AWS Global vs Regional vs AZ resources

AWS Global, Regional, AZ resource Availability

  • AWS provides a lot of services and these services are either Global, Regional, or Availability Zone specific and cannot be accessed outside.
  • Most of the AWS-managed services are regional-based services with few exceptions being Global (e.g. IAM, Route53, CloudFront, etc) or AZ bound.

Global vs Regional vs AZ Resource locations

AWS Global vs Regional vs AZ

AWS Networking Services

  • Virtual Private Cloud
    • VPC – Regional
      • VPCs are created within a region
    • Subnet – Availability Zone
      • A subnet can span only a single Availability Zone
    • Security groups – Regional
      • A security group is tied to a region and can be assigned only to instances in the same region.
    • VPC Endpoints – Regional
      • VPC Gateway & Interface Endpoints cannot be created between a VPC and an AWS service in a different region.
    • VPC PeeringRegional
      • VPC Peering can be performed across VPC in the same account of different AWS accounts but only within the same region. They cannot span across regions
      • VPC Peering can now span inter-region
    • Elastic IP Address – Regional
      • Elastic IP addresses created within the region can be assigned to instances within the region only.
    • Elastic Network Interface – Availability Zone
  • Route 53Global
    • Route53 services are offered at AWS edge locations and are global
  • CloudFrontGlobal
    • CloudFront is the global content delivery network (CDN) services are offered at AWS edge locations
  • ELB, ALB, NLB, GWLB – Regional
    • Elastic Load Balancer distributes traffic across instances in multiple Availability Zones in the same region
    • Use Route 53 to route traffic to load balancers across regions.
  • Direct Connect Gateway – Global
    • is a globally available resource that can be created in any Region and accessed from all other Regions.
  • Transit Gateway – Regional
    • is a Regional resource and can connect VPCs within the same AWS Region.
    • Transit Gateway Peering can be used to attach TGWs across regions.
  • AWS Global Accelerator – Global
    • is a global service that supports endpoints in multiple AWS Regions.

AWS Compute Services

  • EC2
    • Resource Identifiers – Regional
      • Each resource identifier, such as an AMI ID, instance ID, EBS volume ID, or EBS snapshot ID, is tied to its region and can be used only in the region where you created the resource.
    • Instances – Availability Zone
      • An instance is tied to the Availability Zones in which you launched it. However, note that its instance ID is tied to the region.
    • EBS Volumes – Availability Zone
      • Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
    • EBS Snapshot – Regional
      • An EBS snapshot is tied to its region and can only be used to create volumes in the same region and has to be copied from one region to another if needed.
    • AMIs – Regional
      • AMI provides templates to launch EC2 instances
      • AMI is tied to the Region where its files are located with Amazon S3. For using AMI in different regions, the AMI can be copied to other regions
    • Auto Scaling – Regional
      • Auto Scaling spans across multiple Availability Zones within the same region but cannot span across regions
  • Cluster Placement GroupsAvailability Zone
    • Cluster Placement groups can span across Instances within the same Availability Zones
  • ECSRegional
  • ECRRegional
    • Images can be pushed/pulled within the same AWS Region.
    • Images can also be pulled between Regions or out to the internet with additional latency and data transfer costs.

AWS Storage Services

  • S3 – Global but Data is Regional
    • S3 buckets are created within the selected region
    • Objects stored are replicated across Availability Zones to provide high durability but are not cross-region replicated unless done explicitly.
    • S3 cross-region replication can be used to replicate data across regions.
  • DynamoDB – Regional
    • All data objects are stored within the same region and replicated across multiple Availability Zones in the same region
    • Data objects can be explicitly replicated across regions using cross-region replication
  • DynamoDB Global Tables – Across Regions
    • is a new multi-master, cross-region replication capability of DynamoDB to support data access locality and regional fault tolerance for database workloads
  • Storage Gateway – Regional
    • AWS Storage Gateway stores volume, snapshot, and tape data in the AWS region in which the gateway is activated

AWS Identity & Security Services

  • Identity Access Management – IAM
    • Users, Groups, Roles, Accounts – Global
      • Same AWS accounts, users, groups, and roles can be used in all regions
    • Key Pairs – Global or Regional
      • EC2 created key pairs are specific to the region
      • RSA key pair can be created and uploaded that can be used in all regions
  • Web Access Firewall – WAFGlobal
    • protect web applications from common web exploits and is offered at AWS edge locations globally.
  • AWS GuardDuty – Regional
    • findings remain in the same Regions where the underlying data was generated.
  • Amazon Detective – Regional
  • Amazon Inspector – Regional
  • Amazon Macie – Regional
    • must be enabled on a region-by-region basis and helps view findings across all the accounts within each Region.
    • verifies that all data analyzed is regionally based and doesn’t cross AWS regional boundaries.
  • AWS Security Hub – Regional.
    • supports cross-region aggregation of findings via the designation of an aggregator region.
  • AWS Migration Hub – Regional.
    • runs in a single home region, however, can collect data from all regions

AWS Management & Governance Tools

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)
    1. Route 53 Record Sets
    2. IAM Roles
    3. Elastic IP Addresses (EIP) (are specific to a region)
    4. EC2 Key Pairs (are specific to a region)
    5. Launch configurations
    6. Security Groups (are specific to a region)
  2. When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers
    1. Amazon DynamoDB (already replicates across AZs)
    2. Amazon Elastic Compute Cloud (EC2)
    3. Amazon Elastic Load Balancing
    4. Amazon Simple Notification Service (SNS) (Global Managed Service)
    5. Amazon Simple Storage Service (S3) (Global Managed Service)
  3. What is the scope of an EBS volume?
    1. VPC
    2. Region
    3. Placement Group
    4. Availability Zone
  4. What is the scope of AWS IAM?
    1. Global (IAM resources are all global; there is not regional constraint)
    2. Availability Zone
    3. Region
    4. Placement Group
  5. What is the scope of an EC2 EIP?
    1. Placement Group
    2. Availability Zone
    3. Region (An Elastic IP address is tied to a region and can be associated only with an instance in the same region. Refer link)
    4. VPC
  6. What is the scope of an EC2 security group?
    1. Availability Zone
    2. Placement Group
    3. Region (A security group is tied to a region and can be assigned only to instances in the same region)
    4. VPC

References

AWS Global Infrastructure

AWS Global Infrastructure

  • AWS Global Infrastructure enables Amazon Services to be hosted in multiple locations worldwide.
  • AWS Global Infrastructure provides the ability to place resources and data in multiple locations to improve performance, provide fault tolerance, high availability, and cost optimization.
  • AWS Global Infrastructure includes Regions, Availability Zones, Edge Locations, Regional Edge Caches, and Local Zones.

Regions

  • AWS allows customers to place instances and store data within multiple geographic regions called Region.
  • Each region
    • is an independent collection of AWS resources in a defined geography.
    • is a separate geographic area and is completely independent
    • is a physical location around the world with cluster data centers
    • is designed to be completely isolated from the other regions & helps achieve the greatest possible fault tolerance and stability
  • Inter-region communication is across the public Internet and appropriate measures should be taken to protect the data using encryption.
  • Data transfer between regions is charged at the Internet data transfer rate for both the sending and the receiving instances.
  • Resources aren’t replicated across regions unless done explicitly.
  • The selection of a Region can be driven by a lot of factors
    • Latency – Regions can be selected to be close to the targeted user base to reduce data latency
    • Cost – AWS provides the same set of services across all regions, usually, however, the cost would differ from region to region depending upon the cost (due to land, electricity, bandwidth, etc) incurred by Amazon and hence can be cheaper in one region compared to the other
    • Legal Compliance – A lot of the countries enforce compliance and regulatory requirements for data to reside within the region itself
    • Features – As not all the regions provide all the AWS features and services, the region selection can depend on the Services supported by the region

Availability Zones

  • Each Region consists of multiple, isolated locations known as Availability Zones and each Availability Zone runs on its own physically distinct, independent infrastructure and is engineered to be highly reliable.
  • Each Region has multiple, isolated Availability Zones (ranging from 2-6).
  • Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks.
  • Each AZ is physically isolated from the others so that an uncommon disaster such as fire, or earthquake would only affect a single AZ.
  • AZs are geographically separated from each other, within the same region, and act as an independent failure zone.
  • AZs are redundantly connected to multiple tier-1 transit providers.
  • All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs.
  • All traffic between AZs is encrypted.
  • Multi-AZ feature, distribution of resources across multiple AZs, can be used to distribute instances across multiple AZ to provide High Availability
  • AWS ensures that resources are distributed across the AZs for a region by independently mapping AZs to identifiers for each account. for e.g. us-east-1 region with us-east-1a AZ might not be the same location as us-east-1a AZ for another account. There’s no way for you to coordinate AZs between accounts.

Edge Locations

  • Edge locations are locations maintained by AWS through a worldwide network of data centers for the distribution of content.
  • Edge locations are connected to the AWS Regions through the AWS network backbone – fully redundant, multiple 100GbE parallel fiber that circles the globe and links with tens of thousands of networks for improved origin fetches and dynamic content acceleration.
  • These locations are located in most of the major cities around the world and are used by CloudFront (CDN) to distribute content to end-user to reduce latency.

AWS Local Zones

  • AWS Local Zones place compute, storage, database, and other select AWS services closer to end-users.
  • Local Zones allow running highly demanding applications that require single-digit millisecond latencies to the end-users such as media & entertainment content creation, real-time gaming, reservoir simulations, electronic design automation, and machine learning.
  • Each AWS Local Zone location is an extension of an AWS Region where latency-sensitive applications can be hosted. using AWS services such as EC2, VPC, EBS, File Storage, and ELB in geographic proximity to end-users.
  • AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region.
  • AWS Local Zones helps to seamlessly connect to the full range of services in the AWS Region such as S3 and DynamoDB through the same APIs and toolsets over AWS’s private and high bandwidth network backbone.

AWS Local Zones

AWS Wavelength

  • AWS Wavelength embeds AWS compute and storage services within 5G networks, providing mobile edge computing infrastructure for developing, deploying, and scaling ultra-low-latency applications.
  • AWS Wavelength helps seamlessly access the breadth of AWS services in the region.
  • AWS Wavelength brings AWS services to the edge of the 5G network, minimizing the latency to connect to an application from a mobile device.
  • Application traffic can reach application servers running in Wavelength Zones without leaving the mobile provider’s network reducing the extra network hops to the Internet that can result in latencies of more than 100 milliseconds, preventing customers from taking full advantage of the bandwidth and latency advancements of 5G.
  • AWS developers can deploy the applications to Wavelength Zones, which enables developers to build applications that deliver single-digit millisecond latencies to mobile devices and end-users.
  • AWS Wavelength helps deliver applications that require single-digit millisecond latencies such as game and live video streaming, machine learning inference at the edge, and augmented and virtual reality (AR/VR).
  • Wavelength Zones are not available in every Region.

AWS Wavelength Zones

AWS Outposts

  • AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises.
  • Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
  • Outposts provide the same AWS APIs, tools, and infrastructure across on-premises and AWS cloud to deliver a truly consistent hybrid experience
  • AWS operates, monitors, and manages this capacity as part of an AWS Region.
  • Outposts are designed for connected environments and can be used to support workloads that need to remain on-premises due to low latency or local data processing needs.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?
    1. The instances of George and Ray will be running in the same data centre.
    2. All the instances of George and Ray can communicate over a private IP with a minimal cost
    3. All the instances of George and Ray can communicate over a private IP without any cost
    4. us-east-1a region of George and Ray can be different availability zones (Refer linkAn Availability Zone is represented by a region code followed by a letter identifier; for example, us-east-1a. To ensure that resources are distributed across the Availability Zones for a region, we independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. There’s no way for you to coordinate Availability Zones between accounts.)

Reference

AWS_Global_Infrastructure