How a zonal shift works - Amazon Route 53 Application Recovery Controller
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How a zonal shift works

When you start a zonal shift for a load balancer resource, Amazon Route 53 Application Recovery Controller requests that the resource move traffic away from the Availability Zone that you've specified. This request causes the load balancer health check for the Availability Zone to be set to unhealthy so that it fails its health check. An unhealthy health check, in turn, results in Amazon Route 53 withdrawing the corresponding IP addresses for the resource from DNS, so traffic is redirected from the Availability Zone. New connections are now routed to other Availability Zones in the Amazon Region instead.

When you start a zonal shift, the zonal shift is created in Route 53 ARC, but because of the steps in the process, you might not see traffic move out of the Availability Zone immediately. It also can take a short time for existing, in-progress connections in the Availability Zone to complete, depending on client behavior and connection reuse. Typically, however, this takes just a few minutes.

When a customer-initiated zonal shift expires or you cancel it, Route 53 ARC reverses the process, requesting the Route 53 health checks to be set to healthy again, so the original zonal IP addresses are restored and the Availability Zone is included in the load balancer's routing again.

Route 53 ARC uses health checks to move traffic away from Availability Zones, by requesting health checks to be set to unhealthy, and then to healthy again when you cancel a zonal shift or it expires. It's important to note that zonal shift does not, however, include health checks that monitor the underlying health of load balancers or applications.

You must set all zonal shifts to expire when you start them. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time. You can also cancel a zonal shift before it expires, if you're ready to restore traffic to the Availability Zone.

In a few specific scenarios, a zonal shift does not shift traffic from the AZ. For example, if the load balancer target groups in the AZs don't have any instances, or if all of the instances are unhealthy, then the load balancer is in a fail open state. If you start a zonal shift for a load balancer in this scenario, the zonal shift does not change which AZs the load balancer uses because the load balancer is already in a fail open state. This is expected behavior. Zonal shift cannot force one AZ to be unhealthy and shift traffic to the other AZs in a Region if all AZs are failing open (unhealthy). A second scenario is if you start a zonal shift for an Application Load Balancer that is an endpoint for an accelerator in Amazon Global Accelerator. Zonal shift isn't supported for Application Load Balancers that are endpoints of accelerators in Global Accelerator.

For more information about zonal shift support, see Resources supported for zonal shift and zonal autoshift.