1
00:00:00,260 --> 00:00:02,350
‫Okay, so now let's talk about routing policies

2
00:00:02,350 --> 00:00:04,400
‫and this one is going to be for the failover.

3
00:00:04,400 --> 00:00:07,370
‫So the idea is that we have route 53 in the middle

4
00:00:07,370 --> 00:00:08,890
‫and we have EC2 instances,

5
00:00:08,890 --> 00:00:11,040
‫one is going to be our primary EC2 instance,

6
00:00:11,040 --> 00:00:13,100
‫and the second one is going to be a secondary,

7
00:00:13,100 --> 00:00:15,500
‫or disaster recovery, EC2 instance.

8
00:00:15,500 --> 00:00:17,060
‫In this case, what's going to happen is that we're going

9
00:00:17,060 --> 00:00:19,740
‫to associate our primary record with a health check,

10
00:00:19,740 --> 00:00:21,180
‫and this is mandatory.

11
00:00:21,180 --> 00:00:23,460
‫And if the health check it becomes unhealthy,

12
00:00:23,460 --> 00:00:26,740
‫then route 53 is going to automatically failover

13
00:00:26,740 --> 00:00:28,700
‫to the second EC2 instance,

14
00:00:28,700 --> 00:00:32,000
‫and start sending that result back instead.

15
00:00:32,000 --> 00:00:34,512
‫And of course the secondary EC2 can also be

16
00:00:34,512 --> 00:00:37,500
‫associated with the health check as well, if we want it to.

17
00:00:37,500 --> 00:00:40,210
‫But there can only be one primary and one secondary.

18
00:00:40,210 --> 00:00:42,520
‫Now the client, when it makes DNS requests,

19
00:00:42,520 --> 00:00:45,040
‫will automatically get the resource that is deemed healthy.

20
00:00:45,040 --> 00:00:47,220
‫So if our primary is healthy,

21
00:00:47,220 --> 00:00:50,020
‫then route 53 will answer with a primary record.

22
00:00:50,020 --> 00:00:52,110
‫But if the health check is unhealthy, automatically,

23
00:00:52,110 --> 00:00:54,450
‫we will get the response of the second record,

24
00:00:54,450 --> 00:00:57,520
‫which really helps us do (indistinct) a failover.

25
00:00:57,520 --> 00:00:58,840
‫So that's it, let's go in the hands-on

26
00:00:58,840 --> 00:01:00,870
‫to see how we can practice this.

27
00:01:00,870 --> 00:01:02,880
‫Okay, so now let's leverage these health checks

28
00:01:02,880 --> 00:01:05,810
‫and create a failover record.

29
00:01:05,810 --> 00:01:09,830
‫So in my hosted zone, I'm going to create a record,

30
00:01:09,830 --> 00:01:11,040
‫and this one's going to be called

31
00:01:11,040 --> 00:01:13,440
‫failover.stephanetheteacher.com,

32
00:01:13,440 --> 00:01:14,450
‫and it's the A record,

33
00:01:14,450 --> 00:01:15,960
‫and the first value is going to be

34
00:01:15,960 --> 00:01:19,550
‫for my EU-central-1 instance, so the one close to me,

35
00:01:19,550 --> 00:01:22,910
‫and the routing policy is going to be a failover.

36
00:01:22,910 --> 00:01:24,420
‫So the TTL will set it something really low,

37
00:01:24,420 --> 00:01:25,930
‫like 60 seconds.

38
00:01:25,930 --> 00:01:27,800
‫And the failover record type has two options.

39
00:01:27,800 --> 00:01:30,700
‫It could be either primary or secondary, just these two.

40
00:01:30,700 --> 00:01:33,710
‫So this is my primary record, and I will associate it

41
00:01:33,710 --> 00:01:35,200
‫with a health check, I have to.

42
00:01:35,200 --> 00:01:36,530
‫So it will associate with my health check

43
00:01:36,530 --> 00:01:38,440
‫named EU-central-1,

44
00:01:38,440 --> 00:01:40,750
‫and the record ID is going to be E.

45
00:01:40,750 --> 00:01:42,620
‫So what this is saying is that this record

46
00:01:42,620 --> 00:01:44,030
‫should be my primary one,

47
00:01:44,030 --> 00:01:46,230
‫but this is going to be associated with a health check,

48
00:01:46,230 --> 00:01:48,240
‫which means that you can failover to a second record.

49
00:01:48,240 --> 00:01:50,820
‫So let's add a new record, and I will keep the record name

50
00:01:50,820 --> 00:01:53,490
‫as failover.stephanetheteacher.com,

51
00:01:53,490 --> 00:01:55,990
‫and the value of which is going to be my instance

52
00:01:55,990 --> 00:01:58,110
‫in US-east-1.

53
00:01:58,110 --> 00:02:00,840
‫Okay, we're still going to have to do a failover,

54
00:02:00,840 --> 00:02:02,380
‫the TTL is 60 seconds,

55
00:02:02,380 --> 00:02:05,230
‫and the failover record type is going to be secondary.

56
00:02:05,230 --> 00:02:08,270
‫Now we can optionally associate your health check with it,

57
00:02:08,270 --> 00:02:10,840
‫okay, of US-East-1, but you don't have to.

58
00:02:10,840 --> 00:02:13,240
‫And the record ID is going to be US.

59
00:02:13,240 --> 00:02:15,190
‫Now let's create this record,

60
00:02:15,190 --> 00:02:17,370
‫and notice it was successfully created.

61
00:02:17,370 --> 00:02:20,160
‫And so let's go back into our health checks.

62
00:02:20,160 --> 00:02:21,390
‫And currently these two health checks

63
00:02:21,390 --> 00:02:23,940
‫I've associated with my records are healthy.

64
00:02:23,940 --> 00:02:26,160
‫So if I go into the URL,

65
00:02:26,160 --> 00:02:29,373
‫so if I go to failover.stephanetheteacher.com,

66
00:02:31,800 --> 00:02:35,160
‫right now, I get an answer from EU-central-1c,

67
00:02:35,160 --> 00:02:36,240
‫That's perfect.

68
00:02:36,240 --> 00:02:37,920
‫But what I'm going to do is trigger a failure.

69
00:02:37,920 --> 00:02:41,363
‫So let's go into the EU-central-1 region,

70
00:02:42,370 --> 00:02:44,930
‫and I'm going to find my instances, here,

71
00:02:44,930 --> 00:02:46,870
‫and I'm going to find the security group,

72
00:02:46,870 --> 00:02:49,940
‫and I'm going to, again, stop some security group roles.

73
00:02:49,940 --> 00:02:53,200
‫So let's refresh this page.

74
00:02:53,200 --> 00:02:54,870
‫It does exist, that's perfect.

75
00:02:54,870 --> 00:02:57,510
‫And for the inbound rule, I'm going to edit it,

76
00:02:57,510 --> 00:02:59,870
‫and it will remove the rule on port A.

77
00:02:59,870 --> 00:03:02,550
‫So that will make my instance completely unreachable

78
00:03:02,550 --> 00:03:04,270
‫from the health checkers.

79
00:03:04,270 --> 00:03:06,750
‫So what I have to do now is to wait for this health check

80
00:03:06,750 --> 00:03:07,670
‫to become unhealthy,

81
00:03:07,670 --> 00:03:10,620
‫and then we'll be able to test the failover.

82
00:03:10,620 --> 00:03:13,010
‫So let's refresh, and as we can see now,

83
00:03:13,010 --> 00:03:16,070
‫my EU-central-1 health check is deemed unhealthy,

84
00:03:16,070 --> 00:03:18,140
‫and we can look into the monitoring tab and see

85
00:03:18,140 --> 00:03:20,280
‫really when it got a unhealthy, so this is quite cool.

86
00:03:20,280 --> 00:03:21,770
‫So the health checker was positive,

87
00:03:21,770 --> 00:03:23,130
‫and then it went to zero,

88
00:03:23,130 --> 00:03:25,160
‫and then we can see how many percentage

89
00:03:25,160 --> 00:03:26,700
‫of the health checkers did report healthy,

90
00:03:26,700 --> 00:03:28,830
‫and again, this went one down to zero.

91
00:03:28,830 --> 00:03:29,750
‫So what this means,

92
00:03:29,750 --> 00:03:33,680
‫is that now that this health check is unhealthy

93
00:03:33,680 --> 00:03:35,450
‫because of the way we set up the failover

94
00:03:35,450 --> 00:03:37,750
‫that was linked to this health check.

95
00:03:37,750 --> 00:03:39,800
‫Then next time I refresh this,

96
00:03:39,800 --> 00:03:41,290
‫I should not be in Eu-central-1c,

97
00:03:41,290 --> 00:03:43,300
‫I should be in US-east-1.

98
00:03:43,300 --> 00:03:44,700
‫So let's refresh this (indistinct) page,

99
00:03:44,700 --> 00:03:48,090
‫and yes, the answer is that we are in US-east-1.

100
00:03:48,090 --> 00:03:51,500
‫And so the failover did work seamlessly behind the scenes.

101
00:03:51,500 --> 00:03:53,490
‫And while to fix it, you just go back

102
00:03:53,490 --> 00:03:56,520
‫into your security group, you would edit the inbound rule,

103
00:03:56,520 --> 00:03:59,410
‫and then you would add back the HTTP rule,

104
00:03:59,410 --> 00:04:01,920
‫and then automatically the health check

105
00:04:01,920 --> 00:04:04,884
‫is going to pass again, and therefore we are going to

106
00:04:04,884 --> 00:04:09,010
‫failover back to our primary location, okay.

107
00:04:09,010 --> 00:04:10,630
‫So that's it for this lecture, I hope you liked it,

108
00:04:10,630 --> 00:04:12,580
‫and I will see you in the next lecture.