AWS Global vs Regional vs AZ resources

AWS Global, Regional, AZ resource Availability

AWS provides a lot of services and these services are either Global, Regional or specific to the Availability Zone and cannot be accessed outside. Most of the AWS managed services are regional based services (except for IAM, Route53, CloudFront, WAF etc).

Global vs Regional vs AZ Resource locations

AWS Global vs Regional vs AZ

  • IAM
    • Users, Groups, Roles, Accounts – Global
      • Same AWS accounts, users, groups and roles can be used in all regions
    • Key Pairs – Global or Regional
      • Amazon EC2 created key pairs are specific to the region
      • RSA key pair can be created and uploaded that can be used in all regions
  • Virtual Private Cloud
    • VPC – Regional
      • VPC are created within a region
    • Subnet – Availability Zone
      • Subnet can span only a single Availability Zone
    • Security groups – Regional
      • A security group is tied to a region and can be assigned only to instances in the same region.
    • VPC Endpoints – Regional
      • You cannot create an endpoint between a VPC and an AWS service in a different region.
    • VPC Peering – Regional
      • VPC Peering can be performed across VPC in the same account of different AWS accounts but only within the same region. They cannot span across regions
      • VPC Peering can now span inter-region
    • Elastic IP Address – Regional
      • Elastic IP address created within the region can be assigned to instances within the region only
  • EC2
    • Resource Identifiers – Regional
      • Each resource identifier, such as an AMI ID, instance ID, EBS volume ID, or EBS snapshot ID, is tied to its region and can be used only in the region where you created the resource.
    • Instances – Availability Zone
      • An instance is tied to the Availability Zones in which you launched it. However, note that its instance ID is tied to the region.
    • EBS Volumes – Availability Zone
      • Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
    • EBS Snapshot – Regional
      • An EBS snapshot is tied to its region and can only be used to create volumes in the same region and has to be copied from One region to other if needed
    • AMIs – Regional
      • AMI provides templates to launch EC2 instances
      • AMI is tied to the Region where its files are located with Amazon S3. For using AMI in different regions, the AMI can be copied to other regions
    • Auto Scaling – Regional
      • Auto Scaling spans across multiple Availability Zones within the same region but cannot span across regions
    • Elastic Load Balancer – Regional
      • Elastic Load Balancer distributes traffic across instances in multiple Availability Zones in the same region
    • Cluster Placement Groups – Availability Zone
      • Cluster Placement groups can be span across Instances within the same Availability Zones
  • S3 – Global but Data is Regional
    • S3 buckets are created within the selected region
    • Objects stored are replicated across Availability Zones to provide high durability but are not cross region replicated unless done explicitly
  • Route53 – Global
    • Route53 services are offered at AWS edge locations and are global
  • DynamoDb – Regional
    • All data objects are stored within the same region and replicated across multiple Availability Zones in the same region
    • Data objects can be explicitly replicated across regions using cross-region replication
  • WAF – Global
    • Web Application Firewall (WAF) services protects web applications from common web exploits are offered at AWS edge locations and are global
  • CloudFront – Global
    • CloudFront is the global content delivery network (CDN) services are offered at AWS edge locations
  • Storage Gateway – Regional
    • AWS Storage Gateway stores volume, snapshot, and tape data in the AWS region in which the gateway is activated

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)
    1. Route 53 Record Sets
    2. IAM Roles
    3. Elastic IP Addresses (EIP) (are specific to a region)
    4. EC2 Key Pairs (are specific to a region)
    5. Launch configurations
    6. Security Groups (are specific to a region)
  2. When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers
    1. Amazon DynamoDB (already replicates across AZs)
    2. Amazon Elastic Compute Cloud (EC2)
    3. Amazon Elastic Load Balancing
    4. Amazon Simple Notification Service (SNS) (Global Managed Service)
    5. Amazon Simple Storage Service (S3) (Global Managed Service)
  3. What is the scope of an EBS volume?
    1. VPC
    2. Region
    3. Placement Group
    4. Availability Zone
  4. What is the scope of AWS IAM?
    1. Global (IAM resources are all global; there is not regional constraint)
    2. Availability Zone
    3. Region
    4. Placement Group
  5. What is the scope of an EC2 EIP?
    1. Placement Group
    2. Availability Zone
    3. Region (An Elastic IP address is tied to a region and can be associated only with an instance in the same region. Refer link)
    4. VPC
  6. What is the scope of an EC2 security group?
    1. Availability Zone
    2. Placement Group
    3. Region (A security group is tied to a region and can be assigned only to instances in the same region)
    4. VPC


25 thoughts on “AWS Global vs Regional vs AZ resources

    1. Elastic load balancing needs you to add subnets in all availability zones, that need to be supported, so that it can route requests to. Rest are either global or taken care by AWS itself.

    1. S3 is a global service, I have marked it regional in terms of data hosting. Updated the text to make it clearer
      When you create a bucket you have to specify the region. Also, the data is replicated within the same region. You have to exclusively perform a cross region replication.

    2. It has a global name space, but it’s a regional service. You can access your data only in one region. The name has to be unique globally.

    3. S3 is a global service but objects are stored in S3 are region-specific, but you can access the data in S3 from Globally

    1. Thanks Rick, security groups are created and used within VPC, but it can be used within peered VPC as well.
      Refer AWS documentation –

      A security group is tied to a region and can be assigned only to instances in the same region. You can't enable an instance to communicate with an instance outside its region using security group rules. Traffic from an instance in another region is seen as WAN bandwidth.

  1. Hi Jayendra,

    Your Blog is Awesome to prepare for AWS Certifications. Currenlty i am preparing for AWS SA Pro.

    In VPC Peering topic, Currenlty inter region VPC Peering is Supported. So Could you update your blog?

  2. For Q #6 – “What is the scope of an EC2 security group?” The answer should be VPC and not Region. When you create a security-group, AWS asks you to specify the VPC for which it applies. Also, you can create multiple VPCs within the same region but cannot use a Security Group from 1 VPC for instances in another VPC in the same region.

    1. Thanks Swapnil. Agreed to the comment. But the grouping here is primarily between Global, Regional and AZs.
      A VPC is within a region and spans across multiple AZs. Also Security group can span across Peered VPCs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.