Plan for resilience in Amazon Private CA
The Amazon global infrastructure is built around Amazon Regions and Availability Zones. Amazon Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For more information about Amazon Regions and Availability Zones, see Amazon Global
Infrastructure
Redundancy and disaster recovery
Consider redundancy and DR when planning your CA hierarchy. Amazon Private CA is
available in multiple Regions, which
allows you to create redundant CAs in multiple Regions. The Amazon Private CA service
operates with a service level agreement
-
You can create two root CAs in two different Amazon Regions for redundancy and disaster recovery. With this configuration, each root CA operates independently in an Amazon Region, protecting you in the event of a single-Region disaster. Creating redundant root CAs does, however, increase operational complexity: You will need to distribute both root CA certificates to the trust stores of browsers and operating systems in your environment.
-
You can also create redundant subordinate CAs to deploy in each of your Amazon Regions, and chain them to the same unique root CA in a single Amazon Region. The benefit of this approach is that you need to distribute only a single root CA certificate to the trust stores in your environment. The limitation is that you don’t have a redundant root CA in the event of a disaster that affects the Amazon Region in which your root CA exists.