0
0
AWScloud~5 mins

Failover routing for disaster recovery in AWS - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Sometimes, a website or app server can stop working because of problems like power outages or network issues. Failover routing helps automatically switch users to a backup server so the service keeps working without interruption.
When your main website server goes down and you want users to reach a backup server automatically.
When you have two data centers and want traffic to go to the second one if the first fails.
When you want to avoid downtime during server maintenance by switching traffic temporarily.
When you want to improve reliability by having a standby server ready to take over.
When you want to protect your app from disasters like floods or fires affecting one location.
Config File - failover-routing.json
failover-routing.json
{
  "Comment": "Create a failover routing policy for disaster recovery",
  "Changes": [
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "example.com.",
        "Type": "A",
        "SetIdentifier": "Primary",
        "Failover": "PRIMARY",
        "TTL": 60,
        "ResourceRecords": [
          {"Value": "192.0.2.1"}
        ],
        "HealthCheckId": "replace-with-health-check-id"
      }
    },
    {
      "Action": "CREATE",
      "ResourceRecordSet": {
        "Name": "example.com.",
        "Type": "A",
        "SetIdentifier": "Secondary",
        "Failover": "SECONDARY",
        "TTL": 60,
        "ResourceRecords": [
          {"Value": "192.0.2.2"}
        ]
      }
    }
  ]
}

This JSON file defines two DNS records for the same domain using failover routing.

Primary record: Points to the main server IP (192.0.2.1) and is marked as PRIMARY. It should be associated with a health check to detect failures.

Secondary record: Points to the backup server IP (192.0.2.2) and is marked as SECONDARY.

Route 53 will send traffic to the primary IP unless it detects failure, then it switches to the secondary IP automatically.

TTL is set to 60 seconds to allow quick switching.

Commands
This command applies the failover routing policy by creating primary and secondary DNS records in the specified hosted zone.
Terminal
aws route53 change-resource-record-sets --hosted-zone-id Z3P5QSUBK4POTI --change-batch file://failover-routing.json
Expected OutputExpected
{ "ChangeInfo": { "Id": "/change/C2682N5HXP0BZ4", "Status": "PENDING", "SubmittedAt": "2024-06-01T12:00:00Z", "Comment": "Create a failover routing policy for disaster recovery" } }
--hosted-zone-id - Specifies the Route 53 hosted zone where DNS records are managed.
--change-batch - Points to the JSON file describing the DNS record changes.
This command checks that the primary and secondary DNS records for example.com are created and shows their details.
Terminal
aws route53 list-resource-record-sets --hosted-zone-id Z3P5QSUBK4POTI --query "ResourceRecordSets[?Name=='example.com.']"
Expected OutputExpected
[ { "Name": "example.com.", "Type": "A", "SetIdentifier": "Primary", "Failover": "PRIMARY", "TTL": 60, "ResourceRecords": [ {"Value": "192.0.2.1"} ] }, { "Name": "example.com.", "Type": "A", "SetIdentifier": "Secondary", "Failover": "SECONDARY", "TTL": 60, "ResourceRecords": [ {"Value": "192.0.2.2"} ] } ]
--hosted-zone-id - Specifies the hosted zone to query.
--query - Filters output to show only records for example.com.
Key Concept

If the primary server fails, failover routing automatically sends users to the backup server to keep your service running.

Common Mistakes
Not setting the Failover attribute correctly on DNS records.
Route 53 won't know which record is primary or secondary, so failover won't work.
Always set Failover to PRIMARY for main and SECONDARY for backup records.
Using long TTL values for failover records.
DNS caches the old IP too long, delaying failover to the backup server.
Use a low TTL like 60 seconds to allow quick switching.
Not monitoring health checks linked to the primary record.
Failover depends on health checks to detect failure; without them, failover won't trigger.
Configure health checks and associate them with the primary DNS record.
Summary
Create DNS records with failover routing by marking one as PRIMARY and another as SECONDARY.
Apply the routing policy using AWS CLI with a JSON change batch file.
Verify the records exist and are correctly configured to enable automatic failover.