Amazon Web Services (AWS) operates two distinct cloud environments: the global AWS cloud available worldwide and AWS China, operated by local partners in China. While both environments run on AWS technology, they differ significantly in operations, compliance, services, and user experience. Understanding these differences is crucial for organizations planning to deploy applications across both environments or operating in China.

Overview of AWS Environments

AWS Global

• Operated by: Amazon Web Services, Inc.
• Regions: 25+ regions worldwide
• Compliance: Global standards (SOC, PCI, HIPAA, GDPR)
• Services: Full AWS service catalog
• Integration: Seamless integration with other AWS services

AWS China

• Operated by: Local partners (Sinnet and NWCD)
• Regions: 2 regions (cn-north-1, cn-northwest-1)
• Compliance: Meets Chinese regulatory requirements
• Services: Subset of AWS services, localized for China
• Integration: Limited integration with global AWS services

AWS China Regions

cn-north-1 (Beijing)

Operated by: Sinnet

• Location: Beijing, China
• Focus: General-purpose workloads
• Availability Zones: Multiple AZs in Beijing area
• Network: Good connectivity to northern China

cn-northwest-1 (Ningxia)

Operated by: NWCD

• Location: Ningxia, China
• Focus: Government and regulated industries
• Availability Zones: Multiple AZs in Ningxia region
• Network: Good connectivity to western China

Service Availability Differences

Core Services Available in Both

Compute

• Amazon Elastic Compute Cloud (EC2)
• Amazon Elastic Container Service (ECS)
• AWS Lambda (with limitations)
• Amazon Elastic Kubernetes Service (EKS)
• AWS Fargate

Storage

• Amazon Simple Storage Service (S3)
• Amazon Elastic Block Store (EBS)
• Amazon Elastic File System (EFS)
• AWS Storage Gateway

Database

• Amazon Relational Database Service (RDS)
• Amazon DynamoDB
• Amazon ElastiCache
• Amazon Redshift (limited)

Networking

• Amazon Virtual Private Cloud (VPC)
• Amazon Route 53 (limited)
• AWS Direct Connect (China-specific)
• Elastic Load Balancing (ELB)

Services Not Available in China

• Amazon WorkSpaces
• AWS IoT Core (limited availability)
• Amazon Connect
• AWS Elemental Media Services
• Amazon WorkDocs
• AWS Organizations (limited)
• AWS Control Tower
• Amazon Macie
• AWS Resource Access Manager (RAM)
• Amazon Managed Streaming for Kafka (MSK)

Services with Limitations in China

AWS Lambda

• Limited runtime support
• Smaller concurrent execution limits
• Different pricing model

Amazon Route 53

• No traffic flow or geolocation routing
• Limited health check features
• No private hosted zones

AWS CloudFormation

• Limited resource types supported
• Different template syntax requirements
• Limited stack operations

AWS Systems Manager

• Limited parameter store features
• No patch manager in China
• Reduced automation capabilities

Account and Billing Differences

Separate Accounts Required

• AWS China: Requires separate AWS account registered in China
• AWS Global: Standard AWS account
• No account linking: Cannot link China and global accounts
• Separate credentials: Different access keys and IAM users

Billing and Payment

• AWS Global: USD-based billing, credit cards, bank transfers
• AWS China: CNY-based billing, local payment methods
• Separate billing: Completely separate billing systems
• Tax compliance: Different tax requirements and reporting

Cost Management

• AWS Cost Explorer: Available but limited data in China
• AWS Budgets: Basic functionality in China
• Reserved Instances: Available but different pricing
• Savings Plans: Limited availability in China

ARN and Endpoint Differences

Amazon Resource Names (ARNs)

Global AWS ARN Format:

arn:aws:service:region:account-id:resource

AWS China ARN Format:

arn:aws-cn:service:region:account-id:resource

ARN Examples

S3 Bucket Global:

arn:aws:s3:::my-bucket

S3 Bucket China:

arn:aws-cn:s3:::my-bucket

EC2 Instance Global:

arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0

EC2 Instance China:

arn:aws-cn:ec2:cn-north-1:123456789012:instance/i-1234567890abcdef0

IAM User Global:

arn:aws:iam::123456789012:user/username

IAM User China:

arn:aws-cn:iam::123456789012:user/username

Service Endpoints

Regional Endpoints

Global AWS Pattern:

service.region.amazonaws.com

AWS China Pattern:

service.region.amazonaws.com.cn

Common Endpoints

EC2:

• Global: ec2.us-east-1.amazonaws.com
• China: ec2.cn-north-1.amazonaws.com.cn

S3:

• Global: s3.us-east-1.amazonaws.com
• China: s3.cn-north-1.amazonaws.com.cn

RDS:

• Global: rds.us-east-1.amazonaws.com
• China: rds.cn-north-1.amazonaws.com.cn

Lambda:

• Global: lambda.us-east-1.amazonaws.com
• China: lambda.cn-north-1.amazonaws.com.cn

CloudFormation:

• Global: cloudformation.us-east-1.amazonaws.com
• China: cloudformation.cn-north-1.amazonaws.com.cn

Special Endpoints

IAM (Global Service):

• Global: iam.amazonaws.com
• China: iam.cn-north-1.amazonaws.com.cn (regional in China)

CloudFront:

• Global: cloudfront.amazonaws.com
• China: Not available

Route 53:

• Global: route53.amazonaws.com
• China: route53.amazonaws.com.cn

Development and Management Tools

AWS CLI Configuration

# Configure for AWS Global
aws configure --profile global
AWS Access Key ID: your-global-key
AWS Secret Access Key: your-global-secret
Default region name: us-east-1
Default output format: json

# Configure for AWS China
aws configure --profile china
AWS Access Key ID: your-china-key
AWS Secret Access Key: your-china-secret
Default region name: cn-north-1
Default output format: json

# Use specific profile
aws s3 ls --profile china

SDK Configuration

import boto3

# AWS Global
client = boto3.client(
    's3',
    region_name='us-east-1',
    aws_access_key_id='global-key',
    aws_secret_access_key='global-secret'
)

# AWS China
client = boto3.client(
    's3',
    region_name='cn-north-1',
    aws_access_key_id='china-key',
    aws_secret_access_key='china-secret'
)

Management Console Access

AWS Global Console:

• https://console.aws.amazon.com

AWS China Console:

• https://console.amazonaws.cn

CloudFormation Considerations

# AWS Global template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-global-bucket

# AWS China template (different service names)
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-china-bucket

Compliance and Data Residency

Regulatory Compliance

AWS Global:

• SOC 1, SOC 2, SOC 3
• PCI DSS Level 1
• HIPAA/HITECH
• GDPR compliance
• FedRAMP authorization

AWS China:

• Meets Chinese government requirements
• Multi-Level Protection Scheme (MLPS) Level 3
• Classified Protection of Cybersecurity (等保)
• Data Security Law compliance
• Cybersecurity Law compliance

Data Residency

• AWS China: Data physically stored in China
• Data sovereignty: Compliance with Chinese data regulations
• No data movement: Restrictions on data export from China
• Local operations: All operations managed within China

Security Certifications

Both environments maintain high security standards, but China has additional local certifications specific to Chinese regulatory requirements.

Identity and Access Management

IAM Differences

AWS Global:

• Global IAM service
• Seamless cross-region access
• Integration with AWS Organizations
• Advanced policy features

AWS China:

• Regional IAM service (not global)
• Separate user management
• Limited cross-region capabilities
• Different policy syntax requirements

Multi-Factor Authentication (MFA)

• Same MFA capabilities in both environments
• Localized phone number support in China
• Different device registration processes

Networking and Connectivity

Virtual Private Cloud (VPC)

Similarities:

• Same VPC concepts and features
• Identical networking constructs
• Security groups and network ACLs

Differences:

• Different IP address ranges available
• Limited integration with global services
• Local internet connectivity requirements

AWS Direct Connect

AWS Global:

• Global Direct Connect locations
• Integration with AWS backbone
• Standard pricing and SLAs

AWS China:

• Local Direct Connect locations in China
• Partnership with Chinese telecom providers
• Different pricing and service levels

VPN Connections

AWS Global:

• Standard VPN gateway configurations
• Global VPN capabilities
• Consistent pricing worldwide

AWS China:

• Localized VPN services
• Integration with Chinese networks
• Different performance characteristics

Application Development Considerations

Environment Detection

def get_aws_config(region):
    """Get AWS configuration based on region"""
    is_china = region.startswith('cn-')

    config = {
        'region': region,
        'partition': 'aws-cn' if is_china else 'aws',
        'endpoint_suffix': 'amazonaws.com.cn' if is_china else 'amazonaws.com'
    }

    # Service-specific endpoints
    if is_china:
        config.update({
            's3_endpoint': f'https://s3.{region}.amazonaws.com.cn',
            'iam_endpoint': f'https://iam.{region}.amazonaws.com.cn',
            'route53_endpoint': 'https://route53.amazonaws.com.cn'
        })

    return config

# Usage
china_config = get_aws_config('cn-north-1')
global_config = get_aws_config('us-east-1')

Cross-Environment Architecture

interface AWSConfig {
  region: string;
  partition: 'aws' | 'aws-cn';
  endpoints: {
    s3: string;
    iam: string;
    route53?: string;
  };
  compliance: string[];
}

const awsConfigs: Record<string, AWSConfig> = {
  global: {
    region: 'us-east-1',
    partition: 'aws',
    endpoints: {
      s3: 's3.amazonaws.com',
      iam: 'iam.amazonaws.com',
      route53: 'route53.amazonaws.com'
    },
    compliance: ['GDPR', 'SOC2', 'PCI']
  },
  china: {
    region: 'cn-north-1',
    partition: 'aws-cn',
    endpoints: {
      s3: 's3.amazonaws.com.cn',
      iam: 'iam.cn-north-1.amazonaws.com.cn'
    },
    compliance: ['MLPS', 'DL', 'CL']
  }
};

Pricing and Cost Differences

Pricing Models

AWS Global:

• Standard USD pricing
• Consistent worldwide pricing
• Volume discounts and Reserved Instances
• Enterprise agreements available

AWS China:

• CNY-based pricing (different rates)
• Local market pricing
• Limited Reserved Instance options
• Different discount structures

Cost Optimization

AWS Global:

• Full suite of cost optimization tools
• AWS Cost Explorer with detailed analytics
• Savings Plans and Reserved Instances
• Spot Instances widely available

AWS China:

• Limited Cost Explorer functionality
• Fewer Reserved Instance options
• Spot Instances available but limited
• Local market-specific pricing

Support and SLAs

Support Plans

AWS Global:

• Basic, Developer, Business, Enterprise support
• 24/7 phone, chat, email support
• Technical Account Managers for Enterprise
• Response time SLAs

AWS China:

• Localized support in Chinese
• Different support plan structure
• Limited English language support
• Different SLA commitments

Documentation and Resources

AWS Global:

• Comprehensive English documentation
• Extensive training and certification programs
• Large community and partner ecosystem

AWS China:

• Chinese-language primary documentation
• Localized training materials
• Smaller but growing partner ecosystem
• Limited English resources

Migration Strategies

Planning Considerations

1. Service Compatibility: Verify all required services available in China
2. Data Residency: Ensure compliance with data localization requirements
3. Application Changes: Plan for code modifications needed
4. Cost Impact: Calculate cost differences between environments

Migration Approaches

Separate Deployments

• Maintain separate infrastructure in each environment
• Different codebases or configuration management
• Independent scaling and management

Unified Architecture

• Design applications to work in both environments
• Use configuration-driven deployment
• Shared codebase with environment-specific settings

Implementation Steps

1. Environment Setup
   • Create separate AWS accounts
   • Configure VPCs and networking
   • Set up IAM roles and policies
2. Application Migration
   • Update endpoint configurations
   • Modify ARN references
   • Adapt to service limitations
3. Testing and Validation
   • Test in China environment with real endpoints
   • Validate compliance requirements
   • Performance testing with local connectivity
4. Operational Readiness
   • Set up monitoring and alerting
   • Establish backup and recovery procedures
   • Train operations teams

Best Practices for Multi-Environment AWS Usage

Architecture Design

1. Environment Abstraction: Build environment-agnostic application code
2. Configuration Management: Use environment-specific configuration files
3. Service Detection: Implement automatic environment detection
4. Fallback Mechanisms: Design for service unavailability

Development Practices

1. Multi-Environment Testing: Test applications in both environments
2. Infrastructure as Code: Use CloudFormation or Terraform with environment parameters
3. CI/CD Pipelines: Implement separate pipelines for each environment
4. Documentation: Maintain environment-specific runbooks

Security and Compliance

1. Consistent Security: Apply same security standards across environments
2. Compliance Automation: Build compliance checks into deployment pipelines
3. Access Control: Implement environment-specific access controls
4. Audit Logging: Enable comprehensive logging in both environments

Common Challenges and Solutions

Service Parity Issues

Challenge: Required services not available in China Solution: Identify alternative services or architectures, plan for hybrid deployments

Network Connectivity

Challenge: Limited connectivity between China and global environments Solution: Implement VPN or Direct Connect, design for data synchronization

Cost Management

Challenge: Different pricing models and limited cost tools in China Solution: Implement manual cost tracking, use available monitoring tools

Development Complexity

Challenge: Maintaining separate configurations for different environments Solution: Use configuration management tools, implement environment abstraction layers

Future Considerations

Service Expansion

AWS continues to expand services available in China, though at a different pace than the global environment.

Integration Improvements

Ongoing efforts to improve integration between AWS Global and AWS China environments.

Compliance Evolution

Both environments continue to evolve to meet changing regulatory requirements.

Conclusion

AWS Global and AWS China are distinct cloud environments designed to meet different operational and regulatory requirements. While they share the same underlying AWS technology, the differences in service availability, endpoints, compliance, and operations require careful planning for organizations operating in both environments.

Successful deployment across both AWS environments requires:

• Understanding service availability differences
• Implementing environment-specific configurations
• Planning for data residency and compliance requirements
• Designing applications with multi-environment deployment in mind

By recognizing and planning for these differences, organizations can effectively leverage both AWS Global and AWS China to meet their international business objectives while maintaining compliance and operational efficiency.