9.5 Deploying Access Manager in Multiple AWS Regions

You can deploy Access Manager components across different AWS regions. You can use Amazon Virtual Private Cloud (VPC) peering service to communicate among Access Manager components and AWS resources deployed in different VPCs in different AWS regions. Deploying Access Manager across different AWS regions provides the following benefits:

  • High Availability: Deploying Access Manager components in multiple regions ensures availability even when a region is unavailable.

  • Reduced Latency: Deploying Access Manager components in a region where majority of users reside reduces the latency.

  • Compliance Requirements: Some regions require local data hosting. Deploying Access Manager components in a region allows you to adhere to regional compliance requirements.

The following diagram illustrates the recommended Access Manager deployment in a multiple AWS regions:

Figure 9-1 Deployment of Access Manager in Multi-Region AWS

You can deploy the following components in a multi-region environment:

  • Administration Console

  • Identity Server

  • Access Gateway

  • LDAP user store

  • Web servers

NOTE:You can deploy all Access Manager components in different regions. However, you must determine the need of this solution in before you deploy this solution.

Use the following AWS services to allow communication among Access Manager components:

  • Route 53: Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. It provides features such as domain name resolution, latency based routing, Geo DNS, Amazon ELB integration, and DNS Failover. These services help you to enable the multi region deployment of Access Manager components and resources.

    For more information, see Amazon Route 53.

  • VPC Peering: Access Manager components are deployed in AWS VPCs. These VPCs are local to specific regions. To enable communication across VPCs available in multiple regions, VPC Peering is required between two VPCs from two different regions.

    For more information about VPC peering and how to configure it, see What is VPC peering.

Limitation

Auto scaling Access Manager on AWS is not supported in a multi-region deployment environment. For information about auto scaling of Access Manager, see Auto Scaling Access Manager on AWS.