CloudFront CDN for S3 bucket which is cross region replicated

3
votes

Given yesterday's us-east-1 S3 outage, how do I best architect a CloudFront CDN which uses a S3 bucket as the source and the bucket is setup to replicate to another region?

  1. Do I setup two separate CloudFront CDNs, one with the bucket in us-east-1 as the origin and another CloudFront CDN with the replicated bucket in us-east-2 as the origin and then use one Route53 record to access the two CDNs?

or

  1. Can I setup one CloudFront CDN with two Origins (one in us-east-1 and the other in us-east-2) and CloudFront will automatically pull the content from the S3 region which is working?

Any other solution?

Your insights and comments are much appreciated.

Cheers Bernie

3
amazon-web-servicesamazon-s3replicationamazon-cloudfront
Neither of these solutions will work as expected. I will attempt to explain why (and propose an alternative) in an answer as time permits.Michael - sqlbot
Thanks Michael. Looking forward to your explanation.Bernie Lenz
@Michael-sqlbot Would a better approach be to create a CNAME in Route 53 with Failover and Healthcheck pointing directly to the S3 URLs and then create a Cloudfront CDN using the CNAME?Bernie Lenz
sorry I haven't gotten back with the promised answer yet. I'm not quite sure what you're planning to do with the CNAME you're talking about, here, but the fundamental problem is that you can't have two buckets responding to the same hostname.Michael - sqlbot
@Michael-sqlbot I put my idea in a quick diagram at docs.google.com/drawings/d/… Please let me know what you think or if the link doesn't work.Bernie Lenz

3 Answers

5
votes

It turns out that neither of my proposals worked and that Cloudfront does not support S3 replication and failover out of the box.

Below architecture should have survived the 2/28/17 North Virginia S3 outage (Thanks for the help @Michael-sqlbot).

I am surprised though that AWS does not offer a more trivial solution for such a fairly common scenario... S3 Failover With Cloudfront

1
votes
  1. You can use S3 cross-region replication. To do, please follow the instructions in the aws blog: s3 cross-region replication- how to
  2. Unfortunately, multi-region replication is not supported by CloudFront at the moment. But, as CloudFront uses multiple caches or edge locations, you are assured your data is safe.

I would personally select your first choice as S3 has 99.99.. durability and is highly available. So, that's an ideal solution to assure your replicated data remains highly available. Further, if your data volume is high, you can store your old replicated data with Amazon Glacier. However, this is a tradeoff between how critical your data is and how much time you consider for this valuable data to be recovered; because Amazon Glacier may take up to few hours to bring your archived data back up for usage.

1
votes

You can create cross-region replication and use your CloudFront with multiple origins.

Also you will need to write explicit rules, how your content will be routed with multiple origins.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesPathPattern