X: in light of last week's #AWS outage, should I make my app multi-region?
me: it depends.
X: on what?
me: how much did the outage cost you in lost sales, reputation cost, etc.? And how much are you willing to invest in improving your uptime in case of another region-wide outage?
me: it depends.
X: on what?
me: how much did the outage cost you in lost sales, reputation cost, etc.? And how much are you willing to invest in improving your uptime in case of another region-wide outage?
X: erm... I'm not sure...
me: don't get me wrong, if you're a large enterprise, I expect you to be multi-region already! Hell, I expect you to be doing chaos engineering and proactively finding weaknesses in your architecture before disasters strike and force you into reacting.
me: don't get me wrong, if you're a large enterprise, I expect you to be multi-region already! Hell, I expect you to be doing chaos engineering and proactively finding weaknesses in your architecture before disasters strike and force you into reacting.
me: but as we can see from these AWS outages, modern systems are complex, and even companies who like AWS who have invested heavily into resilience and are doing all the right things, 💩still happens
aws.amazon.com/message/11201
aws.amazon.com/message/11201
me: resilience requires continuous investment just to stay the same because your system is also evolving and becoming more capable and more complex at the same time, so your multi-region strategies need to evolve with the architecture
me: if your stack is API Gateway/AppSync + Lambda + DynamoDB then going multi-region active-active is somewhat straight forward - set up DynamoDB global table and then set up fallback on Route53. This excellent post by @adhorn shows you how
adhorn.medium.com/multi-region-s…
adhorn.medium.com/multi-region-s…
me: however, most real-world apps are much more than that, and you'd also need to extend that multi-region strategy to your data processing pipelines, and just about everything else you do too, and that has a cost (eng time, maintenance, aws bill, etc.) and impacts your velocity
X: so.. you're saying I shouldn't do it?
me: I'm saying you shouldn't make a knee-jerk reaction and instead make an informed choice based on the cost of such outage, its likelihood of happening, and the cost for moving YOUR architecture to a multi-region active-active setup.
me: I'm saying you shouldn't make a knee-jerk reaction and instead make an informed choice based on the cost of such outage, its likelihood of happening, and the cost for moving YOUR architecture to a multi-region active-active setup.
X: what about a compromise and multi-region, active-passive instead?
me: don't bother - it has all the complexities of active-active and the HUGE risk that the passive region is never used day-to-day and might not work the one time you need it
me: don't bother - it has all the complexities of active-active and the HUGE risk that the passive region is never used day-to-day and might not work the one time you need it
https://twitter.com/ben11kehoe/status/1332383974467854337
X: ok, so what should I do then?
me: do nothing if you can afford to wait out the outage, add a maintenance page so customers are not left hanging; go multi-region active-active if you must (because another outage like this would be too costly)
me: do nothing if you can afford to wait out the outage, add a maintenance page so customers are not left hanging; go multi-region active-active if you must (because another outage like this would be too costly)
me: as I've said time and again, keep it simple, until you can't.
https://twitter.com/theburningmonk/status/1332211516154798080
X: how about multi-cloud?
me: ... well, I'll let @QuinnyPig tell you why it's such a bad idea... lastweekinaws.com/blog/multi-clo…
me: ... well, I'll let @QuinnyPig tell you why it's such a bad idea... lastweekinaws.com/blog/multi-clo…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
