This chapter covers Amazon Aurora Global Database, a feature that allows you to create a single Aurora database that spans multiple AWS Regions with low-latency reads and disaster recovery capabilities. For the SAA-C03 exam, understanding Global Database is critical for designing resilient, multi-Region architectures. Expect 1-2 questions on this topic, testing your knowledge of failover mechanics, replication lag, and when to use Global Database vs. other replication options.
Jump to a section
Imagine a fleet of cargo ships crossing the Atlantic. The primary ship (primary AWS Region) carries the master manifest (database). Every few seconds, the primary ship broadcasts the latest manifest updates via radio (log streams) to all other ships (secondary Regions). Each secondary ship maintains its own copy of the manifest, updated within a minute of the primary's broadcast. If the primary ship hits an iceberg (regional outage), the fleet captain (automated failover) promotes the secondary ship with the most up-to-date manifest to become the new primary. The other ships then switch to receiving updates from the new primary. However, the ships cannot write new cargo entries into their own manifests; only the primary can accept writes. This ensures that all ships eventually have the same, consistent manifest. The radio broadcast uses a dedicated, low-latency channel (AWS Global Infrastructure) and is optimized to minimize bandwidth, sending only changes (redo logs) rather than full manifests. If a secondary ship falls behind (high lag), it can catch up by requesting missed log entries from the primary. This design provides a recovery point objective (RPO) of typically less than 1 second and a recovery time objective (RTO) of as little as 1 minute, without the complexity of managing multiple databases manually.
What is Amazon Aurora Global Database?
Amazon Aurora Global Database is a fully managed service that extends a single Aurora DB cluster across multiple AWS Regions. It provides disaster recovery from regional outages, low-latency global reads, and quick failover with a typical recovery point objective (RPO) of less than 1 second and recovery time objective (RTO) of as little as 1 minute. Unlike asynchronous replication at the database engine level, Aurora Global Database uses a dedicated, storage-layer replication channel that is independent of the database engine, resulting in minimal performance impact on the primary.
Why It Exists
Traditional cross-Region replication for RDS or self-managed databases often suffers from high latency, significant performance overhead on the primary, and complex failover procedures. Aurora Global Database solves these problems by:
Offloading replication to the storage layer, which uses dedicated infrastructure and is optimized for low-latency, high-throughput log shipping.
Providing automatic failover with a clear promotion process, reducing RTO.
Allowing secondary clusters to serve read traffic with minimal replication lag (typically <1 second under normal conditions).
How It Works Internally
Aurora Global Database leverages the Aurora storage architecture. Aurora separates the compute (database engine) from the storage (distributed storage volumes). Each Aurora cluster consists of a primary DB instance and up to 15 read replicas within the same Region. For Global Database, you add one or more secondary Regions, each containing a DB cluster that acts as a read-only replica. The replication is based on physical redo log shipping from the primary Region's storage layer to the secondary Regions' storage layers.
Here is the step-by-step mechanism: 1. On the primary DB instance, transactions generate redo log records. 2. The primary's storage layer (which is a distributed, multi-AZ storage system) writes these redo logs to local storage and also sends them to a global replication channel. 3. The global replication channel transmits the redo logs to the secondary Regions using AWS's global network backbone, which provides low-latency, high-bandwidth connectivity. 4. In each secondary Region, the storage layer receives the redo logs and applies them to the local storage volumes, making the data visible to the secondary DB instances. 5. Secondary DB instances can then serve read traffic from their local storage, with a replication lag typically under 1 second.
This architecture ensures that the database engine on the secondary does not have to process SQL statements for replication; it only needs to apply redo logs, which is much faster and more efficient.
Key Components, Values, Defaults, and Timers
Primary Region: The Region where the DB cluster accepts write operations. Only one primary Region per Global Database.
Secondary Regions: Up to 5 secondary Regions, each containing a read-only DB cluster.
Replication Lag: Typically less than 1 second under normal conditions, but can increase during high write loads or network issues. Monitored via the AuroraGlobalDBReplicationLag CloudWatch metric.
Failover: You can manually promote a secondary cluster to become the primary. This is done by removing the secondary from the Global Database and then promoting it. The process typically takes about 1 minute.
RPO: Less than 1 second (the replication lag).
RTO: As low as 1 minute for a planned promotion, but may be longer for unplanned failovers.
Supported Engines: Aurora MySQL and Aurora PostgreSQL.
Instance Classes: Any DB instance class supported by Aurora, but you can choose different instance classes in different Regions.
Storage: Provisioned storage up to 128 TiB per cluster.
Network: Replication uses AWS's global network, not the public internet. No VPN or Direct Connect required.
Cost: You pay for the DB instances and storage in each Region, plus data transfer costs for cross-Region replication (at standard AWS data transfer rates).
Configuration and Verification Commands
To create an Aurora Global Database using the AWS CLI:
# Create the primary DB cluster (example: Aurora MySQL)
aws rds create-db-cluster \
--db-cluster-identifier my-global-cluster \
--engine aurora-mysql \
--engine-version 8.0.mysql_aurora.3.02.0 \
--master-username admin \
--master-user-password password123 \
--global-cluster-identifier my-global-db
# Create the primary DB instance
aws rds create-db-instance \
--db-instance-identifier my-global-instance-1 \
--db-cluster-identifier my-global-cluster \
--engine aurora-mysql \
--db-instance-class db.r5.large
# Create a secondary region cluster (in us-west-2)
aws rds create-db-cluster \
--db-cluster-identifier my-global-cluster-secondary \
--engine aurora-mysql \
--engine-version 8.0.mysql_aurora.3.02.0 \
--global-cluster-identifier my-global-db \
--region us-west-2
# Create secondary DB instance
aws rds create-db-instance \
--db-instance-identifier my-global-instance-2 \
--db-cluster-identifier my-global-cluster-secondary \
--engine aurora-mysql \
--db-instance-class db.r5.large \
--region us-west-2To verify the Global Database status:
aws rds describe-global-clusters --global-cluster-identifier my-global-dbThe output includes GlobalClusterMembers showing the primary and secondary clusters, their status, and replication lag information.
How It Interacts with Related Technologies
Aurora Replicas: Within a Region, you can still have up to 15 Aurora Replicas for read scaling and fast failover. Global Database is separate from these.
Aurora Serverless: Global Database does not support Aurora Serverless v1. It supports Aurora Serverless v2 for both primary and secondary clusters.
Aurora Multi-Master: Global Database is not compatible with multi-master clusters.
AWS Backup: You can back up the primary and secondary clusters independently using AWS Backup or automated backups.
AWS DMS: You can use AWS DMS to migrate data into a Global Database, but ongoing replication is handled by Global Database itself.
Route 53: For global traffic routing, you can use Route 53 latency-based routing or geolocation routing to direct read traffic to the nearest secondary Region.
CloudFormation: You can automate Global Database deployment using AWS CloudFormation templates.
Exam-Specific Details
The SAA-C03 exam tests your understanding of when to use Aurora Global Database versus other options like cross-Region read replicas, Multi-AZ, or database snapshots. Key points:
Global Database is for disaster recovery and low-latency global reads.
It provides RPO < 1 second and RTO ~ 1 minute.
Replication is asynchronous at the storage layer.
Only the primary region accepts writes; secondary regions are read-only.
You can have up to 5 secondary regions.
Failover is manual (you must promote a secondary cluster).
No performance impact on the primary for replication.
Not suitable for write scaling; for that, consider multi-master or sharding.
Common Exam Scenarios
Disaster Recovery: A company wants to recover from a regional outage with minimal data loss (RPO < 1 second) and fast recovery (RTO < 5 minutes). Answer: Aurora Global Database.
Global Read Scaling: An application has users worldwide and needs low-latency reads. Answer: Deploy secondary Regions in user locations and use Route 53 to route reads.
Regulatory Compliance: Data must remain in a specific country for writes, but read replicas can be in other regions. Global Database allows write in one region and reads in others.
Pitfalls and Traps
Do not confuse with Multi-AZ: Multi-AZ is for high availability within a region; Global Database is for cross-region disaster recovery.
Do not expect automatic failover: Failover is manual; you must initiate promotion.
Replication lag is not zero: While typically <1 second, it can spike. Applications must be tolerant of eventual consistency for reads from secondaries.
Costs: Data transfer costs for cross-region replication can be significant; consider if you need all that data replicated.
Engine version compatibility: Both primary and secondary must use the same engine version; verify compatibility before creating.
Performance Considerations
Write workload impact: Replication is offloaded to storage, so write performance on the primary is minimally affected. However, high write volumes can increase replication lag.
Read workload: Secondary clusters can handle read traffic independently, providing global read scaling.
Network latency: Replication latency depends on the physical distance between regions. Choose regions with good connectivity (e.g., within same continent).
Instance sizing: Secondary clusters can have different instance classes than the primary, allowing cost optimization for read-only workloads.
Security and Compliance
Encryption: Global Database supports encryption at rest using AWS KMS. If the primary cluster is encrypted, the secondary cluster must also be encrypted, possibly with a different KMS key.
Network isolation: Each cluster can be placed in its own VPC. Use VPC peering or Transit Gateway for cross-region connectivity if needed, but replication uses AWS internal network.
IAM: Use IAM policies to control who can create and manage Global Databases.
Audit: Use CloudTrail to log API calls related to Global Database.
Summary
Aurora Global Database is a powerful feature for building globally distributed applications with disaster recovery and low-latency reads. On the SAA-C03 exam, focus on its use cases, replication mechanism, failover process, and how it differs from other Aurora features. Remember the key numbers: up to 5 secondary regions, RPO < 1 second, RTO ~ 1 minute, and manual failover.
Create Primary Cluster
You start by creating an Aurora DB cluster in the primary Region. This cluster will handle all write operations. You specify the engine (Aurora MySQL or PostgreSQL), version, instance class, and storage. You also assign a global cluster identifier, which will be used to link secondary clusters. The primary cluster must be created with a unique global identifier. During creation, you can also enable encryption, backup retention, and other settings. The primary cluster can have up to 15 Aurora Replicas within the same Region for local read scaling and fast failover, but these are separate from the global secondary clusters.
Add Secondary Regions
After the primary cluster is active, you add secondary Regions by creating new Aurora clusters that are associated with the same global cluster identifier. Each secondary cluster is created in a different AWS Region. You specify the same engine version as the primary. The secondary cluster will be read-only initially. You can choose different instance classes and storage sizes for cost optimization. The secondary cluster's storage is automatically populated with data from the primary via redo log shipping. You can add up to 5 secondary Regions.
Replication Mechanism
Once secondary clusters are created, the storage layer in the primary Region begins streaming redo logs to the secondary Regions. This is done using a dedicated, optimized channel over AWS's global network. The redo logs are applied to the secondary's storage volumes continuously. The secondary DB instances are updated asynchronously, meaning they may see data that is slightly behind the primary. The replication lag is typically less than 1 second but can vary. You can monitor lag using the `AuroraGlobalDBReplicationLag` CloudWatch metric.
Read from Secondaries
Applications can connect to secondary clusters and perform read-only queries. This provides low-latency reads for users close to the secondary Region. You can use Route 53 latency-based routing or geolocation routing to direct read traffic to the nearest secondary. Write operations are only possible on the primary cluster. Attempting to write to a secondary will result in an error. This architecture ensures data consistency across regions.
Failover Process
In the event of a regional outage or planned maintenance, you can promote a secondary cluster to become the new primary. This is a manual process. You remove the secondary from the Global Database using the `remove-from-global-cluster` API, which detaches it. Then you promote it using the `promote-read-replica` operation. The promoted cluster becomes a standalone cluster that accepts writes. The old primary, if available, becomes a read-only replica. Other secondary clusters will automatically start replicating from the new primary. The failover typically takes about 1 minute, with RPO less than 1 second.
Enterprise Scenario 1: Global Social Media Application
A social media company with users in North America, Europe, and Asia needs low-latency read access for user feeds and profiles. They use Aurora Global Database with a primary cluster in us-east-1 (Virginia) and secondary clusters in eu-west-1 (Ireland) and ap-southeast-1 (Singapore). User writes are always directed to us-east-1, but reads are served from the nearest secondary using Route 53 latency-based routing. This reduces read latency from 300ms to under 50ms for users in Asia. The replication lag is typically 0.5 seconds, which is acceptable for their use case (feeds do not need to be instantly consistent). During a major outage in us-east-1, they manually promote the eu-west-1 cluster to primary, with an RTO of 2 minutes and minimal data loss (RPO < 1 second). They have automated this failover using AWS Lambda and CloudWatch alarms.
Enterprise Scenario 2: Financial Services Compliance
A bank must keep customer transaction data within the US for regulatory reasons, but they have a disaster recovery site in Canada. They use Aurora Global Database with the primary cluster in us-east-1 and a secondary cluster in ca-central-1. The secondary cluster is used for disaster recovery only; read traffic is not served from it to avoid any potential compliance issues. They test failover quarterly by promoting the secondary and then failing back. They monitor replication lag closely and have alerts if lag exceeds 5 seconds. They also encrypt both clusters with AWS KMS keys specific to each region. The bank achieves an RPO of less than 1 second and an RTO of 1 minute for their most critical database.
Common Misconfigurations
Forgetting to monitor replication lag: Some teams assume lag is always negligible. During high write loads, lag can spike to several seconds, causing stale reads. Always set CloudWatch alarms on AuroraGlobalDBReplicationLag with a threshold appropriate for your application (e.g., 2 seconds).
Not testing failover: Many organizations configure Global Database but never test the failover process. When a real outage occurs, they discover that the promotion fails due to missing permissions or network issues. Regular failover drills are essential.
Using different engine versions: The primary and secondary clusters must use the same engine version. If you upgrade the primary, you must also upgrade the secondary. Failure to do so will cause replication to stop.
Ignoring data transfer costs: Cross-region data transfer can be expensive. If you replicate terabytes of data per day, costs can add up. Consider whether you need all that data replicated or if you can use a subset.
Performance at Scale
At scale, Global Database can handle write workloads of up to hundreds of thousands of writes per second, depending on instance size. The replication channel is designed to keep up with high write volumes, but in extreme cases, you may see increased lag. To mitigate, you can use larger instance classes for the primary or reduce the number of secondary Regions. Also, consider using Aurora MySQL's parallel query or Aurora PostgreSQL's parallel execution to reduce write amplification.
What SAA-C03 Tests
The SAA-C03 exam tests your ability to choose the right disaster recovery and global read scaling solution. Specific objectives under Domain 2 (Resilient Architectures) include: - 2.3: Implement disaster recovery for multiple AWS Regions. - 2.4: Implement high availability and scaling.
For Aurora Global Database, the exam expects you to know:
Use cases: disaster recovery with RPO < 1 second and RTO ~ 1 minute, low-latency global reads.
Limitations: only one primary region, read-only secondaries, manual failover.
Comparison with Multi-AZ, cross-Region read replicas, and database snapshots.
Common Wrong Answers and Why Candidates Choose Them
Choosing Multi-AZ for cross-region disaster recovery: Candidates see "high availability" and assume Multi-AZ works across regions. In reality, Multi-AZ is within a single region. Global Database is the correct cross-region solution.
Expecting automatic failover: Many think Global Database fails over automatically like Multi-AZ. It does not; failover is manual. Candidates may choose "automatically promotes a secondary" — wrong.
Assuming secondaries can accept writes: Some think all clusters in a Global Database are writable. Only the primary accepts writes; secondaries are read-only.
Confusing with cross-Region read replicas: RDS cross-Region read replicas are asynchronous and can have higher lag (seconds to minutes). Global Database has lower lag and faster failover.
Specific Numbers and Terms on the Exam
Up to 5 secondary regions: Memorize this.
RPO < 1 second: This is a key selling point.
RTO ~ 1 minute: For manual failover.
Storage layer replication: The mechanism that offloads replication from the database engine.
Manual failover: The process of promoting a secondary.
Edge Cases and Exceptions
Global Database does not support Aurora Serverless v1: It supports Serverless v2 for both primary and secondary.
Global Database is not compatible with Multi-Master: You cannot have multiple writable nodes across regions.
Encryption requirements: If the primary is encrypted, the secondary must also be encrypted. The KMS key can be different per region.
Engine version mismatch: Both clusters must use the same engine version; otherwise, replication fails.
How to Eliminate Wrong Answers
If the question mentions "automatic failover" for cross-region, eliminate Global Database and look for Multi-AZ (but Multi-AZ is not cross-region). So the correct answer may be "manual failover" or "Global Database with manual promotion."
If the question asks for "zero RPO", Global Database cannot guarantee zero RPO; it is <1 second. For zero RPO, you would need synchronous replication, which is not available across regions.
If the question mentions "write scaling across regions", Global Database is not suitable; consider sharding or multi-master (which is not supported).
Aurora Global Database provides cross-region disaster recovery with RPO < 1 second and RTO ~ 1 minute.
You can have up to 5 secondary regions, each with a read-only cluster.
Replication is asynchronous at the storage layer, minimizing performance impact on the primary.
Failover is manual; you must promote a secondary cluster to become the new primary.
Only the primary region accepts writes; secondary regions are read-only.
Global Database supports Aurora MySQL and PostgreSQL, but not Aurora Serverless v1 or Multi-Master.
Use Route 53 latency-based routing to direct read traffic to the nearest secondary region.
Monitor replication lag using the `AuroraGlobalDBReplicationLag` CloudWatch metric.
Cross-region data transfer costs apply; consider cost when designing multi-region architectures.
Both primary and secondary clusters must use the same engine version.
These come up on the exam all the time. Here's how to tell them apart.
Aurora Global Database
Replication at storage layer; minimal performance impact on primary
Typical lag < 1 second
RTO ~ 1 minute (manual failover)
Supports up to 5 secondary regions
Requires Aurora engine (MySQL or PostgreSQL)
Cross-Region Read Replicas (RDS)
Replication at engine level; can impact primary performance
Lag can be seconds to minutes
RTO depends on promotion time (minutes)
Up to 5 replicas per source, but can be in different regions
Works with RDS MySQL, PostgreSQL, MariaDB, Oracle, SQL Server
Aurora Global Database
Cross-region disaster recovery
Asynchronous replication
Manual failover
Read-only secondaries can serve read traffic
RPO < 1 second, RTO ~ 1 minute
Multi-AZ (RDS or Aurora)
Single region, multiple AZs
Synchronous replication (standby is up-to-date)
Automatic failover
Standby cannot serve read traffic (unless Aurora Multi-AZ with reader endpoint)
RPO = 0, RTO ~ 1-2 minutes
Mistake
Aurora Global Database provides automatic failover across regions.
Correct
Failover is manual. You must promote a secondary cluster to become the new primary. There is no automatic cross-region failover.
Mistake
Secondary clusters in a Global Database can accept write operations.
Correct
Only the primary cluster accepts writes. Secondary clusters are read-only. Any attempt to write to a secondary will fail.
Mistake
Global Database replication is synchronous, guaranteeing zero data loss.
Correct
Replication is asynchronous, with a typical lag under 1 second. This gives an RPO of less than 1 second, not zero.
Mistake
You can have unlimited secondary regions with Global Database.
Correct
You can have up to 5 secondary regions. This is a hard limit.
Mistake
Global Database is the same as cross-Region read replicas for RDS.
Correct
Global Database uses a different replication mechanism (storage layer log shipping) and provides lower lag and faster failover. RDS cross-Region replicas use asynchronous replication at the engine level.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Aurora Global Database is for cross-region disaster recovery and global reads, with asynchronous replication and manual failover. Multi-AZ is for high availability within a single region, with synchronous replication and automatic failover. Global Database can have up to 5 secondary regions, while Multi-AZ is typically 2-3 AZs.
No. Secondary clusters are read-only. Only the primary cluster accepts write operations. If you need write capacity in multiple regions, consider sharding or using a multi-master setup (not supported by Global Database).
Typically less than 1 second under normal conditions. However, lag can increase during high write loads or network issues. You can monitor it using the `AuroraGlobalDBReplicationLag` CloudWatch metric.
Failover is manual. You remove the secondary cluster from the Global Database using the `remove-from-global-cluster` API, then promote it using the `promote-read-replica` operation. The promoted cluster becomes a standalone writable cluster. Other secondaries will automatically start replicating from the new primary.
Aurora Global Database supports Aurora Serverless v2 for both primary and secondary clusters. It does not support Aurora Serverless v1.
You can have up to 5 secondary regions in addition to the primary region.
Since replication is asynchronous, there is a possibility of losing the last few transactions that had not yet been replicated at the time of failover. The RPO is typically less than 1 second.
You've just covered Aurora Global Database — now see how well it sticks with free SAA-C03 practice questions. Full explanations included, no account needed.
Done with this chapter?