2

From aws doc :

An Availability Zone is represented by a Region code followed by a letter identifier; for example, us-east-1a. To ensure that resources are distributed across the Availability Zones for a Region, we independently map Availability Zones to names for each AWS account. For example, the Availability Zone us-east-1a for your AWS account might not be the same location as us-east-1a for another AWS account.

To coordinate Availability Zones across accounts, you must use the AZ ID, which is a unique and consistent identifier for an Availability Zone. For example, use1-az1 is an AZ ID for the us-east-1 Region and it has the same location in every AWS account.

SO I have 2 accounts where I wanted to check this and I got the same output in both the accounts

aws ec2 describe-availability-zones --region us-west-2
{
    "AvailabilityZones": [
        {
            "State": "available", 
            "ZoneName": "us-west-2a", 
            "Messages": [], 
            "ZoneId": "usw2-az1", 
            "RegionName": "us-west-2"
        }, 
        {
            "State": "available", 
            "ZoneName": "us-west-2b", 
            "Messages": [], 
            "ZoneId": "usw2-az2", 
            "RegionName": "us-west-2"
        }, 
        {
            "State": "available", 
            "ZoneName": "us-west-2c", 
            "Messages": [], 
            "ZoneId": "usw2-az3", 
            "RegionName": "us-west-2"
        }, 
        {
            "State": "available", 
            "ZoneName": "us-west-2d", 
            "Messages": [], 
            "ZoneId": "usw2-az4", 
            "RegionName": "us-west-2"
        }
    ]
}

So how do I verify if I create 2 resources in both accounts and chooses us-west-2a for both of them they are not created in the same location because both of them map to usw2-az1

I am sure I am missing something fundamental

Thanks Kumar

Kumar Madduri
  • 135
  • 1
  • 2
  • 8

2 Answers2

1

Basically if you're trying to keep them in sync you would need to create subnets based only on the ZoneID.

The availability zone name will differ between accounts so you will not have control over this between the account.

If both of the subnets your resources reside in map to an availability zone with the same zone id, then these resources will be located within the same logical data centre.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • Hi Chris:Thanks for the answer. I am not trying to place the resources in the same data centre. I however did not understand how AWS would place my resources in a different data center based on the mapping above (because I ran the above command in 2 different accounts) and got the same mapping. So my ec2 instance on account 1 should be created in a different data center and ec2 instance on account 2 should be created in another data center eventhough I specify us-west-2a in both cases. How do I verify that? – Kumar Madduri Aug 06 '20 at 13:35
  • If the zone id is the same, for the same zone name in both accounts then it is the same. The zone name is simply a label that is assigned to one of the AZs when your account is created, it maps to the zone id. You can also access this information from the AWS console in the VPC service when inspecting your subnets I believe – Chris Williams Aug 06 '20 at 14:21
0

AWS have created the following repo to help people align AZs across accounts:

https://github.com/aws-samples/multi-account-az-mapping

Michael Armitage
  • 1,502
  • 19
  • 17