AWS Global Infrastructure
AWS Global Infrastructure
│
├── Regions (geographic areas)
│ ├── Availability Zones (isolated data centers)
│
├── Edge Locations (CDN caching)
│
├── Local Zones (near cities)
│
├── Wavelength Zones (in telecom 5G networks)
│
└── Outposts (AWS on-premises)
Regions:
What it is: A Region is a geographic area where AWS has multiple Availability Zones (AZs). Each region is independent for security, compliance, and fault isolation.
Example:
us-east-1→ Northern Virginia, USAeu-west-2→ London, UK
Key Facts:
Regions are physically separated (hundreds of miles apart in some cases).
Each region has its own pricing and services (some services aren’t available in all regions).
You choose a region based on:
Latency → closer to your users = faster.
Compliance → e.g., GDPR in Europe.
Cost → some regions are cheaper than others.
Pro Tip (Portfolio Worthy): Keep multi-region architecture diagrams in your portfolio showing disaster recovery with Route 53 failover.
Availability Zones (AZs)
What it is: An AZ is one or more data centers within a region, each with independent power, cooling, and networking.
Example:
us-east-1a,us-east-1b,us-east-1cAll in the same region but physically separate.
Why it matters: If one AZ goes down (power outage, fire, fiber cut), others in the region stay up. AWS recommends running workloads in at least 2 AZs for High Availability.
Real-world analogy: Think of a region as a city, and each AZ as a separate neighborhood with its own power grid.
Edge Locations
What it is: Small AWS data centers close to users for low-latency content delivery. Used by Amazon CloudFront (CDN) to cache data.
Example:
You’re in London → CloudFront delivers your web content from a London edge location instead of waiting for it from
us-east-1.
Why it matters: Improves speed for users around the world.
Local Zones
What it is: AWS infrastructure close to large cities to run low-latency workloads. Connects back to the parent region for full AWS service access.
Example:
AWS Los Angeles Local Zone for video editing studios needing ultra-low latency.
Wavelength Zones
What it is: AWS infrastructure embedded in 5G telecom networks for ultra-low latency mobile apps.
Example: Gaming, AR/VR apps with milliseconds latency.
Outposts
What it is: AWS hardware racks installed in your own data center to run AWS services on-premises but connected to AWS Cloud.
Key Points :
Always multi-AZ for critical workloads.
Use multi-region for disaster recovery.
Leverage edge locations for global performance.
Place compute close to data to reduce latency and cost.
Use private connectivity (AWS Direct Connect) for secure, high-speed enterprise links.
Always multi-AZ for critical workloads.
Use multi-region for disaster recovery.
Leverage edge locations for global performance.
Place compute close to data to reduce latency and cost.
Use private connectivity (AWS Direct Connect) for secure, high-speed enterprise links.
AWS Global Accelerator
What it is: A networking service that improves global application availability and performance by routing traffic through AWS’s global backbone network.
How it works:
You get static Anycast IPs (public).
User traffic enters the nearest AWS edge location.
AWS then routes it through its private backbone to the nearest healthy AWS Region endpoint.
Is it part of AWS Regional Infrastructure?
Not exactly. Here’s why
Region vs Global Services
Most AWS services are regional (e.g., EC2, RDS, S3 buckets live in a region).
Some are global services (e.g., IAM, Route 53, CloudFront, Global Accelerator).
Global Accelerator belongs to the global networking layer, not a single region.
It spans multiple AWS regions.
Its static IPs are global and don’t change if you switch regions.
However, the endpoints it routes to (EC2, ALB, NLB, etc.) are regional.
In short:
Global Accelerator = Global networking service.
It sits above AWS regional infrastructure and connects users to regional endpoints through AWS’s private network.
AWS Regional vs. Global Services
Regional Services
Definition: Operate within a specific AWS Region and are isolated from other regions.
Key Characteristics:
Data Residency: Data and resources are confined to a single region.
Availability Zones: Utilize multiple Availability Zones within the region for high availability.
Examples: Amazon EC2, Amazon RDS, Amazon S3 (buckets), Amazon VPC.
Global Services
Definition: Span across all AWS Regions and are not confined to a single region.
Key Characteristics:
Global Reach: Accessible from any region, often with a global endpoint.
Control Plane: Some have a centralized control plane in a specific region (e.g., IAM in
us-east-1), but their data planes are global.Examples: Amazon CloudFront, AWS IAM, Amazon Route 53.
AWS Regional Services
Definition:
Services that exist inside a single AWS Region.
Data, resources, and endpoints are region-specific.
You must choose a region when creating or using them.
Isolation: If one region has an outage, other regions are unaffected.
Key Points:
Supports high availability within a region (with Availability Zones).
Can be made public or private, depending on configuration.
Compute
EC2
Private if no public IP; public if you assign one or behind ALB/NLB
Compute
ECS / EKS
Private if tasks/pods are in private subnets
Storage
S3 (regional bucket)
Can restrict to VPC endpoint (private) or public via internet
Storage
EBS
Private (inside VPC)
Databases
RDS / Aurora / DynamoDB
Can be public or private depending on subnet
Networking
VPC
Private by default
Networking
Elastic Load Balancer (ALB/NLB)
Public if internet-facing; private if internal
Security
KMS
Regional; can be accessed privately via VPC endpoint
Security
Secrets Manager
Regional; private via VPC endpoint
Analytics
EMR, Redshift
Regional; endpoints can be private/public
Application
CloudWatch, CloudTrail
Regional logs, metrics; API can be public
AWS Global Services
Definition:
Services that span all regions automatically.
No need to choose a single region.
Manage users, policies, or traffic globally.
Often internet-facing or globally accessible, but can interact with private regional resources.
Key Points:
Typically used for identity, DNS, traffic routing, content delivery, global acceleration.
Not tied to Availability Zones or regional resources, but they integrate with them.
Identity
IAM
Global; manages users/roles across all regions
Identity
AWS Organizations
Global; account management across regions
Networking
Route 53
Public DNS service; global routing
Networking
CloudFront
Public CDN; caches content globally
Networking
Global Accelerator
Public static IPs; routes to regional endpoints
Security
AWS WAF (CloudFront or ALB)
Global rules for web apps
Security
AWS Shield Advanced
Global DDoS protection
Monitoring
CloudTrail (multi-region)
Logs can be centralized globally
Application
SNS (can be global topic)
Public APIs by default
Application
Cognito
User pools are global, app integration is region-specific
Hybrid / Special Cases
Some services can be both regional and global depending on usage:
S3
Bucket is regional; objects can be accessed globally if public
Lambda
Functions live in a region; API Gateway endpoint can be global
API Gateway
Regional endpoints (default) or edge-optimized (global via CloudFront)
DynamoDB
Tables are regional; Global Tables replicate across regions
Why this Matters
Architecture Decisions: Regional for isolated workloads; global for identity, DNS, CDN.
Disaster Recovery: Regional = replicate manually; Global = automatically accessible.
Security: Regional services can be private in VPC; global services often require IAM policies for access control.
Latency & Performance: Use global services (CloudFront, Global Accelerator) to reduce latency worldwide.
Last updated