0

We have a service (using a lot of AWS components) which is hosted in us-west-1 AWS region. Now we have a requirement to host a database (mostly a ddb) in the eu-south-2 AWS region.

Someone told me that it's not ideal to host infra in different regions in the same AWS account and recommends we create different AWS accounts and then host the database in the eu-south-2 region there and then make a cross region call from our service in us-west-1 to the database in the other account in the eu-south-2 region.

The cross region call cannot be avoided since the database has to be in the us-west-1 region and the service also has to be in `us-west-1

I tried to find something online but wasn't able to find any suggestions on this, can anyone maybe help me in terms of why this might be a recommendation? or is it even a good recommendation? Should we just use the same AWS account?

iam.Carrot
  • 4,976
  • 2
  • 24
  • 71
  • You should ask the person who made the recommendation why. It's not uncommon to use AWS accounts as partitions between production and non-production workloads, but this is different. Also, you mentioned "mostly a ddb". Are you referring to DynamoDB or something else? – jarmod Dec 04 '22 at 16:38
  • @jarmod The person who told me was told by some senior engineer who has left so no one really knows. Yes I am referring to DynamoDB. About using prod & non-prod workloads I agree but regarding regions, would you reccommend it? – iam.Carrot Dec 04 '22 at 16:44
  • Potential reasons I can think of for wanting a database to be owned by another AWS account include a) it's a SaaS solution and each customer's DB needs to be in a different AWS account or b) for billing (chargeback to the account owner) purposes. It's a relatively uncommon model, in my experience. I'm assuming the table needs to be in a specific geography for data locality/sovereignty reasons (i.e. it's a compliance control, not a security control). – jarmod Dec 04 '22 at 16:50
  • By the way, I'm assuming that you're not intending to make this app multi-region or host a standalone instance in the eu-south-2 region, hence you have no choice but for it to be cross-region (regardless of which AWS accounts are in play). Also that you've considered DynamoDB global tables and it's not a fit, for whatever reason. – jarmod Dec 04 '22 at 17:04
  • @jarmod that's correct, the data needs to be there for compliance reasons and not security or any other reasons. And your assumptions would be correct and I do agree it's quite an uncommon thing to do and hence I am wondering what can potentially be the reason – iam.Carrot Dec 04 '22 at 17:14

0 Answers0