Amazon S3 Multi-Region Access Points

Accelerate content transfers and failover between replicated datasets across AWS Regions
S3 Multi-Region Access Points getting started tutorial

Overview

Amazon Simple Storage Service (S3) Multi-Region Access Points provide a global endpoint for routing Amazon S3 request traffic between AWS Regions. Each global endpoint routes Amazon S3 data request traffic from multiple sources, including traffic originating in Amazon Virtual Private Clouds (VPCs), from on-premises data centers over AWS PrivateLink, and from the public internet without building complex networking configurations with separate endpoints. Establishing an AWS PrivateLink connection to an S3 Multi-Region Access Point allows you to route S3 requests into AWS, or across multiple AWS Regions and accounts over a private connection using a simple network architecture and configuration without the need to configure a VPC peering connection.

With Amazon S3 Multi-Region Access Points failover controls, you can route all S3 data request traffic through a single global endpoint and directly control the shift of S3 data request traffic between AWS Regions at any time. During a planned or unplanned regional traffic disruption, failover controls let you control failover between buckets in different AWS Regions and accounts within minutes.

How it works

  • S3 Multi-Region Access Points
  • How it works diagram - S3 Multi Region Access Points

    Amazon S3 Multi-Region Access Points are based on AWS Global Accelerator and consider factors like network congestion and the location of the requesting application to dynamically route your requests over the AWS network to the closest copy of your data. Public internet-sourced Amazon S3 data requests routed through an S3 Multi-Region Access Point can result in accelerated performance by up to 60% compared with requests routed to S3 over the public internet. This allows you to build multi-Region applications with the same simple architecture used in a single region, and then to run those applications anywhere in the world.

    In an active-active configuration, requests made to an S3 Multi-Region Access Point’s global endpoint automatically route over the AWS global network to the nearest S3 bucket. This allows applications to automatically avoid congested network segments on the public internet, improving application performance and reliability.

    For example, you can configure an S3 Multi-Region Access Points with underlying buckets in Virginia, Ireland, and Mumbai Regions. You can then centrally configure the replication rules between Virginia, Ireland, and Mumbai. S3 Multi-Region Access Points will then dynamically route client requests across AWS Regions to the S3 bucket with the lowest latency. With this configuration, your clients in North America will likely route to Virginia, and your clients in Asia will route to Mumbai. By dynamically routing to the replicated data set over the AWS network to the S3 bucket with the lowest network latency, application requests avoid congested network segments on the public internet, for improved performance and reliability.

    Learn more about S3 Multi-Region Access Points in the user guide.

  • Failover controls
  • HIW Diagram for Failover controls

    With S3 Multi-Region Access Points failover controls, you can operate S3 Multi-Region Access Points in an active-passive or active-active configuration. In either active-active or active-passive configurations, S3 Multi-Region Access Points allow you to take advantage of the global infrastructure of AWS while maintaining a simple application architecture for accessing S3 buckets in different AWS Regions through a single global endpoint.

    In an active-passive configuration, customers designate an active AWS Region and account to service all S3 requests, as well as a passive AWS Region and account to which data will only be routed when made active during a planned or unplanned failover.

    For example, you can configure S3 Multi-Region Access Points with underlying buckets in the Virginia and Oregon AWS Regions, where the Virginia Region is active, owned by one AWS account, and the Oregon Region is passive, owned by another AWS account. All of your traffic through the S3 Multi-Region Access Point routes to Virginia. S3 Multi-Region Access Points then route S3 client requests only to the Virginia Region. You can then centrally configure cross-account replication rules between Virginia and Oregon to bi-directionally replicate some or all data within the buckets to synchronize their contents. You can then initiate a failover to shift S3 data access request traffic to the bucket in the Oregon Region within two minutes without the need to change any of the S3 clients or applications using the S3 Multi-Region Access Point.

Overview video: S3 Multi-Region Access Points

Watch an in-depth overview on Amazon S3 Multi-Region Access Points which accelerate performance by up to 60% when accessing datasets that are replicated across multiple AWS Regions. 

Benefits

Amazon S3 Multi-Region Access Points accelerate multi-Region applications. By dynamically routing S3 requests made to a replicated data set via the AWS Global Accelerator, S3 Multi-Region Access Points reduce request latency, so that applications run up to 60% faster.
Application requests made to a S3 Multi-Region Access Point’s global endpoint automatically route over the AWS global network to the S3 bucket with the lowest network latency, allowing you to build multi-Region applications with the same simple application architecture that you would use in a single Region, and then run those applications anywhere in the world.
Amazon S3 Multi-Region Access Points failover controls let you control failover between buckets in different AWS Regions. You can test your application resiliency against a regional traffic disruption and switch between active and passive Regions within minutes.
Amazon S3 Multi-Region Access Points failover controls pair well with the Amazon S3 Intelligent-Tiering storage class for passive secondary and tertiary copies of replicated S3 data. Amazon S3 Intelligent-Tiering delivers automatic storage cost savings based on data access patterns without performance impacts. This can be ideal for passive secondary copies of your data that are rarely accessed. Then, when a failover between AWS Regions is initiated to make the passive Region copy active, there are no additional retrieval charges for interacting with infrequently accessed copies of data.
S3 Multi-Region Access Points provide global endpoints for Amazon S3 with dedicated access policies and centralized controls for S3 replication rules, failover between AWS Regions, and network routing. In the S3 console, S3 Multi-Region Access Points show a centralized view of the underlying replication topology, replication metrics, and failover control management of request routing configuration for your multi-Region S3 deployment. This gives you an even simpler way to build, manage, and monitor S3 data request traffic storage for multi-Region applications.

Use cases

Amazon S3 Multi-Region Access Points failover controls let you control the shift of S3 data request traffic between AWS Regions and redirect S3 traffic away from disruptions within minutes, to help build more highly available applications. With failover controls, you can operate S3 Multi-Region Access Points in an active-passive configuration and initiate a failover to shift S3 data request traffic to the chosen alternate AWS Region within minutes.

Test application resiliency against a regional traffic disruption to conduct application failure scenario testing and perform disaster recovery simulations. Easily shift S3 data request traffic through an S3 Multi-Region Access Point global endpoint from an active AWS Region to a passive AWS Region within minutes.

Clients such as public EC2 instances, EC2 instances using Internet Gateways (IGWs), and on premises that must connect to and accelerate requests to S3 can simplify applications and network architecture with a S3 Multi-Region Access Point. These requests will be routed over the AWS Global Network and then back to S3 within the Region without having to transverse the public internet to the lowest latency AWS Region.

Getting started with S3 Multi-Region Access Points

You can get started with S3 Multi-Region Access Points using the Amazon S3 API, CLI, SDKs, or the S3 console. The S3 console provides a guided workflow to configure S3 Multi-Region Access Points, S3 Cross-Region Replication Rules, and AWS VPC connections, including AWS PrivateLink.

In the S3 console, S3 Multi-Region Access Points show a centralized view of the underlying replication topology, failover controls, replication metrics, and your request routing configuration. This gives you an even easier way to build, manage, and monitor storage for multi-Region applications.

You can set up a S3 Multi-Region Access Point in three simple steps. First, you will receive an automatically generated S3 Multi-Region Access Point endpoint name, to which you can connect your clients. Second, you will select existing or create new S3 buckets that you would like to route requests between. Third, you will specify S3 Cross-Region Replication rules to apply to your buckets. Then, S3 will automatically create and configure your new multi-Region setup. Alternatively, you can use AWS CloudFormation to automate the creation and configuration of S3 Multi-Region Access Points. 

Access the S3 Multi-Region Access Points getting started tutorial and visit the user guide to get started.