I’m looking to add data residency to my app with is a Atlassian Connect Spring Boot based app hosted on AWS behind Cloudfront and I was wondering if others have experience in implementing data residency for similar app stacks.
Possibilities I’m seeing now include:
Deploying the full app in multiple regions
Only deploying data storage in multiple regions, but keep processing and user facing modules in a common region
Deploying data storage and processing in multiple regions, but keep user facing modules in a common region
And should requests go through a Cloudfront distribution per region, or one to rule all regions?
I think it is important to make a distinction between what Atlassian considers Data Residency and how your customers might interpret it.
For Atlassian, Data Residency only applies to where the data is stored, not where it is processed. For data in transit, Atlassian does not really care about the location. In that sense, you can safely implement a single deployment for your app logic, and only make sure that data storage is done in the specified region to comply with Atlassians definition of Data Residency.
However, it might be useful to consider that your customers might have a different interpretation of data residency. For instance, European Enterprise customers might also want to avoid transferring data to US resources. These customers will want you to also host your app logic in the same region as where the data is stored.
For our apps, if we were to be implementing data residency, we would be hosting the entire app in that region, including compute resources. But we are using Firebase, so we are only paying per use and having multiple deployments in different regions does not cost us anything extra.
And to add to @remie 's answer: Atlassian considers it ok to store data for up to 30 days in another region (called “in transit”). So for EU customers you could store data in the US for up to 30 days and still be ok with Atlassians definition.
We would like to do “processing residency”, but that is not supported by Atlassian data residency. You are supposed to only use the different region URLs when you store data, and we don’t sore data in our infrastructure.
Thanks @marc and @remie thanks for your input. Looks like I’ll need to do some more thinking to also include the processing of data to be done in the same region where the data is stored, makes sense.