Building multi-region applications enables you to improve latency for end users, achieve higher availability and resiliency in the event of unexpected disasters, and comply with business requirements related to data durability and data retention. For example, you might want to reduce the overall latency of dynamic API calls to backend services. Or, you may want to extend a single-region deployment to deal with internet routing issues, submarine cable failures, or regional connectivity issues to avoid costly downtime. Today, thanks to multi-zone data replication capabilities, such as Amazon DynamoDB global table, Amazon Aurora global database, Amazon ElastiCache global data storage and Amazon the Simple Storage Service (Amazon S3) across the zone, you can Build multi-regional applications across 25 Amazon Cloud Tech regions around the world.
- Amazon DynamoDB:
https://aws.amazon.com/dynamodb/ - Amazon Aurora:
https://aws.amazon.com/rds/aurora/ - Amazon ElastiCache
https://aws.amazon.com/elasticache/ - Amazon Simple Storage Service (Amazon S3)
https://aws.amazon.com/s3/
However, when implementing a multi-region application, you often have to make the code region-aware and handle the heavy lifting of migrating to the correct region resource (either closest or most available). For example, you might have three Amazon S3 buckets with object replication spanning three Amazon Cloud Technology regions. Your application code needs to know how many bucket replicas exist and where they are located, which bucket is closest to the caller, and how to fall back to other buckets in the event of a problem. The complexity increases when you add new regions to a multi-region architecture and redeploy the stack in each region after a global configuration change.
Recently, we are pleased to announce the Amazon S3 Multi-Region Access Point, a new Amazon S3 feature that allows you to define global endpoints for buckets across multiple Amazon Cloud Technology regions. With Amazon S3 Multi-Region Access Points, you can build multi-region applications with the same simple architecture in a single region.
- Amazon S3 Multi-Region Access Point:
https://aws.amazon.com/s3/features/multi-region-access-points/
Amazon S3 Multi-Region Access Points provide built-in network resiliency based on build Amazon Global Accelerator to route Amazon S3 requests through the Amazon Cloud global network. This is especially important to minimize network congestion and overall latency while maintaining a simple application architecture. Amazon Global Accelerator continuously monitors regional availability and can shift requests to another region in seconds. By dynamically routing requests to the lowest-latency copy of the data, Amazon S3 multi-region access points can improve upload and download performance by 60%. Not only is this suitable for server-side applications that rely on Amazon S3 to read configuration files or application data, but it's also great for edge applications that require high-performance and reliable write-only endpoints, such as IoT devices or self-driving cars .
Operating Amazon S3 Multi-Region Access Points
To get started, you can create an Amazon S3 multi-region access point in the Amazon S3 console, through the API, or using Amazon CloudFormation.
Let me show you how to create it using the Amazon S3 console. Each access point requires an account-level unique name.
Once created, you can access it through its alias, which is automatically generated and globally unique. The alias looks like a random string ending in .mrap - for example mmqdt41e4bf6x.mrap . It can also be accessed on- via 161e55a49b2087 https://mmqdt41e4bf6x.mrap.s3-global.amazonaws.com , VPC, or using Amazon PrivateLink .
- Amazon PrivateLink:
https://aws.amazon.com/privatelink/
You then associate multiple buckets (new or existing) with the access point, one for each region. If you need data replication, you also need to enable bucket versioning.
Finally, you configure the public access block settings for the access point. By default, all public access is blocked, which works fine in most cases.
The creation process is asynchronous, and you can view the creation status in the console or by listing the Amazon S3 multi-region access points through the Amazon CLI. After it becomes ready , you can configure optional settings for access point policies and object replication.
Similar to regular access points, you can customize access control policies to restrict the use of access points related to bucket permissions. Remember that both the access point and the underlying bucket must allow requests. Amazon S3 multi-region access points cannot extend permissions, only limit (or equal) permissions. You can also use the Amazon IAM Access Analyzer verify public and cross-account access to buckets using Amazon S3 multi-region access points, and to preview access to buckets before deploying permission changes.
Amazon IAM Access Analyzer:
https://aws.amazon.com/iam/features/analyze-access/
Your Amazon S3 multi-region access point access policy might look like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Default",
"Effect": "Allow",
"Principal": {
"AWS": "YOUR_ACCOUNT_ID"
},
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3::YOUR_ACCOUNT_ID:accesspoint/YOUR_ALIAS/object/*"
}
]
}To replicate data between buckets used with Amazon S3 multi-region access points, you can configure Amazon S3 replication. In some cases, you may want to store different content in each bucket, or have a portion of regional buckets for global endpoints and other portions that are not replicated and used only for regional access points or direct buckets access. For example, an IoT device configuration might include references to other regional API endpoints or regional resources, which are different for each bucket.
The new Amazon S3 console provides two basic templates that you can use to easily and centrally create replication rules:
- Copy objects from one or more source buckets to one or more source buckets: This is ideal for read-only use cases where data is always generated in a specific Amazon use.
- Copy objects between all specified buckets: this is ideal for the IoT scenario I mentioned, where you would define a write-only access point for the device to upload data to the nearest region, and This data is available in all regions.
Of course, thanks to filters and conditions, you can create more complex replication setups. For example, you might want to copy only certain objects based on prefix or label.
Remember that bucket versioning must be enabled for cross-region replication.
The console will be responsible for creating and configuring replication rules and Amazon IAM roles. Note that to add or remove buckets, you need to create a new Amazon S3 multi-region access point with the revised list.
In addition to replication rules, replication options can be configured here, such as Replication Time Control (RTC) , Replication Metrics and Notifications , and two-way sync. For use cases where replication speed is important, RTC allows you to replicate most new objects in seconds and 99.99% in 15 minutes; replication metrics allow you to monitor bucket synchronization in terms of objects and bytes Extensive; two-way sync allows you to implement an active-active configuration for a large number of use cases where object metadata needs to be replicated across buckets.
- Replication Time Control (RTC):
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-time-control.html - Copy metrics and notifications:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-metrics.html - Two-way synchronization:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-for-metadata-changes.html
After configuring replication, you will get a very useful visual and interactive summary that allows you to verify which Amazon Cloud Technology regions are enabled. You'll see their location on the map, the name of the regional bucket, and which replication rules are being applied.
Once your Amazon S3 multi-region access point is defined and properly configured, you can initiate interactions through the Amazon S3 API, Amazon CLI, or Amazon Cloud Technologies SDK. For example, this is how you use the Amazon CLI to write and read new objects (don't forget to upgrade to the latest Amazon CLI version):
# 创建一个新对象
aws s3api put-object --bucket arn:aws:s3::YOUR_ACCOUNT_ID:accesspoint/YOUR_ALIAS --key test.png --body test.png
# 检索同一个对象
aws s3api get-object --bucket arn:aws:s3::YOUR_ACCOUNT_ID:accesspoint/YOUR_ALIAS --key test.png test.pngLast but not least, you can use the Amazon CloudWatch to track how user requests are distributed across buckets in multiple Amazon Cloud Tech regions.
- Amazon CloudWatch:
https://aws.amazon.com/cloudwatch/
Amazon CloudFormation support at
Today, you can start easily defining Amazon S3 multi-region access points using two new Amazon CloudFormation resources: AWS::S3::MultiRegionAccessPoint and AWS::S3::MultiRegionAccessPointPolicy.
An example is as follows:
BlockPublicAcls: true
IgnorePublicAcls: true
BlockPublicPolicy: true
RestrictPublicBuckets: true
MyMultiRegionAccessPointPolicy:
Type: AWS::S3::MultiRegionAccessPointPolicy
Properties:
MrapName: !Ref MyS3MultiRegionAccessPoint
Policy:
Version: 2012-10-17
Statement:
- Action: '*'
Effect: Allow
Resource: !Sub
- 'arn:aws:s3::${AWS::AccountId}:accesspoint/${mrapalias}/object/*'
- mrapalias: !GetAtt
- MyS3MultiRegionAccessPoint
- Alias
Principal: {"AWS": !Ref "AWS::AccountId"}The AWS::S3::MultiRegionAccessPoint resource depends only on the Amazon S3 bucket name. You don't need to reference other regional stacks, and you can easily centrally define Amazon S3 multi-region access points into your own stack. On the other hand, cross-region replication needs to be configured on each Amazon S3 bucket.
cost considerations
When you use an Amazon S3 multi-region access point to route requests across the Amazon Cloud Technologies global network, there is a data routing fee of $0.0033/GB in addition to the standard Amazon S3 fees for requests, storage, data transfer, and replication. If your application accesses the Amazon S3 Multi-Region Access Point over the Internet, you will also be charged a per GB Internet Acceleration cost. This fee depends on the type of transfer (upload or download), and whether the client and bucket are in the same or different locations. For more information, visit the Amazon S3 pricing page and select the Data Transfer tab.
Let me share some examples:
- All traffic within the Amazon Cloud Tech region: In this simple case, your application is running in US East (N. Virginia) and two Amazon S3 buckets are configured in US East (N. Virginia) and US West (Oregon) . The application uploads 100GB of data and the lowest latency bucket is located in US East (N. Virginia). All data is routed by Amazon S3 multi-region access points in the same region for a total cost of $0.33.
- All traffic across two Amazon Cloud Tech regions: In this case, your application is running in US East (N. Virginia) and two Amazon S3 buckets are configured in US East (Ohio) and US West (Oregon) . The app uploads 100GB of data and the lowest latency bucket is located in US East (Ohio). All data is routed across two Amazon Cloud Technology regions by Amazon S3 multi-region access points. The data routing cost for 100GB is the same as the previous example ($0.33), plus the Amazon S3 data transfer cost is $0.01/GB for a total cost of $1.33.
- All traffic (downloads and uploads) on the Internet in North America, Europe, and Asia Pacific: In this case, your application runs on customer devices in North America, Europe, and Asia, and runs on US East (N. Virginia) and Europe ( Ireland) to configure two Amazon S3 buckets. A customer in North America uploads 50GB of data, routes it to a bucket in US East (N. Virginia); a second customer in Europe downloads 50GB of data from a bucket in Europe (Ireland); a third customer in Asia downloads 50GB of data from Europe (Ireland) bucket to download 50GB of data. 150GB of data routing costs $0.495. Additionally, data transfer from Amazon S3 to Europe is $0.09/GB ($9), internet acceleration costs $0.0025/GB ($0.125) from North America to a US East (N. Virginia) Amazon S3 bucket, and Ireland) Amazon S3 bucket to Europe costs $0.005/GB ($0.25) and internet acceleration costs $0.005/GB ($0.25) Amazon S3 bucket in Europe (Ireland) to Asia costs $0.005/GB ($0.25) $0.05/GB ($2.50). The total cost is $12.37. Note that this example is intended to show how internet acceleration costs work across continents. Also note that if you add an Amazon S3 bucket in Asia, the cost of internet acceleration in Asia may decrease by an order of magnitude (see next example).
- All internet traffic in North America, Europe, and Asia Pacific (upload only): In this case, we consider the same conditions as in the previous example. The only difference is that all customers only upload data and you have an additional bucket configured in Asia Pacific (Singapore). Data routing costs the same ($0.495). Additionally, the cost of internet acceleration from North America to a US East (N. Virginia) Amazon S3 bucket is $0.0025/GB ($0.125) and from Europe to a Europe (Ireland) Amazon S3 bucket is $0.0025/GB ( $0.125) and internet acceleration costs $0.01/GB ($0.50) from Asia to Asia Pacific (Singapore) Amazon S3 buckets. The total cost is $1.24.
In other words, routing costs are easy to estimate and do not depend on application type or data access patterns. Internet acceleration costs depend on access patterns (downloads are more expensive than uploads), and client location relative to the closest Amazon cloud tech region. For global applications that upload or download data over the Internet, you can minimize Internet acceleration costs by configuring at least one Amazon S3 bucket per continent.
is now available
Amazon S3 Multi-Region Access Points allow you to increase resiliency and improve application performance by up to 60% when accessing data across multiple Amazon Cloud Technology regions. We look forward to receiving feedback on your use cases so we can iterate quickly and simplify how we design and implement multi-region applications.
You can get started with the Amazon S3 API, Amazon CLI, Amazon SDK, Amazon CloudFormation, or Amazon S3 console . This new feature is available in 17 Amazon Cloud Technology regions worldwide (see full list of ).
- Amazon S3 console:
https://console.aws.amazon.com/s3/mraps - Full list:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointRestrictions.html
Review the technical documentation for Amazon S3 Multi-Region Access Points.
- Technical Documentation:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html
The author of this article
Alex Casalboni
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。