AWS Global vs Regional vs AZ resources – Certification

AWS Global, Regional, AZ resource Availability

AWS provides a lot of services and these services are either Global, Regional or specific to the Availability Zone and cannot be accessed outside. Most of the AWS managed services are regional based services (except for IAM, Route53, CloudFront, WAF etc).

Global vs Regional vs AZ Resource locations

AWS Global vs Regional vs AZ

  • IAM
    • Users, Groups, Roles, Accounts – Global
      • Same AWS accounts, users, groups and roles can be used in all regions
    • Key Pairs – Global or Regional
      • Amazon EC2 created key pairs are specific to the region
      • RSA key pair can be created and uploaded that can be used in all regions
  • Virtual Private Cloud
    • VPC – Regional
      • VPC are created within a region
    • Subnet – Availability Zone
      • Subnet can span only a single Availability Zone
    • Security groups – Regional
      • A security group is tied to a region and can be assigned only to instances in the same region.
    • VPC Endpoints – Regional
      • You cannot create an endpoint between a VPC and an AWS service in a different region.
    • VPC Peering – Regional
      • VPC Peering can be performed across VPC in the same account of different AWS accounts but only within the same region. They cannot span across regions
    • Elastic IP Address – Regional
      • Elastic IP address created within the region can be assigned to instances within the region only
  • EC2
    • Resource Identifiers – Regional
      • Each resource identifier, such as an AMI ID, instance ID, EBS volume ID, or EBS snapshot ID, is tied to its region and can be used only in the region where you created the resource.
    • Instances – Availability Zone
      • An instance is tied to the Availability Zones in which you launched it. However, note that its instance ID is tied to the region.
    • EBS Volumes – Availability Zone
      • Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
    • EBS Snapshot – Regional
      • An EBS snapshot is tied to its region and can only be used to create volumes in the same region and has to be copied from One region to other if needed
    • AMIs – Regional
      • AMI provides templates to launch EC2 instances
      • AMI is tied to the Region where its files are located with Amazon S3. For using AMI in different regions, the AMI can be copied to other regions
    • Auto Scaling – Regional
      • Auto Scaling spans across multiple Availability Zones within the same region but cannot span across regions
    • Elastic Load Balancer – Regional
      • Elastic Load Balancer distributes traffic across instances in multiple Availability Zones in the same region
    • Placement Groups – Availability Zone
      • Placement groups can be span across Instances within the same Availability Zones
  • S3 – Global but Data is Regional
    • S3 buckets are created within the selected region
    • Objects stored are replicated across Availability Zones to provide high durability but are not cross region replicated unless done explicitly
  • Route53 – Global
    • Route53 services are offered at AWS edge locations and are global
  • DynamoDb – Regional
    • All data objects are stored within the same region and replicated across multiple Availability Zones in the same region
    • Data objects can be explicitly replicated across regions using cross-region replication
  • WAF – Global
    • Web Application Firewall (WAF) services protects web applications from common web exploits are offered at AWS edge locations and are global
  • CloudFront – Global
    • CloudFront is the global content delivery network (CDN) services are offered at AWS edge locations
  • Storage Gateway – Regional
    • AWS Storage Gateway stores volume, snapshot, and tape data in the AWS region in which the gateway is activated

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)
    1. Route 53 Record Sets
    2. IAM Roles
    3. Elastic IP Addresses (EIP) (are specific to a region)
    4. EC2 Key Pairs (are specific to a region)
    5. Launch configurations
    6. Security Groups (are specific to a region)
  2. When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers
    1. Amazon DynamoDB (already replicates across AZs)
    2. Amazon Elastic Compute Cloud (EC2)
    3. Amazon Elastic Load Balancing
    4. Amazon Simple Notification Service (SNS) (Global Managed Service)
    5. Amazon Simple Storage Service (S3) (Global Managed Service)

References

AWS Regions, Availability Zones and Edge Locations – Certification

AWS Regions & Availability Zones

Amazon Services are hosted in multiple locations world wide. Amazon provides the ability to place resources and data in multiple locations to improve performance, provide fault tolerance, high availability and cost optimization.

AWS Global Infrastructure

Regions

AWS provides customers with the flexibility to place instances and store data within multiple geographic regions called Region. Each region is an independent collection of AWS resources in a defined geography.

  • Each region is a separate geographic area and is completely independent
  • Each Amazon region is designed to be completely isolated from the other regions & helps achieve the greatest possible fault tolerance and stability
  • Communication between regions is across the public Internet and appropriate measures should be taken to protect the data using encryption
  • Data transfer between regions is charged at the Internet data transfer rate for both the sending and the receiving instance
  • Resources aren’t replicated across regions unless done explicitly

Selection of a Region can be driven from a lot of factors

  1. Latency – Regions can be selected to be closet to the targeted user base to reduce data latency
  2. Cost – AWS provides the same set of services across all regions, usually, however the cost would differ from region to region depending upon the cost (due to land, electricity, bandwidth etc) incurred by Amazon and hence can be cheaper in one region compared to the other
  3. Legal Compliance – Lot of the countries enforce compliance and regulatory requirements for data to reside within the region itself
  4. Features – As not all the regions provide all the AWS features and services, the region selection can depend on the Services supported by the region

Availability Zones

Each Region consists of multiple, isolated locations known as Availability Zones and each Availability Zone runs on its own physically distinct, independent infrastructure and is engineered to be highly reliable.

  • Each Region has multiple Availability Zones.
  • Each AZ is physically isolated from each other so that an uncommon disaster such as fire, earthquake would only affect a single AZ
  • AZs are geographically separated from each other, within the same region, and acts as an independent failure zone
  • AZs are redundantly connected to multiple tier-1 transit providers
  • AZs in a region are connected with low-latency private links and not through public internet
  • Multi-AZ, distribution of resources across multiple Availability Zones, feature can be used to distribute instances across multiple AZ to provide High Availability
  • AWS ensures that resources are distributed across the Availability Zones for a region by independently mapping Availability Zones to identifiers for each account. for e.g. us-east-1 region with us-east-1a AZ might not be the same location as us-east-1a AZ for another account. There’s no way for you to coordinate Availability Zones between accounts.

Edge Locations

  • Edge locations are locations maintained by AWS through a worldwide network of data centers for the distribution of content.
  • These locations are located in most of the major cities around the world and are used by CloudFront (CDN) to distribute content to end user to reduce latency.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below entioned statements will help George and Ray understand the availability zone (AZ) concept better?
    1. The instances of George and Ray will be running in the same data centre
    2. All the instances of George and Ray can communicate over a private IP with a minimal cost
    3. All the instances of George and Ray can communicate over a private IP without any cost
    4. us-east-1a region of George and Ray can be different availability zones