Planning for resilience - Amazon Private Certificate Authority
Redundancy and disaster recovery
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Planning for resilience

The Amazon global infrastructure is built around Amazon Regions and Availability Zones. Amazon Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.

For more information about Amazon Regions and Availability Zones, see Amazon Global Infrastructure.

Redundancy and disaster recovery

Consider redundancy and DR when planning your CA hierarchy. Amazon Private CA is available in multiple Regions, which allows you to create redundant CAs in multiple Regions. The Amazon Private CA service operates with a service level agreement (SLA) of 99.9% availability. There are at least two approaches that you can consider for redundancy and disaster recovery. You can configure redundancy at the root CA or at the highest subordinate CA. Each approach has pros and cons.

  1. You can create two root CAs in two different Amazon Regions for redundancy and disaster recovery. With this configuration, each root CA operates independently in an Amazon Region, protecting you in the event of a single-Region disaster. Creating redundant root CAs does, however, increase operational complexity: You will need to distribute both root CA certificates to the trust stores of browsers and operating systems in your environment.

  2. You can also create redundant subordinate CAs to deploy in each of your Amazon Regions, and chain them to the same unique root CA in a single Amazon Region. The benefit of this approach is that you need to distribute only a single root CA certificate to the trust stores in your environment. The limitation is that you don’t have a redundant root CA in the event of a disaster that affects the Amazon Region in which your root CA exists.