Failover Configuration
You will learn how to configure your Amazon S3 Multi-Region Access Point to be in an active-active state or active-passive state.
Overview
With Amazon S3 Multi-Region Access Point failover controls you can maintain business continuity during regional traffic disruptions, while also giving your applications a multi-Region architecture to fulfill compliance and redundancy needs. If your regional traffic gets disrupted, you can use Multi-Region Access Point failover controls to select which AWS Regions behind an Amazon S3 Multi-Region Access Point will process data-access and storage requests. To support failover, you can set up your Multi-Region Access Point in an active-passive configuration, with traffic flowing to the active Region during normal conditions, and a passive Region on standby for failover.
Your Amazon S3 Multi-Region Access Points failover configuration determines the routing status of the AWS Regions that are used with the Multi-Region Access Point. You can configure your Amazon S3 Multi-Region Access Point to be in an active-active state or active-passive state.
- Active-active: In an active-active configuration, all requests are automatically sent to the closest proximity AWS Region in your Multi-Region Access Point. After the Multi-Region Access Point has been configured to be in an active-active state, all Regions can receive traffic. In an active-active configuration, if there is a regional disruption, such as an undersea cable cut, traffic will be automatically redirected to one of the active Regions automatically at the discretion of AWS.
- Active-passive: In an active-passive configuration, the active Regions in your Multi-Region Access Point receive traffic and the passive ones do not. If you intend to use S3 failover controls to initiate failover in a disaster situation, set up your Multi-Region Access Points in an active-passive configuration while you're testing and performing disaster-recovery planning. AWS will not route traffic to a Region you have set to passive, regardless of the status of any other Regions
Although failover is initiated between only two Regions at one time, you can separately update the routing statuses for multiple Regions at the same time in your Multi-Region Access Point.
Time to complete
10 minutes
Implementation
4.1 - Select active and passive Regions
- Open the Replication and failover tab of your new Multi-Region Access Point.
- If you need to re-open this, in the Amazon S3 console, choose Multi-Region Access Points. Then, select the name of your Multi-Region Access Point to configure additional settings.
- If you need to re-open this, in the Amazon S3 console, choose Multi-Region Access Points. Then, select the name of your Multi-Region Access Point to configure additional settings.
- In the Failover configuration section, you will see that the routing status of all your regional buckets is active. Select one or more Regions, and select Edit routing status.
4.2 - Routing status
- Set one of the Regions to passive, and select Save routing status.
- For each Region you can set whether it is active or passive, for that particular Multi-Region Access Point. S3 buckets in Regions set to passive will not receive any requests addressed to the global endpoint.
- These changes can also be carried out in the AWS Command Line Interface (CLI) by calling GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. See the documentation for more details. Note: At least one Region must be set to active.
- For example, a single command to set the us-east-1 Region as passive and the us-west-2 Region as active would look like the following code.
aws s3control submit-multi-region-access-point-routes \
--region ap-southeast-2 \
--account-id $account \
--mrap $mrap_arn \
--route-updates Region=us-east-1,TrafficDialPercentage=0 \
Region=us-west-2,TrafficDialPercentage=100
- In this case the command has been addressed to a different Region, ap-southeast-2, as it is another of the Regions where you can run Multi-Region Access Point AWS CLI routing commands. The previous example code assumes that the ARN and account ID have been set as environment variables.
4.3 - Replication and failover overview map
- Review the Replication and failover overview (Failover) map, showing the new status.
- The Replication and failover overview (Replication) map shows no change to replication, because S3 Cross-Region Replication rules are unaffected by Multi-Region Access Point failover controls settings.
4.4 - In this step you will look at the failover feature, which enables a rapid switch over of routing between two Regions.
- In the Failover configuration page, select an active Region and a passive Region.
- Then, select Failover.
4.5 - Failover confirmation
- For the Failover confirmation screen, review the actions that will be performed. Then, select Failover.
- The new routing status of the regions is shown in the Failover configuration table, and the Replication and failover overview (Failover) map.
- Again, the Replication and failover overview (Replication) map shows no change to replication.
Conclusion
In this module, you learned how to configure your Amazon S3 Multi-Region Access Point to be in an active-active state or active-passive state using failover controls.
You are now ready to control access to your data using Identity Management and Access Control (IAM) permissions.