-
Create 2 buckets with static website hosting enabled and ensure Cross-Region Replication is enabled and objects are being replicated to the destination bucket.
-
Create a CloudFront Distribution and use primary S3 bucket as the origin.
-
Create a new R53 health check targeting CNAME of CF distribution (d123456789.cloudfront.net works as well) including path of health check object (eg. d123456789.cloudfront.net/healthcheck.txt)
-
Expand Advanced Configuration under Health Check and set request interval of Standard (30 sec) and Failure Threshold of at least 3.
-
Create a new Alarm and select an existing or a new SNS Topic (must be in US-EAST-1 region)
-
Create a new Lambda Function in any region other than US-EAST-1 using the s3_site_failover.py.
-
Create a new SNS trigger for the Lambda Function using CLI commands below.
-
Create a new SNS subscription for Lambda Function:
aws sns subscribe --topic-arn "YourSNSTopicARN" --protocol lambda --notification-endpoint "YourLambdaARN" --region "us-east-1"
-
Create Lambda invoke permissions for SNS to invoke function:
aws lambda add-permission --function-name "YourLambdaARN" --statement-id "HealthCheck_SNS_Lambda" --action "lambda:InvokeFunction" --principal "sns.amazonaws.com" --source-arn "YourSNSTopicARN"
-
-
Ensure both bucket policies allow for public read access on the bucket.
-
Upload a new error.html page into source bucket to avoid seeing 403 response for URI queries for non-existent objects.
S3 -> Bucket -> Properties -> Static website hosting -> Error document
-
Upload a health check object into Original S3 bucket with cache control header set to no-cache (this will help negate false positives with R53 healthcheck):
aws s3 cp "local/path/healthcheck.txt" "s3://bucketName/healthcheck.txt" --cache-control no-cache
-
Simulate a bucket failure by changing the permission or deleting the health check object. This will result in R53 health check failure and triggering SNS/Lambda for the failover procedure.