Statement
I do have a website that has a single page application hosted in S3, and a web service hosted in AWS Lambda. To avoid cross-site requests, both share the same domain, and I route the requests on an Application Load Balancer behind a PrivateLink (Interface VPC Endpoint).
The whole thing looks like this:
[Request] --> [Application Load Balancer] +--> [AWS Lambda]
|
+--> [VPC Endpoint] -> [S3]
For this setup to work, the S3 bucket must have the same name as the domain that's served. So I can only have a single S3 bucket serving.
Challenge
But now, I want to run the AWS Lambda in two regions.
Failed Approaches
Duplicate whole stack
I could replicate the whole stack in another region and use Route53 to balance traffic, however S3 won't work because of the restriction I mentioned in the previous paragraph: since the bucket name must match the host part of the URL, and bucket names are unique, I cannot create a bucket with the same name in the secondary region.
Duplicate everything but S3
This also doesn't work. When I try to access the static files, the VPC Endpoint will try to access S3 through a regional rc-zone-# url, and that won't work, since the bucket is in another region.
Use the VPC Endpoint from the foreign region in the ALB
You can use an IP from a different VPC in an ALB, as long as it's in the same region. So no cigar.
Questions
- Is there a way to make my setup cross-region, at least for the Lambda functions? Is cross-region VPC Peering my solution? What else I need to do once I have VPC peering set up?
- Is there another way to achieve my original goal (internal-only website, statically hosted in S3, same (vanity) domain as the lambda functions, with lambdas with region redundancy) that I didn't think of?
