0

I'm looking at two sets of auto-scaled, load balanced, servers, owned by two aws clients, both deployed within the same availability zone and communicating over http.

How do I make sure that the traffic between the two sets of servers doesn't go out to the internet? Latency within the availability zone should be very very low.

blueberryfields
  • 45,910
  • 28
  • 89
  • 168
  • How are you guaranteeing that they are in the same availability zone? – Mark B Nov 10 '16 at 16:22
  • All the infrastructure on both sides is deployed within just the one zone – blueberryfields Nov 10 '16 at 16:30
  • Availability zone IDs are just indicators assigned to zones when you create your AWS account. For example, there is no guarantee that `us-east-1a` in one AWS account and `us-east-1a` in another AWS account actually refer to the same AZ. – Mark B Nov 10 '16 at 16:35
  • ... that.... what?! is this documented anywhere? also, is there a way to fix this issue? – blueberryfields Nov 10 '16 at 16:46
  • 1
    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html "For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. There's no way for you to coordinate Availability Zones between accounts." – Mark B Nov 10 '16 at 16:48

1 Answers1

1

Multiple AWS Accounts

If you are wanting to locate services in the same Availability Zone from different AWS accounts, you will need to determine how each account names each Availability Zone.

From Regions and Availability Zones:

An Availability Zone is represented by a region code followed by a letter identifier; for example, us-east-1a. To ensure that resources are distributed across the Availability Zones for a region, we independently map Availability Zones to identifiers for each account. For example, your Availability Zone us-east-1a might not be the same location as us-east-1a for another account. There's no way for you to coordinate Availability Zones between accounts.

Well, actually there is a way to coordinate it. There are two ways to determine AZ mapping between AWS accounts:

  • Contact AWS Support and ask which zones map to each other between the accounts, or
  • Look at Spot Pricing

Spot Pricing is per-AZ, so if you look at prices for Spot Instances in each account, you'll be able to figure out which AZs map to each other. Just pick an instance type and look for the same-shaped graph!

Guaranteeing traffic doesn't go over the Internet

If you refer to instances via the private IP address, then traffic will never go over the Internet. If your instances are in different AWS accounts and/or different VPCs, you can use VPC Peering to connect the VPCs together (even between different accounts). Then you can route traffic via private IP addresses and no traffic will flow over the Internet.

Rules for VPC Peering:

  • Same region
  • Non-overlapping IP addresses ranges
  • Can be from different AWS accounts
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470