In the aftermath of the major AWS outage, users now understand the root cause. In short: the glitch started at the DNS layer, but the collapse occurred when the downstream orchestration processes tried to catch up.

Understandably, some users expressed frustration with DNS itself. However, DNS itself does not need to be “fixed,” said Stephen Foskett, president of the Tech Field Day arm of the Futurum Group. Yet he added: “I do think there’s a need to figure out a system to make DNS a little bit more resilient to situations like this.”

Given that the issue is not as simple as eliminating DNS from the stack—not likely in the foreseeable future at any rate—the larger question is: What are the lessons learned from AWS’s outage? How can enterprises better prepare?

Preparing for the Next Major Outage

Go beyond Multi-Availability Zone, focus on multi-region: Within a provider, Multi-AZ helps with local failures. It doesn’t help when a regional control plane is impaired. The recent outage “highlights how concentration risk—a dangerously powerful yet routinely overlooked systemic risk—arises when so many companies across all industries become dependent on a single cloud provider and, more pertinently, a single region covered by that vendor,” noted the Forrester research firm. In sum, critical services need deliberate cross-region strategies. Replication must be tested and tiered: use near-synchronous for truly crucial operations, eventual consistency for everything else.

On the other hand, beware false comfort in multicloud: Regulators and boards will ask about concentration risk, and the time-honored response is to point to multicloud adoption. And while multicloud can reduce provider lock-in for a few Tier-1 functions, it raises complexity and can slow recovery if you haven’t engineered data portability and operational maturity. For many organizations, maximizing single-cloud resilience, with sound architecture, tested DR, and strong guardrails, yields more uptime per dollar. In situations where downtime is business-critical, consider substitutability. That is, pre-approved alternatives and manual workflows for identity, payments, or communications that keep the business moving.

Practice, then practice again: Chaos experiments and failover drills are not paperwork, they are the only way to validate RTO/RPO and expose manual steps that will bottleneck you under stress. “Design for failure, because it will happen,” wrote Gartner analyst Lydia Leong in her response to the outage. That means test failback, not just failover. Script the playbooks, carefully, with buy-in across the team. Include fraud-response: big outages can trigger look-alike sites and malicious client updates.

Reduce hidden dependencies: DynamoDB’s importance to EC2’s hardware process surprised many customers. “DynamoDB is an extremely popular service in AWS,” said Mitch Ashley, VP and Practice Lead, Software Lifecycle Engineering for The Futurum Group. “The analogy that works best: it’s like cascading brownouts in the electrical grid—one over-capacity in some part of the grid can have a cascading affect all the way up to larger parts of the grid.” To handle this type of dependency, enterprise teams need a constantly updated dependency map—first-party services, SaaS, and third-party APIs—connected to business processes. Build circuit breakers and timeouts to shed failing dependencies quickly.

Communicate like a product team, not an infrastructure team. Customers get upset about downtime, but they also remember how they were treated—silence from a provider is a major negative. Prepare a communication strategy with 15-, 60-, and 120-minute updates. Set up a canonical downtime status URL in advance, and align legal and support with language that is clear and avoids marketing-speak.

Design for recovery workload, not just failure: Many teams architect for component failure, then assume recovery is a button-press. But restoration generates its own traffic spikes—re-establishing leases, replaying queues, repopulating caches. In the AWS outage, the recovery path overwhelmed automation. Resilience engineering must include back-pressure, admission control, and staged restart patterns so control planes don’t choke on their own backlog.

Bottom line—focus on what really matters: Uptime is no longer a differentiator among hyperscalers, speed and transparency of recovery are. Track your own MTTR for dependency failures, not just server incidents. Budget for resilience work as first-order investment in your stack. Realize that scale creates complexity, and complexity invites new failure modes. Ultimately, the countermeasure isn’t panic or repatriation, it’s operational discipline, resulting in systems that fail small and recover predictably. Plus: don’t forget to keep customers informed while you work on the problem.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

SHARE THIS STORY

RELATED STORIES:

Ramping Up Multicloud Visibility with Cisco Multicloud Defense

What is Disaster Recovery Planning? Create a Successful DRP

When Is It Not Always DNS?

AWS Puts the Spotlight on Economic and Environmental Sustainability at re:Invent 2022