# AWS Global Infrastructure

```
AWS Global Infrastructure
│
├── Regions (geographic areas)
│   ├── Availability Zones (isolated data centers)
│
├── Edge Locations (CDN caching)
│
├── Local Zones (near cities)
│
├── Wavelength Zones (in telecom 5G networks)
│
└── Outposts (AWS on-premises)


```

## <https://aws.amazon.com/about-aws/global-infrastructure/regions_az/>

## **Regions:**&#x20;

What it is: A Region is a geographic area where AWS has multiple Availability Zones (AZs).\
Each region is independent for security, compliance, and fault isolation.

Example:

* `us-east-1` → Northern Virginia, USA
* `eu-west-2` → London, UK

Key Facts:

* Regions are physically separated (hundreds of miles apart in some cases).
* Each region has its own pricing and services (some services aren’t available in all regions).
* You choose a region based on:
  * Latency → closer to your users = faster.
  * Compliance → e.g., GDPR in Europe.
  * Cost → some regions are cheaper than others.

Pro Tip (Portfolio Worthy):\
Keep multi-region architecture diagrams in your portfolio showing disaster recovery with Route 53 failover.

## **Availability Zones (AZs)**

What it is: An AZ is one or more data centers within a region, each with independent power, cooling, and networking.

Example:

* `us-east-1a`, `us-east-1b`, `us-east-1c`
* All in the same region but physically separate.

Why it matters: If one AZ goes down (power outage, fire, fiber cut), others in the region stay up.\
AWS recommends running workloads in at least 2 AZs for High Availability.

Real-world analogy:\
Think of a region as a city, and each AZ as a separate neighborhood with its own power grid.

## **Edge Locations**

What it is: Small AWS data centers close to users for low-latency content delivery.\
Used by Amazon CloudFront (CDN) to cache data.

Example:

* You’re in London → CloudFront delivers your web content from a London edge location instead of waiting for it from `us-east-1`.

Why it matters: Improves speed for users around the world.

## **Local Zones**

What it is: AWS infrastructure close to large cities to run low-latency workloads.\
Connects back to the parent region for full AWS service access.

Example:

* AWS Los Angeles Local Zone for video editing studios needing ultra-low latency.

## **Wavelength Zones**

What it is: AWS infrastructure embedded in 5G telecom networks for ultra-low latency mobile apps.

Example:\
Gaming, AR/VR apps with milliseconds latency.

## **Outposts**

What it is: AWS hardware racks installed in your own data center to run AWS services on-premises but connected to AWS Cloud.

<mark style="color:red;">**Key Points :**</mark>

* Always multi-AZ for critical workloads.
* Use multi-region for disaster recovery.
* Leverage edge locations for global performance.
* Place compute close to data to reduce latency and cost.
* Use private connectivity (AWS Direct Connect) for secure, high-speed enterprise links.
* Always multi-AZ for critical workloads.
* Use multi-region for disaster recovery.
* Leverage edge locations for global performance.
* Place compute close to data to reduce latency and cost.
* Use private connectivity (AWS Direct Connect) for secure, high-speed enterprise links.

### **AWS Global Accelerator**

* What it is: A networking service that improves global application availability and performance by routing traffic through AWS’s global backbone network.
* How it works:
  * You get static Anycast IPs (public).
  * User traffic enters the nearest AWS edge location.
  * AWS then routes it through its private backbone to the nearest healthy AWS Region endpoint.

&#x20;Is it part of AWS Regional Infrastructure?

Not exactly. Here’s why

* Region vs Global Services
  * Most AWS services are regional (e.g., EC2, RDS, S3 buckets live in a region).
  * Some are global services (e.g., IAM, Route 53, CloudFront, Global Accelerator).
* Global Accelerator belongs to the global networking layer, not a single region.

  * It spans multiple AWS regions.
  * Its static IPs are global and don’t change if you switch regions.
  * However, the endpoints it routes to (EC2, ALB, NLB, etc.) are regional.

  &#x20;In short:
* Global Accelerator = Global networking service.
* It sits above AWS regional infrastructure and connects users to regional endpoints through AWS’s private network.

### AWS Regional vs. Global Services

Regional Services

* Definition: Operate within a specific AWS Region and are isolated from other regions.
* Key Characteristics:
  * Data Residency: Data and resources are confined to a single region.
  * Availability Zones: Utilize multiple Availability Zones within the region for high availability.
  * Examples: Amazon EC2, Amazon RDS, Amazon S3 (buckets), Amazon VPC.

Global Services

* Definition: Span across all AWS Regions and are not confined to a single region.
* Key Characteristics:
  * Global Reach: Accessible from any region, often with a global endpoint.
  * Control Plane: Some have a centralized control plane in a specific region (e.g., IAM in `us-east-1`), but their data planes are global.
  * Examples: Amazon CloudFront, AWS IAM, Amazon Route 53.

### **AWS Regional Services**

Definition:

* Services that exist inside a single AWS Region.
* Data, resources, and endpoints are region-specific.
* You must choose a region when creating or using them.
* Isolation: If one region has an outage, other regions are unaffected.

#### Key Points:

* Supports high availability within a region (with Availability Zones).
* Can be made public or private, depending on configuration.

| Category    | Service                         | Public / Private Notes                                              |
| ----------- | ------------------------------- | ------------------------------------------------------------------- |
| Compute     | EC2                             | Private if no public IP; public if you assign one or behind ALB/NLB |
| Compute     | ECS / EKS                       | Private if tasks/pods are in private subnets                        |
| Storage     | S3 (regional bucket)            | Can restrict to VPC endpoint (private) or public via internet       |
| Storage     | EBS                             | Private (inside VPC)                                                |
| Databases   | RDS / Aurora / DynamoDB         | Can be public or private depending on subnet                        |
| Networking  | VPC                             | Private by default                                                  |
| Networking  | Elastic Load Balancer (ALB/NLB) | Public if internet-facing; private if internal                      |
| Security    | KMS                             | Regional; can be accessed privately via VPC endpoint                |
| Security    | Secrets Manager                 | Regional; private via VPC endpoint                                  |
| Analytics   | EMR, Redshift                   | Regional; endpoints can be private/public                           |
| Application | CloudWatch, CloudTrail          | Regional logs, metrics; API can be public                           |

### **AWS Global Services**

Definition:

* Services that span all regions automatically.
* No need to choose a single region.
* Manage users, policies, or traffic globally.
* Often internet-facing or globally accessible, but can interact with private regional resources.

Key Points:

* Typically used for identity, DNS, traffic routing, content delivery, global acceleration.
* Not tied to Availability Zones or regional resources, but they integrate with them.

| Category    | Service                     | Public / Private Notes                                    |
| ----------- | --------------------------- | --------------------------------------------------------- |
| Identity    | IAM                         | Global; manages users/roles across all regions            |
| Identity    | AWS Organizations           | Global; account management across regions                 |
| Networking  | Route 53                    | Public DNS service; global routing                        |
| Networking  | CloudFront                  | Public CDN; caches content globally                       |
| Networking  | Global Accelerator          | Public static IPs; routes to regional endpoints           |
| Security    | AWS WAF (CloudFront or ALB) | Global rules for web apps                                 |
| Security    | AWS Shield Advanced         | Global DDoS protection                                    |
| Monitoring  | CloudTrail (multi-region)   | Logs can be centralized globally                          |
| Application | SNS (can be global topic)   | Public APIs by default                                    |
| Application | Cognito                     | User pools are global, app integration is region-specific |

### **Hybrid / Special Cases**

Some services can be both regional and global depending on usage:

| Service     | Notes                                                                  |
| ----------- | ---------------------------------------------------------------------- |
| S3          | Bucket is regional; objects can be accessed globally if public         |
| Lambda      | Functions live in a region; API Gateway endpoint can be global         |
| API Gateway | Regional endpoints (default) or edge-optimized (global via CloudFront) |
| DynamoDB    | Tables are regional; Global Tables replicate across regions            |

**Why this Matters**

1. Architecture Decisions: Regional for isolated workloads; global for identity, DNS, CDN.
2. Disaster Recovery: Regional = replicate manually; Global = automatically accessible.
3. Security: Regional services can be private in VPC; global services often require IAM policies for access control.
4. Latency & Performance: Use global services (CloudFront, Global Accelerator) to reduce latency worldwide.