REL11-BP04 Rely on the data plane and not the control plane during recovery
The control plane is used to configure resources, and the data plane delivers services. Data planes typically have higher availability design goals than control planes and are usually less complex. When implementing recovery or mitigation responses to potentially resiliency-impacting events, using control plane operations can lower the overall resiliency of your architecture. For example, you can rely on the Amazon Route 53 data plane to reliably route DNS queries based on health checks, but updating Route 53 routing policies uses the control plane, so do not rely on it for recovery.
The Route 53 data planes answer DNS queries, and perform and
evaluate health checks. They are globally distributed and designed
for a 100%
availability service level agreement (SLA).
For more information about data planes, control planes, and how AWS
builds services to meet high availability targets, see
the Static
stability using Availability Zones
Level of risk exposed if this best practice is not established: High
Implementation guidance
-
Rely on the data plane and not the control plane when using Amazon Route 53 for disaster recovery. Route 53 Application Recovery Controller helps you manage and coordinate failover using readiness checks and routing controls. These features continually monitor your application’s ability to recover from failures, and allows you to control your application recovery across multiple AWS Regions, Availability Zones, and on premises.
Understand which operations are on the data plane and which are on the control plane.
-
AWS Lambda Executions (split into the control plane and the data plane)
-
AWS Lambda Executions (split into the control plane and the data plane)
Resources
Related documents:
-
APN Partner: partners that can help with automation of your fault tolerance
-
AWS Marketplace: products that can be used for fault tolerance
-
AWS Lambda Executions (split into the control plane and the data plane)
Related examples: