Why not us-east-2 if you need east coast? Even so, I’m almost as far as I can be (in America) from us-west-1 and us-west-2. The difference in speed is barely perceptible when running services out west. In fact, I think my Lightsail PiHole is out there.
As I said, I’m not aware of any historical issues at the other DCs. 🤷🏻♂️
Don’t quote me on this, but I think I read earlier this morning that all of AWS has to go through us-east-1 to verify site certificates.
I’m not sure though, I was rather sleepy at the time I think I read something along those lines. 🤷
IAM needs to go through US east and everything needs IAM. And I assume IAM went down due to dynamo going down in US East?
This is literally the tech stack meme with one tiny block holding it all up
Well fuck me that explains it all. Not a simple fix at this late date.
This is a little misleading. It does not mean that every single region depends on us-east-1 to authenticate every API calls. That would be insane and obviously mean that every region has a dependency on us-east-1.
Instead, us-east-1 is what’s called a partition leader. It holds the secret key material for everything in the commercial partition and regularly it distributes that to other regions. So if it’s down for an extended period of time, other regions IAM can be impacted, but then there’s some other complexity with STS endpoints. You can actually see the by product of this if you look at how the SigV4 signing algorithm works. Each HMAC layer is expanding the key scope.
Anyway, this part of IAM is pretty battle tested and from I saw not the cause of today’s outage.