My experience with AWS China


Given the global nature of Teracloud’s customers, we often need to learn new tricks or adapt our practices to different geographical locations. For the last several weeks I have been working for a client who has an application in AWS Cloud with users in both, USA and China. The process of setting up the infrastructure to provide an excellent user experience in both locations was challenging. This article aims to share my experience in this tricky endeavour.

You may wonder what is the difference between AWS China and the rest of the regions. To begin you cannot find AWS China in http://console.aws.amazon.com/ as a region that you can switch to. AWS China is completely separated from AWS global: there is no way to connect resources directly between AWS global and AWS China, even China’s IAM is separated from IAM global.


AWS China has two regions: Beijing (with 2 availability zones) operated by Sinnet, and Ningxia (with three availability zones), operated by NWCD. Amazon Web Services has collaborated with Chinese local partners to comply with China’s regulatory and legal requirements that they couldn’t satisfy on its own.


Let's see some of the main differences between AWS Global and AWS China:


There is no direct connection between AWS China regions and AWS global.

  • AWS China has its own domain.

  • The amount of service available in China is smaller compared to other regions. For example, at the time this publication was written, Fargate, EKS, EFS, AWS Secrets Manager, and many more are not available in AWS China.

  • The user accounts of AWS China are different from AWS global because are in a completely separated infrastructure.

  • AWS China has no access to global Route53 service.

Despite these differences, we still need to work with AWS China to service Chinese customers. So, as with any other service, it begins creating an account but it does not end here: your identity must be verified by the Chinese government before you may get access to AWS China Regions. Companies need to provide a valid Chinese business license called ICP license. Moreover, depending on the business you are operating in China, there might be others requirements.


At this point, you may say “Why should I bother? I can deploy in Singapore Region and have similar latency” and you will be right. But you are still on the wrong side of the Great Firewall of China. All traffic that enters and leaves mainland China must pass through the Great Firewall.


There are only three entry points on the Chinese Firewall. All traffic entering and leaving it is monitored by the government. Because of this, often there is congestion and packet loss, resulting in a poor user experience for our valuable Chinese customers.


You not only need to comply with Chinese regulations, but you also have to make major changes to your infrastructure configuration and your architecture to adapt to AWS China.


Do you want to learn more about AWS China's best practices? Contact us at Teracloud.io, we can assess you for free! Or just email our team member ben@teracloud.io.

Santiago Zurletti

DevOps Engineer

Teracloud.io



Entradas recientes