accelerator, and then you create another instance in the same VPC with the same private IP address, and health checks pass, Global Accelerator will route traffic to the new endpoint. 
+ Dual-stack EC2 instances can be added as endpoints. However, the instances must have a primary IPv6 elastic network interface (ENI) attached to them. For more information, see [ Work with network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#working-with-enis) in the Amazon Elastic Compute Cloud User Guide.

**Elastic IP addresses**  
+ Dual-stack Elastic IP addresses cannot be added as endpoints.

# Add a standard endpoint
<a name="about-endpoints-adding-endpoints"></a>

You add endpoints to endpoint groups so that traffic can be directed to your resources. You can edit a standard endpoint to change the weight for the endpoint. Or you can remove an endpoint from your accelerator by removing it from an endpoint group. Removing an endpoint doesn't affect the endpoint itself, but Global Accelerator can no longer direct traffic to that resource.

You must create a resource first, and then you can add it as an endpoint in Global Accelerator. A resource must be valid and active when you add it as an endpoint. For detailed information about the endpoint types and configurations that Global Accelerator supports, see [Requirements for resources you add as accelerator endpoints](about-endpoints-caveats.md).

One reason that you might add or remove endpoints from endpoint groups is usage. For example, if demand on your application increases, you can create more resources. Then, you can add more endpoints to one or more endpoint groups to handle the increased traffic. Global Accelerator starts routing requests to an endpoint as soon as you add it and the endpoint passes the initial health checks.

You can manage traffic to endpoints by adjusting the weights on an endpoint, to send proportionally more or less traffic to the endpoint. For more information, see [How endpoint weights work to manage traffic volume](about-endpoints-endpoint-weights.md).

Note: if you're considering adding an endpoint with client IP address preservation, first review the information in [Preserve client IP addresses in AWS Global Accelerator](preserve-client-ip-address.md).

This section explains how to add endpoints on the AWS Global Accelerator console. If you want to use API operations with AWS Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To add a standard endpoint


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **Accelerators** page, choose an accelerator.

1. In the **Listeners** section, for **Listener ID**, choose the ID of a listener.

1. In the **Endpoint groups** section, for **Endpoint group ID**, choose the ID of the endpoint group that you want to add an endpoint to.

1. Choose **Edit**.

1. In the **Endpoints** section, choose **Add endpoint**.

1. On the **Add endpoints** page, choose a resource from the dropdown list.

   If you don't have any AWS resources, there aren't any items in the list. To continue, create AWS resources such as load balancers, Amazon EC2 instances, or Elastic IP addresses. Then come back to the steps here, and choose a resource from the list.
**Note**  
If you have a dual-stack accelerator, you must add a dual-stack endpoint. Network Load Balancers, Application Load Balancers, and Amazon EC2 instances can be added as dual-stack endpoints.

1. Optionally, for **Weight**, enter a number from 0 to 255 to set a weight for routing traffic to this endpoint. When you add weights to endpoints, you configure Global Accelerator to route traffic based on proportions that you specify. By default, all endpoints have a weight of 128. For more information, see [How endpoint weights work to manage traffic volume](about-endpoints-endpoint-weights.md).

1. Optionally, enable client IP address preservation for the endpoint. Under **Preserve client IP address**, select **Preserve address**. For more information, see [Preserve client IP addresses in AWS Global Accelerator](preserve-client-ip-address.md).
**Note**  
Before you add and begin to route traffic to endpoints that preserve the client IP address, make sure that all your required security configurations, for example, security groups, are updated to include the user client IP address on allow lists.

1. Choose **Add endpoint**.

# Edit a standard endpoint
<a name="about-endpoints-adding-endpoints-edit"></a>

This section explains how to edit an endpoint on the AWS Global Accelerator console. If you want to use API operations with AWS Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

# To edit a standard endpoint


You can edit an endpoint configuration to change the weight. For more information, see [How endpoint weights work to manage traffic volume](about-endpoints-endpoint-weights.md).

1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **accelerators** page, choose an accelerator.

1. In the **Listeners** section, for **Listener ID**, choose the ID of a listener.

1. In the **Endpoint groups** section, for **Endpoint group ID**, choose the ID of the endpoint group.

1. Choose **Edit endpoint**.

1. On the **Edit endpoint** page, make updates, and then choose **Save**.

# Remove a standard endpoint
<a name="about-endpoints-adding-endpoints-remove"></a>

This section explains how to remove an endpoint on the AWS Global Accelerator console. If you want to use API operations with AWS Global Accelerator, see the [AWS Global Accelerator API Reference](https://docs.aws.amazon.com/global-accelerator/latest/api/Welcome.html).

You can remove endpoints from your endpoint groups, for example, if you need to service your endpoints. Removing an endpoint takes it out of the endpoint group, so that it no longer receives traffic through Global Accelerator, but does not affect the endpoint otherwise. Global Accelerator stops directing traffic to an endpoint as soon as you remove it from an endpoint group. The endpoint goes into a state where it waits for all current requests to be completed so there's no interruption for client traffic that is in progress. You can add the endpoint back to the endpoint group when you’re ready for it to resume receiving requests.

Note: Before you terminate or delete a resource that you've added as an endpoint behind an accelerator, we recommend that you remove the endpoint from Global Accelerator endpoint groups. 

**Warning**  
Removing an endpoint immediately stops new connections from being routed to it through Global Accelerator. If the endpoint is the only healthy target receiving traffic for your application, or all other endpoints have a weight of 0, when you remove the endpoint, the endpoint group (Region) might become unavailable. Before you remove an endpoint, verify that alternate healthy endpoints exist and are receiving traffic as expected.

# To remove an endpoint


1. Open the Global Accelerator console at [ https://us-west-2.console.aws.amazon.com/globalaccelerator/home\$1GlobalAcceleratorHome:](https://us-west-2.console.aws.amazon.com/globalaccelerator/home#GlobalAcceleratorHome:). 

1. On the **accelerators** page, choose an accelerator.

1. In the **Listeners** section, for **Listener ID**, choose the ID of a listener.

1. In the **Endpoint groups** section, for **Endpoint group ID**, choose the ID of the endpoint group.

1. Choose **Remove endpoint**.

1. In the confirmation dialog box, choose **Remove**.

# How endpoint weights work to manage traffic volume
<a name="about-endpoints-endpoint-weights"></a>

Weighted routing lets you choose how much traffic is routed to a specific resource (endpoint) in an endpoint group. This can be useful in several ways, including for load balancing and for testing new versions of your application.

A weight is a value you can set that determines the proportion of traffic that Global Accelerator directs to an endpoint in a standard accelerator. Endpoints can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. Global Accelerator calculates the sum of the weights for the endpoints in an endpoint group, and then directs traffic to the endpoints based on the ratio of each endpoint's weight to the total. By default, the weight for an endpoint is set to 128, which is half of the maximum value of 255.

## How endpoint weights work
<a name="about-endpoints-endpoint-weights.how-it-works"></a>

To use weights, you assign each endpoint in an endpoint group a relative weight that corresponds with how much traffic that you want to send to it. By default, the weight for an endpoint is 128—that is, half of the maximum value for a weight, 255. Global Accelerator sends traffic to an endpoint based on the weight that you assign to it as a proportion of the total weight for all endpoints in the group:

![\[How relative weights work for endpoints in Global Accelerator\]](http://docs.aws.amazon.com/global-accelerator/latest/dg/images/WRR_calculation.png)


For example, if you want to send a tiny portion of your traffic to one endpoint and the rest to another endpoint, you might specify weights of 1 and 255, respectively. The endpoint with a weight of 1 gets 1/256 of the traffic (1/1\$1255), and the other endpoint gets 255/256 (255/1\$1255). You can gradually change the balance of traffic volume to each endpoint by changing the weights. If you want Global Accelerator to stop sending traffic to an endpoint, you can change the weight for that resource to 0.

Be aware that even when you've set endpoint weights in your accelerator, in specific, limited scenarios, Global Accelerator overrides those weights, to help ensure availability. That is, when Global Accelerator is load balancing traffic across endpoints in an endpoint group, it must, in certain circumstances, choose between preserving availability for client traffic and abiding by endpoint weights. For example, with accelerators where the client IP address is preserved, Global Accelerator might need to override an endpoint weight setting to help avoid connection collisions.

# How failover works for unhealthy endpoints
<a name="about-endpoints-endpoint-weights.unhealthy-endpoints"></a>

If there are no healthy endpoints in an endpoint group that have a weight greater than zero, Global Accelerator tries to fail over to a healthy endpoint with a weight greater than zero in another endpoint group. Note that for this failover, Global Accelerator ignores the traffic dial setting. So if, for example, an endpoint group has a traffic dial set to zero, Global Accelerator still includes that endpoint group in the failover attempt.

If Global Accelerator doesn't find a healthy endpoint with a weight greater than zero after trying the three closest endpoint groups (that is, AWS Regions), it routes traffic to a random endpoint in the endpoint group that is closest to the client. That is, it *fails open*.

Note the following:
+ The endpoint group chosen for failover might be one that has a traffic dial set to zero.
+ The nearest endpoint group might not be the original endpoint group. This is because Global Accelerator considers account traffic dial settings when it chooses the original endpoint group.

For example, let's say your configuration has two endpoints, one healthy and one unhealthy, and you've set the weight for each of them to be greater than zero. In this case, Global Accelerator routes traffic to the healthy endpoint. However, now say you set the weight of the only healthy endpoint to zero. Global Accelerator then tries three additional endpoint groups to find a healthy endpoint with a weight greater than zero. If it doesn't find one, Global Accelerator routes traffic to a random endpoint in the endpoint group that is closest to the client.

When recovery occurs, that is, Regions are healthy again, Global Accelerator returns to regular routing behavior. This means that, typically, routing will start back to healthy endpoints with traffic dials that aren't set to zero in about 30 seconds or so. However, note that established active connections are not moved. They continue to route to the zero weight Region until the connection is reset by the client or the server, or until the client makes a new connection.

# How to avoid connection collisions that result in TCP connection time delays
<a name="about-endpoints.avoid-connection-collisions"></a>

Intermittent connectivity issues can be caused by connection collisions in AWS Global Accelerator. These can occur when users (with the same source IP and source port) access resources in Global Accelerator in certain scenarios. The collisions can result in TCP connection time delays for traffic that goes through your accelerators.

You can avoid these delays by configuring your accelerators with *port overrides*, a feature in Global Accelerator that enables you to route incoming traffic to a different destination ports on your accelerator endpoints. Follow the guidance in this section to learn about how to use port overrides to prevent the connection collisions and avoid potential TCP connection time delays.

## Scenarios that can cause connection collisions
<a name="about-endpoints.avoid-connection-collisions.scenarios"></a>

There are three scenarios in Global Accelerator that can lead to connection collisions, and thus to TCP connection time delays:
+ You configure the same resource as an endpoint with multiple accelerators.
+ You configure resources as endpoints behind Global Accelerator, and you also send traffic directly over the internet from your end users to the same resources.
+ You configure Network Load Balancer endpoints for cross-zone traffic.

For Network Load Balancer endpoints, we recommend that you disable cross-zone traffic for the load balancers to avoid connection collisions. For more information, see [ TCP Connection Delays](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html#tcp-delays) in the *User Guide for Network Load Balancers*.

For the other scenarios, we recommend that you use the port override feature with the endpoint group to prevent collisions. Using port overrides, you can map Global Accelerator listener ports to different destination port numbers on an endpoint resource. Listener ports default to using the same port numbers on endpoint resources. By using port overrides, accelerators can route traffic from the same users (with the source IP and source port) to the same endpoint, but use different destination port numbers, which avoids collisions.

The next section provides specific examples for each of the scenarios of how you can configure port overrides to avoid connection collisions. For more information about configuring port overrides, see [Override listener ports for restricted ports or connection collisions](about-endpoint-groups-port-override.md).

## How to prevent connection collisions by using port overrides
<a name="about-endpoints.avoid-connection-collisions.how-to-prevent"></a>

By default, an accelerator routes user traffic to endpoints in AWS Regions using the same protocol and the same destination port ranges that you specify when you create a listener. However, you can optionally choose to override the port number mapping for the listener port. That is, you can map a listener port number to route traffic to a different destination port number on an endpoint.

For example, if you define a listener that accepts TCP traffic on ports 80 and 443, by default, the accelerator routes traffic to those same ports, 80 and 443, on endpoints. However, using the port override feature, the accelerator can route traffic coming in on those ports to different ports on endpoints, such as 8080 and 8443.

By creating different port mappings for listeners in two (or more) accelerators that have the same resources configured behind them, you can use separate destination port numbers for each accelerator and avoid collisions.

For example, say you have Accelerator-A and Accelerator-B, and each one has a listener configured for TCP and port 443. You can set up a port override for the listener for Accelerator-A to map port 443 to 8443, and the listener for Accelerator-B to map port 443 to 9443. Now you configure an Application Load Balancer endpoint, ALB-1234, for example, to listen on both ports 8443 and 9443. Then traffic coming in on port 443 (to the listeners for both accelerators) from the same user IP address will arrive at ALB-1234, without connection collisions or TCP connection time delays. 

You can see the traffic paths for this example illustrated in the following:

`Accelerator-A [listener: tcp,443] → Endpoint-Group [port-override: 443→8443] → ALB-1234 (listener: HTTPS,8443)`

`Accelerator-B [listener: tcp,443] → Endpoint-Group [port-override: 443→9443] → ALB-1234 (listener: HTTPS,9443) `

You can use a port override in a similar way to prevent connection collisions for resources that are accessed by both direct user traffic and through an accelerator by overriding the default mapping for the accelerator's listener port number. To prevent collisions in this scenario, do the following:

1. Determine the port that you want the resource to listen on for your direct traffic. 

1. Configure the listener for your accelerator to override the default port, and configure the listener on your resource to listen on that port for accelerator traffic.

For example, you could set up a port override for the listener for your accelerator to map port 443 to port 8443. Now, you could configure an Application Load Balancer endpoint, for example, to listen for your accelerator traffic on port 8443 and for direct traffic on port 443. With this configuration, you avoid connection collisions on the Application Load Balancer for traffic coming from the same user IP address.