Global Infrastructure
AWS has a global infrastructure, comprised of Regions, Availability Zones, Edge Locations, and Data Centers. You can see more on the AWS site on Regions and Availability Zones (opens in a new tab).
Availability Zones are a single data centre or a group of data centres within a region. AZ’s are represented by a region code followed by a letter identifier for that AZ I.e. US-East-1a
. AZ’s are positioned to be exactly 10ms latency far apart
Edge Locations are data centers owned by a trusted partner of AWS which has a direct connection to the AWS network. Is a site that Amazon-CloudFront uses to store cached copies of your content to your customer for faster delivery. i.e. These locations serve requests for Cloudfront and route 53. Request going to either of these services will be routed to the nearest edge location automatically. S3 transfer acceleration and API gateway endpoint traffic also use the AWS Edge Network. This allows for low latency no matter where the end user is geographically located, used by CloudFront and Route 53.
The AWS Cloud operates (opens in a new tab) in over 102 Availability Zones within 32 geographic Regions around the world, as of 2023, with announced plans for more Availability Zones and Regions. It also operates in millions of Edge Locations. This allows them to provide low latency and higher throughput. An AZ is one or more discrete data centres owned by AWS. An edge location is owned by a trusted partner of AWS
AWS Regions are Geographically distinct locations with multiple data centres (AZ’s). Every region is geographically distinct and completely isolated from the other AWS Regions. It is independent in terms of location, power and water supply.
The largest region is US east; New features become available in US-East first. North Virginia (US-east) is also where we see all out billing information. We have at least 2/3 AZ's in every region. Most companies need at least 3 AZ's. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links.
GovCloud Regions (US) are special regions that allows users to host sensitive controlled unclassified information and other types of regulated workloads. GovCloud regions are only operated by employees who are US citizens on US soil. They are ONLY accessible to US entities and root account holders who pass a screening process.
GovCloud regions are made for developers architecting secure cloud solutions for department of Defence etc. EAR. CJIS. It addresses security and compliance.
In terms of Reliability, each Availability Zone is designed as an independent failure zone. This means that Availability Zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by AWS Region). In addition to discrete uninterruptible power supply (UPS) and onsite backup generation facilities, data centers located in different Availability Zones are designed to be supplied by independent substations to reduce the risk of an event on the power grid impacting more than one Availability Zone.
AWS Regions
AWS has Regions all around the world. They named us-east-1
, eu-west-3
etc. A region is a cluster of data centers. It is worth noting that most AWS services are region-scoped.
Choosing an AWS Region
When determining the right region for your service, data, and applications, consider the following four business factors:
- Compliance with data governance and legal requirements: data never leaves a region without your explicit permission
- Proximity to customers: reduced latency
- Available services within a Region: new services and new features aren’t available in every Region
- Pricing: pricing varies region to region and is transparent in the service pricing page
AWS Availability Zones (AZ's)
- Each region has many availability zones (usually 3, min is 2, max is 6). For example,
ap-southeast-2
has:ap-southeast-2a
ap-southeast-2b
ap-southeast-2c
- Each availability zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity
- They’re separate from each other, so that they’re isolated from disasters
- They’re connected with high bandwidth, ultra-low latency networking
AWS Edge Locations (Points of Presence)
Amazon has 216 Points of Presence (205 Edge Locations & 11 Regional Caches) in 84 cities across 42 countries. Content is delivered to end users with lower latency using these.
Global & Region Scoped Services
Services become available first in US-East
. For Asia Pacific, Singapore have the majority of services in that region.
- AWS has Global Services:
- Identity and Access Management (IAM)
- Route 53 (DNS service)
- CloudFront (Content Delivery Network)
- WAF (Web Application Firewall)
- Most AWS services are Region-scoped:
- Amazon EC2 (Infrastructure as a Service)
- Elastic Beanstalk (Platform as a Service)
- Lambda (Function as a Service)
- Rekognition (Software as a Service)
See the Region Table (opens in a new tab) for a list of services and their availability by region.
Why make a Global application?
- A global application is an application deployed in multiple geographies
- On AWS: this could be Regions and / or Edge Locations
- Decreased Latency
- Latency is the time it takes for a network packet to reach a server
- It takes time for a packet from Asia to reach the US
- Deploy your applications closer to your users to decrease latency, better experience
- Disaster Recovery (DR)
- If an AWS region goes down (earthquake, storms, power shutdown, politics)…
- You can fail-over to another region and have your application still working
- A DR plan is important to increase the availability of your application
- Attack protection: distributed global infrastructure is harder to attack
Global Applications in AWS
- Global DNS: Route 53
- Great to route users to the closest deployment with least latency
- Great for disaster recovery strategies
- Global Content Delivery Network (CDN): CloudFront
- Replicate part of your application to AWS Edge Locations – decrease latency
- Cache common requests – improved user experience and decreased latency
- S3 Transfer Acceleration
- Accelerate global uploads & downloads into Amazon S3
- AWS Global Accelerator:
- Improve global application availability and performance using the AWS global network
Amazon Route 53 Overview
Route53 is a Managed DNS (Domain Name System). DNS is a collection of rules and records which helps clients understand how to reach a server through URLs.
High-level Routing Policies:
- simple routing policy
- weighted routing policy
- latency routing policy
- failover routing policy
Simple routing policy
- Use for a single resource that performs a given function for your domain
- for example, a web server that serves content for the example.com website.
- You can use simple routing to create records in a private hosted zone
Weighted routing policy
- Use to route traffic to multiple resources in proportions that you specify.
- You can use weighted routing to create records in a private hosted zone.
Latency routing policy
- Use when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
- You can use latency routing to create records in a private hosted zone.
Failover routing policy
- Use when you want to configure active-passive failover.
- You can use failover routing to create records in a private hosted zone.
AWS CloudFront
Cloudfront (opens in a new tab) is a CDN (Content distribution network). If there are files or video files you want to share, you use it to get them to load as quickly as possible to take the shortest route to the end user. It stores cached copies of your content for faster delivery.
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- Improves users experience
- 216 Point of Presence globally (edge locations)
- DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall
CloudFront Origins
- S3 bucket
- For distributing files and caching them at the edge
- Enhanced security with CloudFront Origin Access Identity (OAI)
- CloudFront can be used as an ingress (to upload files to S3)
- Custom Origin (HTTP)
- Application Load Balancer
- EC2 instance
- S3 website (must first enable the bucket as a static S3 website)
- Any HTTP backend you want
CloudFront vs S3 Cross Region Replication
CloudFront | S3 Cross Region Replication |
---|---|
Global Edge network | Must be setup for each region you want replication to happen |
Files are cached for a TTL (Time to Live) (maybe a day) | Files are updated in near real-time, Read only |
Great for static content that must be available everywhere | Great for dynamic content that needs to be available at low-latency in few regions |
S3 Transfer Acceleration
- Increase transfer speed by transferring file to an AWS edge location which will forward the data to the S3 bucket in the target region
- if we try to upload file to Australia S3 bucket it will take time using CloudFront we can rescue time.
- File in USA -> Edge Location(USA) -> S3 Bucket(Australia)
- You can test the tool here (opens in a new tab)
AWS Global Accelerator
- Improve global application availability and performance using the AWS global network
- Leverage the AWS internal network to optimize the route to your application (60% improvement)
- 2 Anycast IP are created for your application and traffic is sent through Edge Locations
- The Edge locations send the traffic to your application
- Test the tool here (opens in a new tab)
AWS Global Accelerator vs CloudFront
- They both use the AWS global network and its edge locations around the world
- Both services integrate with AWS Shield for DDoS protection.
- CloudFront – Content Delivery Network
- Improves performance for your cacheable content (such as images and videos)
- Content is served at the edge
- Global Accelerator
- No caching, proxying packets at the edge to applications running in one or more AWS Regions.
- Improves performance for a wide range of applications over TCP or UDP
- Good for HTTP use cases that require static IP addresses
- Good for HTTP use cases that required deterministic, fast regional failover
AWS Outposts
ASW Outposts bring native AWS services, infrastructure, and operating models to virtually and data-centres, co-location space, or on-premises facilities. You can use the same API's, the same tools, the same hardware, and the same functionality across on-premises and the cloud to deliver a truly consistent hybrid experience.
- Hybrid Cloud: businesses that keep an on-premises infrastructure alongside a cloud infrastructure
- Therefore, two ways of dealing with IT systems: One for the AWS cloud (using the AWS console, CLI, and AWS APIs), One for their on-premises infrastructure
- AWS Outposts are server racks that offer the same AWS infrastructure, services, APIs & tools to build your own applications on-premises just as in the cloud
- AWS will setup and manage Outposts Racks within your on-premises infrastructure and you can start leveraging AWS services on-premises
- You are responsible for the Outposts Rack physical security
AWS Outposts Benefits
- Low-latency access to on-premises systems
- Local data processing
- Data residency
- Easier migration from on-premises to the cloud
- Fully managed service
- Some services that work on Outposts:
- EC2
- EBS
- S3
- EKS
- ECS
- RDS
- EMR
AWS WaveLength
- WaveLength Zones are infrastructure deployments embedded within the telecommunications providers' data centers at the edge of the 5G networks
- Brings AWS services to the edge of the 5G networks
- Example: EC2, EBS, VPC…
- Ultra-low latency applications through 5G networks
- Traffic doesn’t leave the Communication Service Provider’s (CSP) network
- High-bandwidth and secure connection to the parent AWS Region
- No additional charges or service agreements
- Use cases: Smart Cities, ML-assisted diagnostics, Connected Vehicles, Interactive Live Video Streams, AR/VR, Real-time Gaming
AWS Local Zones
- Places AWS compute, storage, database, and other selected AWS services closer to end users to run latency-sensitive applications
- Extend your VPC to more locations – "Extension of an AWS Region"
- Compatible with EC2, RDS, ECS, EBS, ElastiCache, Direct Connect …
- Example:
- AWS Region: N. Virginia (us-east-1)
- AWS Local Zones: Boston, Chicago, Dallas, Houston, Miami
Summary
- Global DNS: Route 53
- Great to route users to the closest deployment with least latency
- Great for disaster recovery strategies
- Global Content Delivery Network (CDN): CloudFront
- Replicate part of your application to AWS Edge Locations – decrease latency
- Cache common requests – improved user experience and decreased latency
- S3 Transfer Acceleration
- Accelerate global uploads & downloads into Amazon S3
- AWS Global Accelerator
- Improve global application availability and performance using the AWS global network
- AWS Outposts
- Deploy Outposts Racks in your own Data Centers to extend AWS services
- AWS WaveLength
- Brings AWS services to the edge of the 5G networks
- Ultra-low latency applications
- AWS Local Zones
- Bring AWS resources (compute, database, storage, …) closer to your users
- Good for latency-sensitive applications