Route53: A Guide For Implementing Private Routing

Route53: A Guide For Implementing Private Routing

How to implement Route 53 latency or geoproximity routing for private and cross-regional instances to access private applications on AWS ?

Amazon Employee
Published Jun 17, 2024

Use Case

End-users accessing private applications on AWS from different locations worldwide might experience latency and availability issues due to the lack of optimization in routing.
To improve the latency between users and applications hosted in multiple geographical locations, customers rely on Route 53 Latency-based or Geoproximty routing policies.
These policies ensure that when users initiate a connection using the application’s DNS name, they are sent back the address of the closest instance hosting that application - hence optimizing latency.
The policies rely on the fact that Route 53 is aware about the source location of the user, so that it can choose the target record based on the latency or the distance between the user and the application.
However this is not true for private applications, that have records defined in a Private Hosted Zone.
To connect to an application hosted on private AWS instances using DNS, you have to setup an Inbound Resolver endpoint - so that the local on-premise DNS queries are privately forwarded and resolved on AWS. In this setup, the user source location is not known by Route 53 - hence the question: How to implement private routing for global users and cross-regional instances ?


The solution that adopted to address this challenge is twofold:
1. Create an inbound resolver in each AWS Region where there are instances running the application. Then, configure your local DNS resolver to forward queries targeting AWS instances to the nearest inbound endpoint based on the user’s location e.g. If a user is France, then the DNS queries should target the IPs of the inbound endpoints in eu-west-3.
For improved resiliency, configure your local resolver to target more than one endpoint and to automatically switch to the next one in case the primary is not reachable (transparent failover).
2. Define Route 53 records in the Private Hosted Zone with Latency or Geoproximity routing type. For each record, choose the AWS Region based on the location of the target instances.
Geoproximity has an advantage over Latency, because it allows you to specify Custom Coordinates which might be useful if you have applications running outside of AWS.
Here's how a sample target architecture looks like:
Architecture Diagram


By doing this configuration, Route 53 will consider that the source of the AWS query is coming from the location of the inbound resolver endpoint and will return the records that have the optimal latency or distance.
This ensures that end-users are directed to the nearest AWS instance hosting the application, significantly improving performance and user experience.
The solution takes into consideration a resilient DNS setup, since each Inbound Endpoint will consist of two ENIs - each in a different Availability Zone.

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.