Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

What are the AWS-recommended production approach to recover Apache Iceberg tables in another region after regional disruption?

0

We need a production-safe DR approach for Apache Iceberg tables after losing effective use of our primary AWS region me-central-1, during the recent disruption. We copied the full S3 contents of our Iceberg tables to ap-south-2, including data/ and metadata/, and recreated the Glue databases there. We then tried:

  1. Rewriting the copied Iceberg metadata so absolute me-central-1 S3 paths point to ap-south-2.
  2. Recreating Glue tables in ap-south-2
  3. Manually setting metadata_location
  4. Using the exact source metadata_location from me-central-1 for some tables

This worked partially, but not reliably for tables that had UPDATE / DELETE / MERGE. For one such table, DR still does not match source behavior even after restoring the source metadata pointer and copying related metadata files. We are not happy with this approach because it does not feel production safe.

We also hit these Glue runtime limitations:

  • CALL glue_catalog.system.register_table(...) fails with UnsupportedOperationException because as per the aws documentation The backend catalog is AWS Glue Catalog, and Glue’s Iceberg catalog implementation does not support registerTable.
  • CALL glue_catalog.system.rewrite_table_path(...) is not working as expected in cross region rewriting

We want one clear AWS-recommended solution that works for all Iceberg table types in DR, without custom table-by-table fixes or data-cleaning logic. Our questions are:

  1. What are the AWS-recommended production DR pattern for cross-region Iceberg recovery?
  2. What single approach works for both append-only and update/delete tables?
  3. Is manual metadata_location update safe?
  4. Is there an AWS-supported way to relocate Iceberg tables correctly, including snapshots, manifests, and delete files?
  5. We are looking for one supported recovery path that can be used consistently across all tables.
Topics
Analytics
Tags
AWS Glue
Language
English
asked 2 months ago152 views
3 Answers
6

I do not 100% agree with the previous answer as it misses the root cause of why your UPDATE/DELETE tables are failing: Iceberg metadata stores absolute S3 URIs. The recommended path is:

1. Stop manual path rewriting:

rewrite_table_path is not designed for cross-region DR of complex tables with delete files. Manual metadata edits are not production-safe.

2. Use Managed Glue Catalog Replication:

Instead of register_table (which has known "Glue backend limitations"), use the native AWS Glue Data Catalog replication feature to sync metadata automatically between regions.

3. Ensure Consistent S3 URIs:

Use S3 Aliases in different accounts. This ensures that the absolute paths inside Iceberg’s manifests (e.g., s3://my-bucket/path/) remain valid in the DR region without any "path rewriting."

„Iceberg doesn’t support relative paths, but you can use MRAP to perform Amazon S3 operations by mapping buckets to access points.„

source: https://docs.aws.amazon.com/prescriptive-guidance/latest/apache-iceberg-on-aws/best-practices-workloads.html#workloads-replication

see also:

4. For existing data:

If paths must change, the only supported way to relocate is the Spark-based CALL glue_catalog.system.snapshot in the target region, which creates a consistent local metadata set.

So, move to S3 CRR + Managed Glue Catalog Replication with consistent S3 URIs for a "zero-touch" failover that supports all operation types.

see also:

EXPERT
answered 2 months ago
  • Brian Kepha
    2 months ago

    This is insightful

  • SadhDeshm
    2 months ago

    We already have a full copy of the S3 bucket in our DR region ap-south-2(HYD). This bucket copy was created earlier as part of AWS-recommended disaster recovery preparation. My question is only about the current recovery path for this existing setup: What exact AWS-supported steps do we need to follow so that the databases, tables, and records in HYD appear exactly the same way they appeared in me-central-1(UAE)? In our case:

    1. source region was UAE
    2. full S3 bucket contents are already copied to HYD
    3. Glue databases/tables do not automatically appear in HYD

    So, I am specifically asking for the supported failover steps for an already copied DR bucket:

    1. How do we make the Glue databases and Iceberg tables visible in HYD?
    2. How do we make the records appear exactly as they appeared in UAE, including tables with snapshots/delete files?
    3. What is the supported recovery approach when the S3 bucket copy already exists but the S3 URIs are now different between source and DR?

    Also, regarding the suggestion to use Managed Glue Catalog Replication: I could not find an official AWS document describing this as a built-in managed service or feature. The AWS Prescriptive Guidance page seems to point to either:

    1. A replication utility/pipeline from GitHub, or
    2. Registering tables in the secondary region at failover If there is an official AWS-managed Glue Catalog replication feature for this use case, could you please share the exact documentation link?
4

Regarding your last comment: You are looking for a "point-and-click" recovery path for data that has already been moved, but you are running into the fundamental way Apache Iceberg handles metadata.To address your specific situation in ap-south-2 (HYD) with your existing S3 copy:

1. Why your current approach is failingIceberg stores absolute S3 URIs inside its manifest files.

Even if you copy the files to a new bucket and update the metadata_location in Glue, the internal manifests still point to me-central-1. This is why tables with UPDATE/DELETE/MERGE (which rely on complex hidden delete files) are failing—the pointers are physically broken.

2. The "Supported" Recovery Path for Existing Data

Since your URIs have changed, there is no "zero-touch" way to make the tables work by just clicking a button in Glue. You have two options for your existing copy:

  • Option A: The snapshot Procedure (Recommended for Consistency): The only AWS-supported way to "re-base" an Iceberg table to a new S3 path (without MRAP) is using the Spark-based procedure: CALL glue_catalog.system.snapshot(source_table => '...', table => '...', location => 's3://your-new-hyd-bucket/...') . This creates new metadata pointing to the HYD paths while preserving the data state.

  • Option B: register_table (The "Manual" Way): You can use CALL glue_catalog.system.register_table(...) by pointing it to the specific metadata.json file in your HYD bucket.

Note: If register_table fails with UnsupportedOperationException, it is often due to the specific Glue optimistic locking version or Spark environment you are using. In this case, you must recreate the table manually in Glue pointing to the new metadata_location.

3. Regarding "Managed Glue Catalog Replication"

You are correct to be skeptical:** There is NO native "one-click" managed service for Glue Iceberg replication in the console like there is for S3.**

  • When experts refer to "Managed Replication," they are referring to the AWS Glue Data Catalog replication utilities (often Lambda-based or Glue-ETL patterns) described in AWS Prescriptive Guidance.
  • This is exactly why AWS recommends S3 Multi-Region Access Points (MRAP) for production. With MRAP, the S3 URI (e.g., s3://mrap-alias/...) is identical in both regions. This avoids the "path rewriting" nightmare you are currently facing.

In short - for your HYD environment:

  1. Stop manual metadata edits; they are not production-safe.
  2. Use the snapshot procedure in Spark to correctly register the existing data into the HYD Glue Catalog with the correct local paths.
  3. For future tables, implement S3 MRAP to ensure that a regional failover requires zero metadata manipulation.

Does that answer your question?

Official AWS References for your Case:

EXPERT
answered 2 months ago
1

The AWS-recommended production approach for cross-region disaster recovery of Apache Iceberg tables is to implement proactive replication rather than reactive recovery after a disruption. Here's the recommended solution:

Recommended Production DR Pattern:

Set up Cross-Region Replication (CRR) with Amazon S3 Multi-Region Access Points (MRAP) before a regional disruption occurs. This architecture involves:

  1. Create tables using the MRAP location from the start - this ensures that Iceberg metadata files point to the MRAP location instead of physical bucket locations, avoiding the path rewriting issues you encountered.

  2. Enable Amazon S3 MRAP for automatic replication - MRAP supports data replication with a 15-minute SLA, and Iceberg's design prevents read operations from introducing inconsistencies during replication.

  3. Make tables available in the secondary region's AWS Glue Data Catalog through one of two methods:

  • Set up an event-driven pipeline for replicating Iceberg table metadata using AWS Glue Data Catalog replication utilities
  • Register tables in the secondary region when you need to fail over using the register_table procedure, pointing it to the latest metadata.json file

Addressing Your Specific Questions:

  1. The production DR pattern is proactive MRAP-based replication, not post-disruption copying and metadata manipulation.

  2. This single approach works for all Iceberg table types (append-only and update/delete/merge) because it replicates the complete Iceberg metadata structure including snapshots, manifests, and delete files without modification.

  3. Manual metadata_location updates are not safe for production use, especially for tables with UPDATE/DELETE/MERGE operations, as you've discovered. These operations create complex metadata structures with delete files and position delete records that cannot be safely relocated through simple path rewriting.

  4. The register_table procedure is the AWS-supported way to make existing Iceberg tables visible in AWS Glue, but it requires the metadata to already exist at the correct S3 location. The procedure should point to the actual metadata.json file location in your secondary region.

Critical Issue with Your Current Approach:

Your post-disruption copying and metadata rewriting approach is fundamentally incompatible with how Iceberg manages ACID transactions and metadata. The rewrite_table_path limitation you encountered exists because AWS Glue's Iceberg catalog implementation doesn't support certain operations that would be required for safe cross-region path rewriting.

Going Forward:

To implement production-safe DR, you need to establish the MRAP-based replication architecture prospectively. For your current situation with already-copied data, the most reliable path is to use register_table with the copied metadata files in ap-south-2, but understand this is a recovery measure, not the recommended production pattern. For true production safety, implement MRAP-based replication for future protection.
Sources
Using Iceberg workloads in Amazon S3 - AWS Prescriptive Guidance
Enterprise scale in-place migration to Apache Iceberg: Implementation guide | AWS Big Data Blog

answered 2 months ago
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content