Users often access modern applications from all over the world. These applications can have strict requirements for performance, availability and security. The global nature of these use cases makes it challenging to return responses with low latencies to all users, regardless of the point of access. AWS offers two services that help with these challenges: AWS Global Accelerator and Amazon CloudFront.
AWS Global Accelerator is a networking service that improves an application's performance and availability for global users. Amazon CloudFront is a cloud distributed networking service for web applications that provides low latency and speed. While both these services emphasize performance and availability, they each serve certain purposes and have differences regarding protocols, IP addresses, security and price.
Amazon CloudFront supports dynamic content from HTTP and WebSocket protocols, which are based on the Transmission Control Protocol (TCP) protocol. Common use cases include dynamic API calls, web pages and web applications, as well as an application's static files such as audio and images. It also supports on-demand media streaming over HTTP.
AWS Global Accelerator supports both User Datagram Protocol (UDP) and TCP-based protocols. It is commonly used for non-HTTP use cases, such as gaming, IoT and voice over IP. It is also good for HTTP use cases that need static IP addresses or fast regional failover.
Amazon CloudFront supports content caching at edge locations based on configurable patterns, such as URLs, headers and file types. Content that is cached and compressed at edge locations improves latency significantly and offloads traffic from backend systems. This makes applications more scalable.
However, for backends that only deliver dynamic content or non-TCP protocols, Global Accelerator is likely the best choice. It doesn't cache any content. It uses edge computing to find the most optimal route to the closest regional endpoint, which is why it works well for gaming and IoT, and mitigate endpoint failure.
Both CloudFront and Global Accelerator use AWS Shield to prevent DDoS attacks. Unlike Global Accelerator, CloudFront also supports AWS Web Application Firewall (WAF) to offer additional protection against malicious traffic. However, if a Global Accelerator interacts with an Application Load Balancer (ALB), then users can configure WAF rules for the ALB.
Additionally, CloudFront can interact directly with on-premises resources. For on-premises interactions, Global Accelerator must first integrate with AWS Network Load Balancer that is connected to on-premises components.
The following examples are simplified, as a detailed price comparison between the two services is complicated. When considering prices, there are three key outlying factors:
- the amount of data transferred in and out of each service;
- AWS Regions where origin resources are located; and
- the multiple geographic locations of end users along with the number of requests.
The cost of this service is based on data transferred out to the internet and the number of requests made to a CloudFront distribution. It is free to transfer Amazon EC2 or S3 resources to CloudFront. Data transfer rates vary according to the region on which the edge location is based. This rate can vary up to approximately 40% according to the geography of edge locations.
There is a pricing bracket based on the amount of data transferred throughout the month (10TB, 40TB, 100TB, etc.). CloudFront also supports a feature called Security Savings Bundle. This feature is based on a one-year commitment and can reduce costs by 30%. As of now, Global Accelerator doesn't have a comparable feature to Security Savings Bundle.
A very useful feature of CloudFront is Lambda@Edge, which is a way to optionally trigger Lambda functions on incoming requests and outgoing responses. Application owners can implement additional functionality, such as validations, data transformations or any custom logic, based on incoming or outgoing data. Global Accelerator doesn't have a similar feature.
AWS Global Accelerator
This service has an hourly fee of $0.025 -- for example, $18 in a 30-day month -- and a data transfer fee. Data transfer rates can be expensive and hard to manage. They can vary from $0.015 GB to $0.105 GB, depending on the data origin, destination, AWS Region and edge location.
Pricing is also calculated each hour based on the dominant direction of traffic during that period. For example, if 70% of data transfer is incoming data sent to backend systems and 30% is outbound data, only the amount of incoming data is used to calculate data transfer fees during that hour.
With this model, in an application with predominantly outbound data, 10 TB of data transferred out to the internet within North America would result in $150 of Global Accelerator data transfer costs. The data transfer amount can increase significantly depending on the global usage of an application. For example, for edge locations based in Australia that interact with EC2 resources in North America, it would cost $1,250 to $1,050 in Global Accelerator data transfer plus $200 in EC2 inter-regional data transfer to transfer 10TB of data out to the internet.