If an AWS region goes down (like us-east-1), will a CloudWatch based health check that we want to use for Route 53 Failover fail to function properly if our API-Gateway REST-API is Private?
Background
We wish to fail over if an AWS region is down (hypothetical example: Fail-over from us-east1 to us-east-2). A concern was raised that we may not be able to fail-over from us-east-1 (or whatever region we choose) properly if our Failover Routing Policy is tied to a CloudWatch based solution that is in us-east-1.
Details of our approach which includes fail-over:
- VPC (with Private subnets for some of our items)
- Use VPCE to route traffic from a non-AWS system to AWS Route 53 through a public zone. (Has to be a public zone for our needs)
- Create CloudWatch metric / alarm. (Are either of those region specific?)
- Create AWS Route 53 with Failover routing policy. Uses health check based on the CloudWatch metric / alarm.
- Route 53 to Private API-Gateway ( LambdaRestApi in Typescript CDK speak )
- Private API-Gateway to Lambda
- And so on.. Lambda to the data it needs.
Failover Routing Policy is covered in AWS Developer Guide page Choosing a routing policy
Related:
Related question, but not exact: https://repost.aws/questions/QUVcLK5gUqSxKGondJkrzw0Q/private-zone-route-53-health-checks