- Newest
- Most votes
- Most comments
This question requires more details and discussions but I can try to give some guidance here.
You typically define the RTO for a workload and set an objective agreed with the business owners to recover in X minutes/hours. If the 10000 instances you are referring to are part of the same workload and all of these instances are required for your workload/business to function, then the RTO may be the same for all. In this case, you can deploy these instances across Multiple AZs and have a way to isolate traffic to the impaired AZ. Static stability is an important concept here as well: if you need 10000 instances for your application/workload to operate and if an AZ is impaired, then you should still have a total of 10000 instances in the remaining AZs. You should avoid provisioning new capacity in a new AZ to recover. Here is a nice read on this: https://docs.aws.amazon.com/whitepapers/latest/advanced-multi-az-resilience-patterns/multi-az-recovery-patterns.html
Hope it helps,
Jon
If an entire Availability Zone is completely wiped out and is not recoverable, the Recovery Time Objective (RTO) for services running in that zone will depend on various factors such as the complexity of the system, level of redundancy and the recovery plan in place. It's important to have a disaster recovery plan that includes multi-region architectures to reduce the impact of such events. In summary, the RTO for such events varies and having a well-documented disaster recovery plan in place can help ensure a fast and effective response.
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
If we created 10000 EC2 (with tier 0 recovery plan) in that failed AZ, is the same RTO applied to that 10000 EC2?
He's asking about a single AZ being permanently lost. You don't need multiple regions to recover from an AZ destruction.