
An AWS Region is coming to France - noplay
http://www.allthingsdistributed.com/2016/09/aws-announce-eu-france-region.html
======
dazbradbury
For those in London wondering where is best for UK based customers, it seems,
for London at least, this _could_ be an improvement over Dublin (where
Frankfurt is slower), as Paris is roughly 70 miles closer. Of course,
depending on where / when [1] a UK-based data centre is released, I'd imagine
that would be faster still.

Currently Ireland vs. Frankfurt is (more data needed of course)[2]:

    
    
      Europe (Ireland): 25 ms   27 ms   24 ms
      Europe (Frankfurt): 39 ms   39 ms   42 ms
    

And Frankfurt is about 100 miles further than Dublin.

But for a quick test, this looks like a good tool:
[http://www.cloudping.info/](http://www.cloudping.info/)

Will be interested to test this once released to see UK / Paris vs. Dublin.

[1] Article states UK region "due in coming months". No location announced?

[2] Hitting ec2.eu-west-1.amazonaws.com vs. ec2.eu-central-1.amazonaws.com.

~~~
jsingleton
I've found latency in the UK can be about a third lower than Ireland. I used
Bytemark for testing in my recent book but Azure have UK regions now [0] and
DO have had a London DC for a couple of years [1]. AWS UK is currently just
"coming soon" [2] but Werner has said "end of 2016 (or early 2017)" [3].

[0] [https://unop.uk/azure-eu-regions-naming-confusion](https://unop.uk/azure-
eu-regions-naming-confusion)

[1] [https://www.digitalocean.com/company/blog/introducing-our-
lo...](https://www.digitalocean.com/company/blog/introducing-our-london-
region)

[2] [https://aws.amazon.com/about-aws/global-
infrastructure](https://aws.amazon.com/about-aws/global-infrastructure)

[3] [http://www.allthingsdistributed.com/2015/11/aws-announces-
uk...](http://www.allthingsdistributed.com/2015/11/aws-announces-uk-
region.html)

~~~
Symbiote
> [0] [https://unop.uk/azure-eu-regions-naming-
> confusion](https://unop.uk/azure-eu-regions-naming-confusion)

I expect Microsoft are using the UN region names for Europe, where Britain are
Ireland are part of Northern Europe.

[https://en.wikipedia.org/wiki/United_Nations_geoscheme_for_E...](https://en.wikipedia.org/wiki/United_Nations_geoscheme_for_Europe)

~~~
jsingleton
Nice find! That probably explains it.

The UK names still aren't great, even if they sound reasonable in isolation
(Cardiff - West, London - South). They have fixed the map though.

------
rloc
This is great. I operate a French website targeted to French customers, this
will improve latency compared to Ireland.

This might also allow for mixing critical server roles hosted in other Paris
data centers with AWS.

I'm thinking about connecting a web server (in AWS) with a DB server (in
another Paris DC) while keeping the latency at a low level.

~~~
madeofpalk
> (in another Paris DC)

For bonus points, choose the same DC that AWS is actually in
[http://www.equinix.com/locations/france-colocation/france-
da...](http://www.equinix.com/locations/france-colocation/france-data-
centers/)

~~~
rloc
Mmmm interesting. I have servers there: [http://www.iliad-
datacenter.com/](http://www.iliad-datacenter.com/) in DC3.

------
widforss
What is the state of the temporary spy laws in France?

Shouldn't it at least be mentioned in the announcement that the french
government can pretty much ask Amazon for any of your data without a warrant.
Or is the situation better than a year ago?

EDIT: Warrant is apparently needed as noplay said.

~~~
reacweb
In France, we have some consideration toward power separation. Police and
secret services can collect your data mostly without a warrant. Government can
exceptionally ask the police some data, but if there are abuses, the judicial
power will intervene.

~~~
widforss
I meant government as in government agencies, not strictly under the direct
control of the actual group of humans making up the government.

I guess "government" interprets to different things in different countries,
what I wrote above is a very american viewpoint.

In my country (SE), a member of government can be relieved of her duties if
she even mentions that an agency should act in a certain way (as the
government only should make up policies and not interfere in the daily
businesses of the agencies).

[https://en.wikipedia.org/wiki/Ministerstyre](https://en.wikipedia.org/wiki/Ministerstyre)

~~~
noplay
Yeah in France separation is less clear. That's why warrant is not the problem
if they want it they will get it anyway.

------
5h
Still no further info on the London region since their announcement post[1]
said:

> _Today, I am excited to add the United Kingdom to that list! The AWS UK
> region will be our third in the European Union (EU), and we 're shooting to
> have it ready by the end of 2016 (or early 2017). This region will provide
> even lower latency and strong data sovereignty to local users._

[1] [http://www.allthingsdistributed.com/2015/11/aws-announces-
uk...](http://www.allthingsdistributed.com/2015/11/aws-announces-uk-
region.html)

~~~
dazc
Since UK is about to be outside of the EU it's likely this has been put on
hold? I don't know what the facts are but I'm guessing the UK accounts for a
large slice of data currently being routed via Ireland, so it isn't going to
be on hold for long?

~~~
arviewer
No it's not on hold: [https://aws.amazon.com/blogs/aws/coming-in-2017-new-aws-
regi...](https://aws.amazon.com/blogs/aws/coming-in-2017-new-aws-region-in-
france/)

------
grif-fin
I do sincerely wished Amazon would have consider changing their AWS service
management UI and workflow as well as epanding their servers around the globe.

Currently it is an incredibly inefficient design of a service management
trying to do everything yet many are dependent for using it.

~~~
ceejayoz
If you're big enough that switching regions in the console is a regular pain,
you're probably big enough to just automate stuff via the APIs.

~~~
grif-fin
This maybe a fact but not an excuse for poor user experience.

~~~
ceejayoz
AWS initially launched API-only. At any significant scale, it's simply not
intended to be managed via the console.

~~~
grif-fin
I found visualization very much helpful when complexity rises. APIs stays
powerful but do not support a human admin for monitoring and server setups
(including IAM users, Services, Tasks, Clusters, Launching EC2 instances, ECR
setup for docker, AIM, Loadbalancing, Security groups, Roles etc all
multiplied to X regions).

~~~
ceejayoz
Again, if you're large enough to be in multiple regions, all of this should be
configured via the APIs using a configuration management system of some sort.

Ansible, for example, can easily manage stuff like security groups
([http://docs.ansible.com/ansible/ec2_group_module.html](http://docs.ansible.com/ansible/ec2_group_module.html))
, load balancing
([http://docs.ansible.com/ansible/ec2_elb_lb_module.html](http://docs.ansible.com/ansible/ec2_elb_lb_module.html)),
IAM users and roles
([http://docs.ansible.com/ansible/iam_module.html](http://docs.ansible.com/ansible/iam_module.html)),
etc., and it does them in _repeatable_ , auditable, version-controllable,
self-documenting fashion.

~~~
grif-fin
" if you're large enough to be in multiple regions, all of this should be
configured via the APIs"

Is the suggestion to recreate what Amazon Console has done (using APIs) in
every large organisation using AWS because Amazon Console is not good enough?

~~~
tomcart
No, treat your infrastructure as code. Define it programatically, version it,
have a standard, automated process for recreating it.

If you're using AWS then Cloudformation (maybe with an abstraction like
troposphere), will do what you need.

If you are pressing the big blue 'launch instance' button, you are doing it
wrong.

~~~
grif-fin
"No, treat your infrastructure as code."

Agreed. Advantage is clear and understood.

My point here is: there exists something called 'Amazon Console'. I argue it
is a good thing to have if done properly easing the service management as
visualized management is more human friendly and APIs more computer friendly.
If there exists a bad visualized service management (e.g. Amazon Console) it
is the lack of skills of the humans developing it not because managing a vast
complex clusters is easier through APIs/CLI and impossible/wrong via UI.

------
voltagex_
[https://aws.amazon.com/blogs/aws/coming-in-2017-new-aws-
regi...](https://aws.amazon.com/blogs/aws/coming-in-2017-new-aws-region-in-
france/)

------
LyalinDotCom
Its worth commenting that we here in Microsoft Azure team (our cloud platform)
have data centers in 30 regions including UK, Germany, etc.
[https://azure.microsoft.com/en-us/regions/](https://azure.microsoft.com/en-
us/regions/)

Our platform is very mature now I wish more folks would give it a shot.

p.s. we also take EU people data privacy very seriously.
[https://www.thefastmode.com/technology-
solutions/9077-micros...](https://www.thefastmode.com/technology-
solutions/9077-microsoft-partners-deutsche-telekom-to-open-azure-cloud-data-
center-in-germany)

~~~
LoneWolf
I don't know how it currently compares with AWS but some time ago the disk IO
was a lot slower, and the prices were way higher. Does anyone know of recent
comparisons?

~~~
BillinghamJ
Prices are still way higher

~~~
LoneWolf
AWS it will continue to be then.

------
Cshelton
So this is great however I have a very large concern.

In a U.S. AWS data center, I am very confident (right now) that my encryption
keys and encrypted data will never be given out to any governmental agency.
Even with a warrant, they can not access my data unencrypted.

What will Amazon do when the French government says hand us all of your keys
or else...

As our data is all extremely sensitive financial information, we really can
not even take that chance until we know.

Clarification: We send all data over HTTPS with AES 256 encryption. If
authorities have a warrant for data, can we hand them the encrypted data and
say the keys are in the U.S. and we can't give them to you?

~~~
idlewords
Why are you:

1) Keeping keys to extremely sensitive financial data on a cloud server

2) Confident that the US government won't request this information through
warrant or national security letter

3) Asking for advice about this on a message board?

~~~
Cshelton
1) They are in a key management service (not AWS). Highly unlikely somebody
will get both access to the keys and the data together. They are also rotated
periodically.

2) Well lately, I'm not. The Apple/FBI case was somewhat assuring. And I
believe that to date, AWS has not handed over any data or keys without
permission.

3) More theoretical advice about the new French region. What are the laws
about privacy and how will that work. We just saw what Germany ruled on with
WhatsApp. And really just asking the question because it needs to be asked. I
don't actually expect an ultimate answer, just discussion about it.

~~~
Twirrim
> 2) Well lately, I'm not. The Apple/FBI case was somewhat assuring. And I
> believe that to date, AWS has not handed over any data or keys without
> permission.

How would you know? The NSL would prevent Amazon from being able to say
anything about it.

If you're that concerned about your security, you shouldn't be using a cloud
provider.

------
solatic
There is STILL no AWS region in Israel.

All Internet traffic in and out of Israel goes through three undersea cables
connecting the country with Turkey, Greece, and Italy, and as such suffer from
the kind of lag that happens when you're separated from your destination
server by a couple thousand kilometers, usually more. There are no local cloud
providers and the local entrepreneurial culture (which is MASSIVE for such a
small country) either has to pay for cloud resources in Europe or has to pay
for local non-cloud hosting, which is orders of magnitude more expensive and
running on relatively ancient hardware (the local VPS shops have little
incentive to upgrade).

Do we have to beg for Amazon to come here?!

~~~
pavel_lishin
> _the local entrepreneurial culture (which is MASSIVE for such a small
> country)_

> _(the local VPS shops have little incentive to upgrade)_

> _Do we have to beg for Amazon to come here?!_

I'm surprised nobody has stepped in and built out their own cloud offering.

~~~
discodave
Market likely isn't big enough.

