Introduction
Follow step-by-step instructions to set up and use Amazon S3 Multi-Region Access Points and failover controls
Overview
Amazon S3 Multi-Region Access Points provide a global endpoint for routing Amazon S3 request traffic between AWS Regions. Each global endpoint routes Amazon S3 data request traffic from multiple sources, including traffic originating in Amazon Virtual Private Clouds (VPCs), from on-premises data centers over AWS PrivateLink, and from the public internet without building complex networking configurations with separate endpoints.
Internet-sourced Amazon S3 data requests routed through an S3 Multi-Region Access Point can result in accelerated performance by up to 60% compared with requests routed to S3 over the public internet. This allows you to build highly available multi-Region applications with the same, simple architecture used in a single Region, and then to run those applications anywhere in the world.
Amazon S3 Multi-Region Access Points include failover controls, which let you operate S3 Multi-Region Access Points in an active-passive or active-active configuration and then control the shift or failover of S3 data access request traffic between AWS Regions at any time. In an active-passive configuration, you can designate an active AWS Region to service all S3 requests, as well as a passive AWS Region to which data will only be routed when made active during a planned or unplanned failover. During a regional traffic disruption, failover controls let you control failover between buckets in different AWS Regions within minutes.
What you will accomplish
In this tutorial, you will learn how to set up and use Amazon Simple Storage Service (Amazon S3) Multi-Region Access Points and failover controls. You will then be able to access the data in these buckets via a single global endpoint, and test failover between any two active-passive Region pairs. Specifically, you will:
- Create Amazon S3 buckets
- Create an S3 Multi-Region Access Point and add your buckets to it
- Configure bi-directional S3 Replication
- Redirect traffic by designating Regions as active and passive, and failover in under 2 minutes
- Delegate access control for your buckets to your access point
- Access your Multi-Region Access Point using the AWS CLI
- Understand how and why to use a VPC endpoint to access S3 Multi-Region Access Points
- Monitor S3 Replication and request metrics
Prerequisites
Before starting this tutorial, you will need:
- An AWS account: If you don't already have an account, follow the Setting Up Your Environment getting started guide for a quick overview.
Modules
This tutorial is divided into the following short modules. You must complete each module before moving to the next one.
- Create Amazon S3 buckets (5 minutes): Create S3 buckets to add to your S3 Multi-Region Access point.
- Create S3 Multi-Region Access Point (5 minutes): Learn how to create a Multi-Region Access Point and add your S3 buckets.
- Configure S3 Replication (10 minutes): Learn how to configure Cross-Region Replication in your account.
- Failover configuration (10 minutes): Configure your Amazon S3 Multi-Region Access Point to be in an active-active state or active-passive state.
- AWS IAM permissions (20 minutes): Configure bucket to delegate permissions to access points.
- Use your Multi-Region Access Point (10 minutes): Access data in your S3 buckets.
- VPC endpoints (10 minutes): Understand the use cases for VPC endpoints with Multi-Region Access Points.
- Monitor S3 Replication and requests (10 minutes): Learn how to monitor and display S3 request metrics.
- Clean up resources (10 minutes): In this last part of the guide, you will learn how to clean up resources after you are done.