CloudFront CDN for S3 bucket which is cross region replicated

Question

Given yesterday's us-east-1 S3 outage, how do I best architect a CloudFront CDN which uses a S3 bucket as the source and the bucket is setup to replicate to another region?

1. Do I setup two separate CloudFront CDNs, one with the bucket in us-east-1 as the origin and another CloudFront CDN with the replicated bucket in us-east-2 as the origin and then use one Route53 record to access the two CDNs?

or

2. Can I setup one CloudFront CDN with two Origins (one in us-east-1 and the other in us-east-2) and CloudFront will automatically pull the content from the S3 region which is working?

Any other solution?

Your insights and comments are much appreciated.

Cheers Bernie

Answer 1

It turns out that neither of my proposals worked and that Cloudfront does not support S3 replication and failover out of the box.

Below architecture should have survived the 2/28/17 North Virginia S3 outage (Thanks for the help @Michael-sqlbot).

I am surprised though that AWS does not offer a more trivial solution for such a fairly common scenario...

Answer 2

You can create cross-region replication and use your CloudFront with multiple origins.

Also you will need to write explicit rules, how your content will be routed with multiple origins.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesPathPattern

Answer 3

1. You can use S3 cross-region replication. To do, please follow the instructions in the aws blog: s3 cross-region replication- how to
2. Unfortunately, multi-region replication is not supported by CloudFront at the moment. But, as CloudFront uses multiple caches or edge locations, you are assured your data is safe.

I would personally select your first choice as S3 has 99.99.. durability and is highly available. So, that's an ideal solution to assure your replicated data remains highly available. Further, if your data volume is high, you can store your old replicated data with Amazon Glacier. However, this is a tradeoff between how critical your data is and how much time you consider for this valuable data to be recovered; because Amazon Glacier may take up to few hours to bring your archived data back up for usage.