How I Designed a Multi-Cloud Kubernetes Disaster Recovery Setup After the AWS Outage

When the eu-west-1 AWS outage hit in late 2025, two of our clients had serious production incidents. After that, every enterprise client started asking the same question: 'What would happen if our cloud region went down?'

Here's the architecture we designed in response.

Design Principles

• •RTO under 15 minutes for critical services
• •RPO under 5 minutes for transactional data
• •No single cloud provider dependency for the control plane
• •Automated failover that doesn't require a human at 3am

The Architecture

Primary Cluster: AWS EKS (eu-west-1)

All traffic runs here under normal conditions. Full observability stack. Automated backups to S3 every 5 minutes using Velero.

Secondary Cluster: GCP GKE (europe-west1)

Standby cluster with all services deployed but scaled to zero. ArgoCD continuously syncs manifests from the same GitOps repository.

Data Replication

• •PostgreSQL: logical replication to a GCP Cloud SQL read replica
• •S3/GCS: cross-cloud bucket sync via custom Lambda running every 5 minutes
• •Redis: Redis Enterprise with active-active geo-distribution

The Failover Automation

1. CloudWatch alarm triggers on P99 latency > 2s for > 5 minutes
2. SNS notification fires the failover Lambda
3. Lambda promotes GCP read replica to primary
4. Scales up GKE deployments from zero
5. Updates Cloudflare DNS via API
6. Pages the on-call engineer with status

What We Learned

The hardest part wasn't the infrastructure — it was the database promotion. Test your failover every month in a real environment. The first time you run it should not be during an outage.