How to host an multi region api in aws?

Thanks for checking. Some of these resources and reference architecture will provide good background from a serverless standpoint

1. https://docs.aws.amazon.com/architecture-diagrams/latest/multi-region-api-gateway-with-cloudfront/multi-region-api-gateway-with-cloudfront.html
2. https://d1.awsstatic.com/architecture-diagrams/ArchitectureDiagrams/aws-reference-architecture-multi-region-cloudfront-api-gateway-ra.pdf
3. This is a good re:Invent presentation : https://d1.awsstatic.com/events/reinvent/2019/REPEAT_1_Best_practices_for_building_multi-region,_active-active_serverless_applications_SVS337-R1.pdf
4. https://aws.amazon.com/solutions/implementations/multi-region-application-architecture/

These are also some good references you can refer

Creating a Multi-Region Application with AWS Services

1. https://aws.amazon.com/blogs/architecture/creating-a-multi-region-application-with-aws-services-part-1-compute-and-security/
2. https://aws.amazon.com/blogs/architecture/creating-a-multi-region-application-with-aws-services-part-2-data-and-replication/
3. https://aws.amazon.com/blogs/architecture/creating-a-multi-region-application-with-aws-services-part-3-application-management-and-monitoring/

Security specific areas that can be referred

1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecurityAndPrivateContent.html
2. https://docs.aws.amazon.com/apigateway/latest/developerguide/security-best-practices.html
3. https://docs.aws.amazon.com/whitepapers/latest/best-practices-api-gateway-private-apis-integration/best-practices-api-gateway-private-apis-integration.pdf

You have some options to implement what you are trying to.

1. If you want to implement the API in just one region but you have API consumers in other regions, you can use an Edge Optimized API Gateway end-point. That adds a Cloudfront distribution in front of the API Gateway, thereby ensuring that clients can get into the AWS network from the POP nearest to them, thereby reducing the latency of API calls. - https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html

2. If the Edge Optimized API Gateway does not work for you, you will need to look at implementing multi-region Regional API Gateway endpoints. You will then have to either shard your API consumers, so every region has to maintain data only for its own local consumers, or if that does not work for you, then you will have to replicate the data across all the regions. You also have to make sure that your Infrastructure as Code and CI/CD pipelines deploy your infrastructure and code in every region whenever changes are needed.

3. If you go with the sharding kind of approach, then every region can have its own regional end-point which is exposed to the consumers of that regional endpoint only.

4. If you don't want to shard consumers but want them to be able to connect to any of the regional end-points, then you can use one of two approaches - Cloudfront Origin Failover or Route53 routing policies

5. Cloudfront origin failover can work if you have two regions, a primary and a secondary. It however works only for GET, HEAD and OPTIONS and does not support POST or PUT requests etc. - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html

6. With Route53 routing policies, you can choose Geolocation routing or Geoproximity routing or Latency routing policies - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html