How Local Zones work - AWS Local Zones

How Local Zones work

A Local Zone is an extension of an AWS Region in geographic proximity to your users. Local Zones have their own connections to the internet and support AWS Direct Connect, so that resources created in a Local Zone can serve applications that require low latency.

To use a Local Zone, you must first enable it. Next, you create a subnet in the Local Zone. Finally, you launch resources in the Local Zone subnet. For more detailed instructions, see Getting started with AWS Local Zones.

The following diagram illustrates an account with a VPC in the AWS Region us-west-2 that is extended to the Local Zone us-west-2-lax-1. Each zone in the VPC has one subnet, and each subnet has one EC2 instance.

   A VPC with Availability Zones and a Local Zone.

AWS resources supported in Local Zones

Creating a resource in a Local Zone subnet puts it close to your users. For a list of services with resources that are supported in Local Zones, see AWS Local Zones features.


  • Local Zone subnets follow the same routing rules as Availability Zone subnets, including the use of route tables, security groups, and network ACLs.

  • Outbound internet traffic leaves a Local Zone from the Local Zone.

  • Network traffic will hairpin to the AWS Region when connecting from an on-premises location into a Local Zone using a Transit Gateway.

  • You cannot select a subnet from a Local Zone while creating a Cloud WAN or transit gateway VPC attachment. Doing so will result in an error.

  • Traffic within the US that is destined for a subnet in a Local Zone using AWS Direct Connect does not travel through the parent Region of the Local Zone. Instead, traffic takes the shortest path to the Local Zone. This decreases latency and helps make your applications more responsive.

    If you require a more resilient connection, implement more than one AWS Direct Connect between your on-premises locations and the Local Zone. For more information on building resilience with AWS Direct Connect, see AWS Direct Connect Resiliency Recommendations.

  • The only Local Zones that support IPv6 are us-east-1-atl-2a, us-east-1-chi-2a, us-east-1-dfw-2a, us-east-1-iah-2a, us-west-2-lax-1a, us-west-2-lax-1b, and us-west-2-phx-2a.

  • The only Local Zones that support edge association with virtual private gateway (VGW) are us-east-1-atl-2a, us-east-1-chi-2a, us-east-1-dfw-2a, us-east-1-iah-2a, us-west-2-lax-1a, us-west-2-lax-1b, and us-west-2-phx-2a.

    To understand edge association and other route-table concepts, see Route table concepts in the Amazon VPC User Guide.

    To understand virtual private gateway and other AWS Site-to-Site VPN concepts, see Concepts in the AWS Site-to-Site VPN User Guide.

  • You cannot create VPC endpoints inside Local Zone subnets.

  • The AWS Site-to-Site VPN is not available in Local Zones. Use a software-based VPN to establish a site-to-site VPN connection into a Local Zone.

  • Generally, the Maximum Transmission Unit (MTU) is as follows:

    • 9001 bytes between Amazon EC2 instances in the same Local Zone.

    • 1500 bytes between an internet gateway and a Local Zone.

    • 1468 bytes between AWS Direct Connect and a Local Zone.

    • 1300 bytes between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region for most Local Zones except:

      • 9001 bytes for us-west-2-lax-1a and us-west-2-lax-1b

      • 8801 bytes for us-east-1-atl-2a, us-east-1-chi-2a, us-east-1-dfw-2a, us-east-1-iah-2a, and us-west-2-phx-2a


Learn how to get started with AWS Local Zones with the following resources: