Building AWS Global Accelerator with CloudFormation - Handling TCP & HTTPS Traffic (Part 1)

In this Cloud Formation Wednesday stream, we tackle a real customer use case: setting up AWS Global Accelerator to handle both HTTPS and TCP traffic to the same domain. This is Part 1 of our build series where we lay the foundation with infrastructure-as-code. What We Cover: 🚀 Setting up AWS Global Accelerator with CloudFormation 🎯 Creating listeners for both HTTPS (port 443) and TCP (port 9898) traffic 🏗️ Building a VPC with public/private/protected subnets across multiple AZs 🔒 Designing security groups with proper chaining for least privilege access 🔗 Using CloudFormation stack exports/imports for modular deployments 🔍 Troubleshooting IP ranges for Global Accelerator security group rules Architecture Overview: We're building a solution where Global Accelerator acts as the entry point, routing HTTPS traffic through an Application Load Balancer (with WAF protection) and TCP traffic directly to EC2 instances - all ending up at the same destination but with different routing paths. Tools Used: ☁️ AWS CloudFormation 🚀 GitLab CI/CD 🤖 AWS Q (AI assistant for troubleshooting) ⚡ Neo Vim for template editing Coming Next Week: Part 2 will cover deploying the Application Load Balancer, EC2 instances, and configuring the endpoint groups to complete our traffic routing solution. Perfect for AWS developers working with Global Accelerator, CloudFormation automation, or multi-protocol traffic routing scenarios. Timestamps: 0:00 - Introduction & Use Case Overview 4:00 - Global Accelerator Basics 12:00 - Setting Up CloudFormation Templates 25:00 - Adding TCP & HTTPS Listeners 48:00 - VPC Deployment 59:00 - Security Groups & IP Range Discovery 1:30:00 - GitLab CI/CD Pipeline Setup Weekly Newsletter: https://curiousorbit.com/orbitweekly/ Next Stream: Wednesdays at 7 PM EST