AWS Global Infrastructure
I had a challenge on AWS global infrastructure concept back when I first started learning AWS. There is no problem to understand the definitions on AWS Global Infrastructure, Regions, Availability Zones (AZs) and Edge Locations etc. However, when it comes to architecture blueprints to achieve high availability on AWS, we need to understand how to span those services (e.g. global, region or single AZ vs. multi-AZ.)Let’s first take a look on the components in AWS global infrastructure.
AWS Global Infrastructure
The AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). At the time of this post, the AWS Cloud spans 54 Availability Zones within 18 geographic Regions and 1 Local Region (Asia Pacific Osaka Local Region) around the world.
- A Region is geographical area with a collection of availability zones(AZs). Every Region is physically isolated from the others, and each will contain at least two Availability Zones. AWS has deployed regions across the globe to provide low latency, high throughput, and highly redundant networking.
- Availability zone is logical (not physical!) data center of AWS. Each Availability Zone is isolated from another within the same region with the separated power, network, and other infrastructure resources. But an AZ could be backed by one or more physical data centers. These Availability Zones offer AWS customers an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single data center infrastructures or multi-data center infrastructures.
- Edge location is Content Delivery Network (CDN) endpoint for AWS to cache contents and reduce latency. Edge Locations are usually deployed in major cities and highly populated areas across the globe. There are more edge locations than regions. AWS has CloudFront and Lambda@Edge to cache data and reduce latency for end user access by using the Edge Locations as a global Content Delivery Network (CDN).
For example, the US East (N. Virginia) region with region name as us_east_1 has six AZs (e.g. us_east_1a, us_east_1b…us_east_1f). Next, we take a look on some services of their service range: global, region, or specific to AZ.
Most of the AWS managed services are regional services. However, some services AWS specified either regional or only AZ to achieve high availability. We just mentioned CloudFront and Lambda@Edge is global CDN by using Edge Locations. There are more services that are defined with different service ranges on the service self vs. its associated components. I collected the following services that I felt very confused at first and I think we should pay attention when we setup them on AWS:
- S3: S3 Namespace is global but buckets are created within the selected region. Cross Region Replication (CRR) is an Amazon S3 feature that automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.
- EC2: Resource Identifiers (e.g. AMI ID, instance ID) are regional. An instance is hosted on selected Availability Zone. There is a soft limit of 20 EC2 instances per region. EBS volume is attached only to the instance in the same Availability Zone. But EBS snapshot is used to create volumes in the same region. To make EBS snapshot available in the different region, copy from one region to other then share it. The same as AMI (Amazon Machine Images) is also a regional resource to provide templates to launch EC2 instances in the region.
- Identity & Access Management (IAM): IAM is a global service. Same AWS accounts, users, groups and roles can be used in all regions. However, EC2 Key Pairs are region specific. You can create an RSA key pair using a third-party tool and then import the public key to Amazon EC2 in all regions.
- Route 53: Route 53 is a globally distributed service and offered at AWS edge locations.
- Auto Scaling: Auto Scaling ensures that you are running your desired number of Amazon EC2 instances. It spans across multiple Availability Zones within the same region. It’s easy to confuse it with Placement group. A placement group is a logical grouping of EC2 instances with in a single Availability Zone.
- Elastic Load Balancer (ELB): ELB distributes traffic across instances in multiple Availability Zones in the same region
- Virtual Private Cloud (VPC): VPC is a logical data center within a Region. Subnet can span only a single Availability Zone. Security groups, Network ACLs, and Route Tables in VPC can span subnets/AZs in the same region. VPC Peering can be performed across VPCs in the same account or between another account within the same region.
- DynamoDB: DynamoDB is a regional service. So there is no need to explicitly create a multi-AZ deployment.
- Elastic IP Address(EIP): By default, all AWS accounts are limited to five (5) Elastic IP addresses per region, because public (IPv4) internet addresses are a scarce public resource.
Please review my article AWS Cloud Security for more details on AWS services and tools to setup security processes.