Availability Zone

AWS Global vs Regional vs AZ Resources

~ Last updated on : ~ jayendrapatil ~ 25 Comments

AWS Global, Regional, AZ resource Availability

  • AWS provides a lot of services and these services are either Global, Regional, or Availability Zone specific and cannot be accessed outside.
  • Most of the AWS-managed services are regional-based services with few exceptions being Global (e.g. IAM, Route53, CloudFront, etc) or AZ bound.

Global vs Regional vs AZ Resource locations

AWS Global vs Regional vs AZ

AWS Networking Services

  • Virtual Private Cloud
    • VPC – Regional
      • VPCs are created within a region
    • Subnet – Availability Zone
      • A subnet can span only a single Availability Zone
    • Security groups – Regional
      • A security group is tied to a region and can be assigned only to instances in the same region.
    • VPC Endpoints – Regional (with Cross-Region Support – Nov 2025)
      • VPC Gateway Endpoints cannot be created between a VPC and an AWS service in a different region.
      • VPC Interface Endpoints (PrivateLink) now support cross-region connectivity (announced November 2025)
        • Interface endpoints can connect to AWS services in other regions within the same AWS partition
        • Interface endpoints can connect to VPC endpoint services in other regions
        • Traffic remains on AWS backbone and does not traverse public internet
        • Cross-region connectivity available within same AWS partition only (Commercial, GovCloud, China)
    • VPC PeeringRegional
      • VPC Peering can be performed across VPC in the same account of different AWS accounts but only within the same region. They cannot span across regions
      • VPC Peering can now span inter-region
    • Elastic IP Address – Regional
      • Elastic IP addresses created within the region can be assigned to instances within the region only.
    • Elastic Network Interface – Availability Zone
  • Route 53Global
    • Route53 services are offered at AWS edge locations and are global
    • Route 53 Global Resolver (GA March 2026) – internet-reachable anycast DNS resolver available across 30 AWS Regions
      • Provides DNS resolution for authorized clients from any location
      • Supports both IPv4 and IPv6 DNS query traffic
      • Includes DNS query filtering, encrypted queries, and centralized logging
  • CloudFrontGlobal
    • CloudFront is the global content delivery network (CDN) services are offered at AWS edge locations
  • ELB, ALB, NLB, GWLB – Regional
    • Elastic Load Balancer distributes traffic across instances in multiple Availability Zones in the same region
    • Use Route 53 to route traffic to load balancers across regions.
  • Direct Connect Gateway – Global
    • is a globally available resource that can be created in any Region and accessed from all other Regions.
  • Transit Gateway – Regional
    • is a Regional resource and can connect VPCs within the same AWS Region.
    • Transit Gateway Peering can be used to attach TGWs across regions.
  • AWS Global Accelerator – Global
    • is a global service that supports endpoints in multiple AWS Regions.
  • AWS VPC Lattice – Regional
    • is a Regional service that simplifies service-to-service connectivity, security, and monitoring.

AWS Compute Services

  • EC2
    • Resource Identifiers – Regional
      • Each resource identifier, such as an AMI ID, instance ID, EBS volume ID, or EBS snapshot ID, is tied to its region and can be used only in the region where you created the resource.
    • Instances – Availability Zone
      • An instance is tied to the Availability Zones in which you launched it. However, note that its instance ID is tied to the region.
    • EBS Volumes – Availability Zone
      • Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
    • EBS Snapshot – Regional
      • An EBS snapshot is tied to its region and can only be used to create volumes in the same region and has to be copied from one region to another if needed.
    • AMIs – Regional
      • AMI provides templates to launch EC2 instances
      • AMI is tied to the Region where its files are located with Amazon S3. For using AMI in different regions, the AMI can be copied to other regions
    • Auto Scaling – Regional
      • Auto Scaling spans across multiple Availability Zones within the same region but cannot span across regions
  • Cluster Placement GroupsAvailability Zone
    • Cluster Placement groups can span across Instances within the same Availability Zones
  • ECSRegional
  • ECRRegional
    • Images can be pushed/pulled within the same AWS Region.
    • Images can also be pulled between Regions or out to the internet with additional latency and data transfer costs.
  • AWS Lambda – Regional
    • Lambda functions are deployed in a specific AWS Region.
    • Lambda@Edge runs at CloudFront edge locations globally.
  • AWS Fargate – Regional
    • Fargate is a serverless compute engine for containers (ECS/EKS) deployed in a specific AWS Region.
  • AWS App Runner – Regional
    • App Runner is a fully managed service for deploying containerized web applications and APIs in a specific AWS Region.
  • AWS Step Functions – Regional
    • Step Functions workflows (both Standard and Express) are created in a specific AWS Region.

AWS Storage Services

  • S3 – Global but Data is Regional
    • S3 buckets are created within the selected region
    • Objects stored are replicated across Availability Zones to provide high durability but are not cross-region replicated unless done explicitly.
    • S3 cross-region replication can be used to replicate data across regions.
    • S3 Account Regional Namespaces (March 2026) – buckets can now be created in account-regional namespaces
      • Eliminates the need for globally unique bucket names
      • Bucket names only need to be unique within the account’s regional namespace
      • Enables predictable bucket names across multiple AWS Regions
      • SCPs and IAM policies can enforce namespace usage across organizations
  • DynamoDB – Regional
    • All data objects are stored within the same region and replicated across multiple Availability Zones in the same region
    • Data objects can be explicitly replicated across regions using cross-region replication
  • DynamoDB Global Tables – Across Regions
    • is a new multi-master, cross-region replication capability of DynamoDB to support data access locality and regional fault tolerance for database workloads
  • Storage Gateway – Regional
    • AWS Storage Gateway stores volume, snapshot, and tape data in the AWS region in which the gateway is activated

AWS Identity & Security Services

  • Identity Access Management – IAM
    • Users, Groups, Roles, Accounts – Global
      • Same AWS accounts, users, groups, and roles can be used in all regions
    • Key Pairs – Global or Regional
      • EC2 created key pairs are specific to the region
      • RSA key pair can be created and uploaded that can be used in all regions
    • IAM Identity Center – Regional (with Multi-Region Replication – Feb 2026)
      • IAM Identity Center is deployed in a primary AWS Region
      • Supports multi-region replication (February 2026) for account access and application use
      • In case of primary region disruption, workforce can access AWS accounts through the access portal in a replicated region
  • Web Access Firewall – WAFRegional (with Global for CloudFront)
    • WAF protects web applications from common web exploits.
    • For CloudFront distributions: WAF Web ACLs must be created in US East (N. Virginia) / us-east-1 region (also shown as “Global (CloudFront)” in console)
    • For regional resources (ALB, API Gateway, AppSync, etc.): WAF Web ACLs must be created in the same region as the protected resource
    • A Web ACL associated with CloudFront cannot be associated with other AWS resource types
  • AWS GuardDuty – Regional
    • findings remain in the same Regions where the underlying data was generated.
  • Amazon Detective – Regional
  • Amazon Inspector – Regional
  • Amazon Macie – Regional
    • must be enabled on a region-by-region basis and helps view findings across all the accounts within each Region.
    • verifies that all data analyzed is regionally based and doesn’t cross AWS regional boundaries.
  • AWS Security Hub – Regional.
    • supports cross-region aggregation of findings via the designation of an aggregator region.
  • AWS Migration Hub – Regional.
    • runs in a single home region, however, can collect data from all regions

AWS Management & Governance Tools

  • AWS Config – Regional
  • AWS Service Catalog – Regional
  • AWS CloudFormation – Regional
    • CloudFormation stacks are created in a specific region
    • StackSets can deploy stacks across multiple regions
  • AWS Systems Manager – Regional
    • Systems Manager resources are regional
    • Can manage resources across multiple regions from a single console

AWS Application Integration Services

  • Amazon EventBridge – Regional (with Global Endpoints)
    • Event buses are regional resources
    • Global endpoints (announced April 2022) allow automatic failover to secondary region
    • Can route events cross-region
  • Amazon EventBridge Scheduler – Regional
    • Schedules are created in a specific AWS Region
  • Amazon EventBridge Pipes – Regional
    • Pipes are regional resources for point-to-point integrations
  • Amazon SQS – Regional
    • Queues are created in a specific AWS Region
  • Amazon SNS – Regional
    • Topics are created in a specific AWS Region

AWS Security & Authorization Services

  • Amazon Verified Permissions – Regional
    • Policy stores are created in a specific AWS Region
    • Provides fine-grained authorization for applications
  • AWS Secrets Manager – Regional
    • Secrets are stored in a specific AWS Region
    • Can replicate secrets to other regions
  • AWS Certificate Manager (ACM) – Regional (with Global for CloudFront)
    • Certificates for regional resources (ALB, API Gateway) must be in the same region
    • Certificates for CloudFront must be in us-east-1

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)
    1. Route 53 Record Sets
    2. IAM Roles
    3. Elastic IP Addresses (EIP) (are specific to a region)
    4. EC2 Key Pairs (are specific to a region)
    5. Launch configurations
    6. Security Groups (are specific to a region)
  2. When using the following AWS services, which should be implemented in multiple Availability Zones for high availability solutions? Choose 2 answers
    1. Amazon DynamoDB (already replicates across AZs)
    2. Amazon Elastic Compute Cloud (EC2)
    3. Amazon Elastic Load Balancing
    4. Amazon Simple Notification Service (SNS) (Global Managed Service)
    5. Amazon Simple Storage Service (S3) (Global Managed Service)
  3. What is the scope of an EBS volume?
    1. VPC
    2. Region
    3. Placement Group
    4. Availability Zone
  4. What is the scope of AWS IAM?
    1. Global (IAM resources are all global; there is not regional constraint)
    2. Availability Zone
    3. Region
    4. Placement Group
  5. What is the scope of an EC2 EIP?
    1. Placement Group
    2. Availability Zone
    3. Region (An Elastic IP address is tied to a region and can be associated only with an instance in the same region. Refer link)
    4. VPC
  6. What is the scope of an EC2 security group?
    1. Availability Zone
    2. Placement Group
    3. Region (A security group is tied to a region and can be assigned only to instances in the same region)
    4. VPC
  7. A company needs to deploy AWS WAF to protect their Application Load Balancer in the eu-west-1 region. In which region should they create the WAF Web ACL?
    1. us-east-1 (Global)
    2. eu-west-1 (same region as ALB)
    3. Any region
    4. WAF is global and doesn’t require region selection
  8. A company wants to use Interface VPC endpoints to access DynamoDB in a different AWS region privately. Is this possible? (Assume November 2025 or later)
    1. No, VPC endpoints cannot span regions
    2. Yes, Interface VPC endpoints now support cross-region connectivity within the same AWS partition
    3. Yes, but only with Gateway VPC endpoints
    4. Yes, but only within the same Availability Zone
  9. Which of the following AWS services are truly global and do NOT require region selection? (Choose 3)
    1. IAM
    2. Route 53
    3. Lambda
    4. CloudFront
    5. EC2
    6. DynamoDB
  10. A company is deploying AWS Step Functions workflows for their application. What is the scope of Step Functions?
    1. Global
    2. Regional
    3. Availability Zone
    4. Multi-Region by default
  11. A company needs to deploy ACM certificates for both CloudFront and Application Load Balancer in eu-west-1. Where should they create the certificates?
    1. Both in us-east-1
    2. Both in eu-west-1
    3. CloudFront certificate in us-east-1, ALB certificate in eu-west-1
    4. Certificates are global and can be created in any region
  12. A company wants to use the same S3 bucket name across multiple AWS Regions for different environments. Using S3 Account Regional Namespaces (March 2026), is this possible?
    1. No, S3 bucket names must still be globally unique
    2. Yes, account regional namespaces allow the same bucket name to be used across different regions within the same account
    3. Yes, but only with S3 Directory Buckets
    4. No, bucket names are unique per account regardless of region

References

AWS Regions, Availability Zones, Local Zones & Edge Locations

~ Last updated on : ~ jayendrapatil ~ 8 Comments

AWS Global Infrastructure

  • AWS Global Infrastructure enables Amazon Services to be hosted in multiple locations worldwide.
  • AWS Global Infrastructure provides the ability to place resources and data in multiple locations to improve performance, provide fault tolerance, high availability, and cost optimization.
  • AWS Global Infrastructure includes Regions, Availability Zones, Edge Locations, Regional Edge Caches, Local Zones, Wavelength Zones, and Dedicated Local Zones.
  • As of 2026, the AWS Cloud spans 39 Geographic Regions with 123 Availability Zones, 750+ Points of Presence (Edge Locations), 13 Regional Edge Caches, 30+ Local Zones, and 30+ Wavelength Zones.
  • AWS has announced plans for 7 more Availability Zones and 2 more AWS Regions in the Kingdom of Saudi Arabia and Chile.

Regions

  • AWS allows customers to place instances and store data within multiple geographic regions called Region.
  • Each region
    • is an independent collection of AWS resources in a defined geography.
    • is a separate geographic area and is completely independent
    • is a physical location around the world with cluster data centers
    • is designed to be completely isolated from the other regions & helps achieve the greatest possible fault tolerance and stability
    • consists of at least three physically separate Availability Zones (AZs), with independent power infrastructure, cooling systems, network connectivity, and security systems
  • Inter-region communication is across the public Internet and appropriate measures should be taken to protect the data using encryption.
  • Data transfer between regions is charged at the Internet data transfer rate for both the sending and the receiving instances.
  • Resources aren’t replicated across regions unless done explicitly.
  • The selection of a Region can be driven by a lot of factors
    • Latency – Regions can be selected to be close to the targeted user base to reduce data latency
    • Cost – AWS provides the same set of services across all regions, usually, however, the cost would differ from region to region depending upon the cost (due to land, electricity, bandwidth, etc) incurred by Amazon and hence can be cheaper in one region compared to the other
    • Legal Compliance – A lot of the countries enforce compliance and regulatory requirements for data to reside within the region itself
    • Features – As not all the regions provide all the AWS features and services, the region selection can depend on the Services supported by the region

Recently Launched Regions (2024-2025)

  • Asia Pacific (Malaysia) – ap-southeast-5 (August 2024)
  • Canada West (Calgary) – ca-west-1 (2024)
  • Asia Pacific (Thailand) – ap-southeast-7 (January 2025)
  • Mexico (Central) – mx-central-1 (January 2025)
  • Asia Pacific (Taipei) – ap-east-2 (June 2025)
  • Asia Pacific (New Zealand) – ap-southeast-6 (September 2025)

Availability Zones

  • Each Region consists of multiple, isolated locations known as Availability Zones and each Availability Zone runs on its own physically distinct, independent infrastructure and is engineered to be highly reliable.
  • Each Region has at least three isolated Availability Zones (ranging from 3-6).
  • Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks.
  • Each AZ is physically isolated from the others so that an uncommon disaster such as fire, or earthquake would only affect a single AZ.
  • AZs are geographically separated from each other, within the same region, and act as an independent failure zone.
  • AZs are redundantly connected to multiple tier-1 transit providers.
  • All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs.
  • All traffic between AZs is encrypted.
  • Multi-AZ feature, distribution of resources across multiple AZs, can be used to distribute instances across multiple AZ to provide High Availability
  • AWS ensures that resources are distributed across the AZs for a region by independently mapping AZs to identifiers for each account. for e.g. us-east-1 region with us-east-1a AZ might not be the same location as us-east-1a AZ for another account.
  • To coordinate AZs across accounts, use AZ IDs (e.g., use1-az1), which are unique and consistent identifiers for an Availability Zone across all AWS accounts. AZ IDs can be viewed in the AWS Resource Access Manager (RAM) console.

Edge Locations

  • Edge locations are locations maintained by AWS through a worldwide network of data centers for the distribution of content.
  • AWS operates 750+ Points of Presence (Edge Locations) and 13 Regional Edge Caches in 100+ cities across 50+ countries.
  • Edge locations are connected to the AWS Regions through the AWS network backbone – fully redundant, multiple 100GbE parallel fiber that circles the globe and links with tens of thousands of networks for improved origin fetches and dynamic content acceleration.
  • These locations are located in most of the major cities around the world and are used by CloudFront (CDN) to distribute content to end-user to reduce latency.
  • Edge Locations are also used by services such as Route 53, AWS Shield, AWS WAF, and AWS Global Accelerator.

CloudFront Embedded Points of Presence (Embedded POPs)

  • Embedded POPs are a new type of CloudFront infrastructure (launched February 2024) deployed directly in the last mile of ISP and mobile network operator (MNO) networks.
  • CloudFront has 600+ embedded POPs deployed across 200+ cities globally.
  • Embedded POPs are custom-built to deliver large-scale live-stream video, video-on-demand (VOD), and game downloads.
  • Embedded POPs provide highly scaled capacity for peak traffic events and enable higher quality streaming closer to end viewers.

AWS Local Zones

  • AWS Local Zones are infrastructure deployments that extend core AWS services—compute, storage, networking, analytics, AI/ML, and database—to more metros worldwide.
  • With 30+ locations across six continents, AWS Local Zones deliver the performance, security, and reliability of AWS closer to end users and workloads.
  • Local Zones allow running highly demanding applications that require single-digit millisecond latencies to the end-users such as media & entertainment content creation, real-time gaming, reservoir simulations, electronic design automation, and machine learning.
  • Each AWS Local Zone location is an extension of an AWS Region where latency-sensitive applications can be hosted using AWS services such as EC2, VPC, EBS, File Storage, and ELB in geographic proximity to end-users.
  • AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region.
  • AWS Local Zones help seamlessly connect to the full range of services in the AWS Region such as S3 and DynamoDB through the same APIs and toolsets over AWS’s private and high bandwidth network backbone.
  • Additional services available in select Local Zones include Amazon FSx, Amazon EMR, Amazon ElastiCache, NAT Gateways, AWS Batch, Amazon SageMaker, Amazon Bedrock, Amazon S3, and Amazon RDS.
  • Local Zones must be explicitly enabled (opted-in) before you can use them.

AWS Local Zones

AWS Dedicated Local Zones

  • AWS Dedicated Local Zones (launched 2023) are a type of AWS infrastructure that is fully managed by AWS, built for exclusive use by a customer or community, and placed in a customer-specified location or data center.
  • Dedicated Local Zones are designed to help customers comply with regulatory and digital sovereignty requirements while leveraging the benefits of AWS cloud services.
  • Dedicated Local Zones offer the same benefits of AWS Local Zones, such as elasticity, scalability, and pay-as-you-go pricing, with added security and governance features.
  • They can be operated by local AWS personnel and support compute, storage, database, containers, and other services for local processing.
  • Key use cases include public sector, regulated industries (telecom, finance, healthcare), and organizations with strict data residency requirements.
  • Dedicated Local Zones support EBS Local Snapshots for data residency within the zone.

AWS Wavelength

  • AWS Wavelength embeds AWS compute and storage services within 5G networks, providing mobile edge computing infrastructure for developing, deploying, and scaling ultra-low-latency applications.
  • AWS Wavelength helps seamlessly access the breadth of AWS services in the region.
  • AWS Wavelength brings AWS services to the edge of the 5G network, minimizing the latency to connect to an application from a mobile device.
  • Application traffic can reach application servers running in Wavelength Zones without leaving the mobile provider’s network, reducing the extra network hops to the Internet that can result in latencies of more than 100 milliseconds.
  • AWS developers can deploy applications to Wavelength Zones, enabling single-digit millisecond latencies to mobile devices and end-users.
  • AWS Wavelength helps deliver applications that require single-digit millisecond latencies such as game and live video streaming, machine learning inference at the edge, and augmented and virtual reality (AR/VR).
  • AWS Wavelength also supports data residency, low-latency, and resiliency requirements with sovereign-by-design architecture built on the AWS Nitro System.
  • AWS Wavelength Zones are available with telecom partners globally, with 30+ Wavelength Zones across multiple countries including the US, Europe, Asia, and Africa.
  • Wavelength Zones are not available in every Region.
  • Wavelength Zones support EC2 instance families including T3, R5, M5, C5, and G4.

AWS Wavelength Zones

AWS Outposts

  • AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises.
  • Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
  • Outposts provide the same AWS APIs, tools, and infrastructure across on-premises and AWS cloud to deliver a truly consistent hybrid experience.
  • AWS operates, monitors, and manages this capacity as part of an AWS Region.
  • Outposts are designed for connected environments and can be used to support workloads that need to remain on-premises due to low latency or local data processing needs.

Second-Generation AWS Outposts Racks (2025)

  • AWS launched second-generation Outposts racks in April 2025 with significant improvements over first-generation.
  • Second-generation racks support the latest x86-powered EC2 instances (C7i, M7i, R7i) providing up to 40% better performance compared to C5, M5, R5 instances on first-generation racks.
  • C8i, M8i, and R8i instances are also available, delivering 20% better performance and 2.5x more memory bandwidth.
  • New features include simplified network scaling and configuration, and accelerated networking instances for ultra-low latency workloads.
  • Support for multiple local gateway (LGW) routing domains enables network segmentation using both customer-owned IP (CoIP) and direct VPC routing (DVR) modes on the same Outpost.
  • Satellite Resiliency for AWS Outposts (announced re:Invent 2024) provides a Partner-managed solution for resilient cloud-connected edge computing in remote and geographically dispersed environments.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?
    1. The instances of George and Ray will be running in the same data centre.
    2. All the instances of George and Ray can communicate over a private IP with a minimal cost
    3. All the instances of George and Ray can communicate over a private IP without any cost
    4. us-east-1a region of George and Ray can be different availability zones (Refer link. An Availability Zone is represented by a region code followed by a letter identifier; for example, us-east-1a. To ensure that resources are distributed across the Availability Zones for a region, we independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. To coordinate AZs between accounts, use AZ IDs (e.g., use1-az1) which are consistent across accounts.)
  2. A company needs to deploy an application with ultra-low latency to mobile users on a 5G network. Which AWS infrastructure option should they use?
    1. AWS Local Zones
    2. AWS Wavelength
    3. AWS Outposts
    4. AWS Edge Locations
  3. An organization must ensure that their cloud infrastructure is exclusively dedicated to them and located in their own data center to meet strict regulatory requirements. Which AWS solution addresses this need?
    1. AWS Local Zones
    2. AWS Wavelength
    3. AWS Dedicated Local Zones
    4. AWS Outposts
  4. Which of the following is the correct minimum number of Availability Zones per AWS Region?
    1. 1
    2. 2
    3. 3
    4. 4
  5. A company wants to serve cached content from infrastructure deployed directly within ISP networks to reduce latency for video streaming. Which CloudFront feature supports this?
    1. Regional Edge Caches
    2. Lambda@Edge
    3. CloudFront Embedded Points of Presence (Embedded POPs)
    4. CloudFront Functions
  6. To identify and coordinate the same physical Availability Zone location across multiple AWS accounts, which identifier should be used?
    1. AZ Name (e.g., us-east-1a)
    2. AZ ID (e.g., use1-az1)
    3. Region Code (e.g., us-east-1)
    4. Account ID

Reference