AWS Large-Scale Interruption (October 2025) Incident Review

Summary of the Incident

On Monday, October 20, 2025, Amazon Web Services (AWS) experienced a major cloud service outage centred in its US-EAST-1 region (Northern Virginia), which began around 10:19 AM local U.S. time and propagated globally. ThousandEyes The disruption affected hundreds of applications and services across industries — from social media (e.g., Snapchat), gaming (e.g., Fortnite), finance (digital wallets and banking apps), streaming and government services. Al Jazeera

Customers and end-users suddenly found themselves unable to access services, execute transactions, or even perform routine digital tasks such as authentication or device control. The ripple effects underscored how deeply many modern systems are dependent on a handful of large cloud service providers.

Timeline of Key Events

  • ~10:19 AM (US-Eastern) – Initial reports of elevated error rates and latencies in AWS’s US-EAST-1 region.
  • Soon after – DNS resolution failures for the DynamoDB API endpoint and cascading failures in dependent services. The Guardian
  • Throughout the morning – Major apps and websites began reporting outages globally (for example: Snapchat, Roblox, Ring, Alexa devices, government services).
  • ~6:01 PM ET – AWS announced that “all AWS services returned to normal operations” though some back-logs and residual issues remained. WIRED
  • Post-incident – AWS published its analysis revealing the root cause: a latent defect in the DNS automation system managing DynamoDB endpoints in US-EAST-1, which prevented correct auto-repair of an empty DNS record.

Root Cause & Technical Details

AWS has released its official post-incident report for the October 2025 outage.
Here’s a simplified summary of how the failure unfolded:

  1. DNS Planner periodically generates a complete “region plan,” listing which endpoints should point to which load balancers.
  2. DNS Enactor applies that plan to Route 53 (Amazon’s DNS system). Each availability zone runs its own Enactor instance — so multiple instances operate concurrently.
  3. Before starting work, each Enactor checks once to confirm that the plan it holds is the latest version.
  4. One of the Enactor instances began to lag severely — every DNS endpoint update required several retries to succeed.
  5. While that slow Enactor was still working, the Planner generated several newer plans, which were quickly written to Route 53 by other (faster) Enactors.
  6. The slow Enactor still believed its plan was current, but due to the long delay, it was actually outdated. It did not re-verify before proceeding.
  7. After completing their updates, the fast Enactors cleaned up old plans, deleting any versions older than the one they had just applied.
  8. Unfortunately, the plan being processed by the slow Enactor was among those deleted — so when it tried to apply its changes, the DNS records for the regional endpoints were wiped out.
  9. The affected endpoints became unresolvable, leading to region-wide connection failures and the large-scale service outage observed across US-EAST-1.

In short:

A concurrency race condition between multiple DNS automation agents (Enactors) led to the accidental deletion of active DNS entries.

The system design is understandably complex — managing hundreds of thousands of DNS records can only be automated — but the combination of concurrency and latency exposed a hidden race condition that cascaded into a regional failure.

Impact & Lessons for Developers & Architects

Impact:

  • Hundreds of platforms (both B2C and B2B) reported outages or degraded service. Tom's Guide
  • A single-point region failure in a major cloud provider caused global disruption, confirming the fragility of common dependency stacks. WIRED
  • For developers and product teams, even well-architected systems may suffer if underlying infrastructure suffers region-wide failures.

Lessons:

  1. Regional resilience matters: Relying solely on US-EAST-1 (or any one region) is risky. Multi-region deployment or fail-over paths are essential.
  2. Recognize hidden dependencies: Services such as database endpoints and DNS automation may be external failure points. Architects should trace end-to-end dependencies.
  3. Design for failure scenarios: Implement fallback paths, circuit breakers, and degraded modes rather than assuming “cloud always works”.
  4. Monitor beyond service status: Real-time external monitoring, dependency tracing and end-user visibility help identify issues earlier.
  5. Be cloud-portable where feasible: Use abstractions (e.g., containers, micro-services, orchestration) and decouple from proprietary services to ease recovery or migration. As one post-analysis noted: “multi-region and multi-cloud skills are no longer optional specialisations, they’re core competencies.” INE

Takeaways for Developer Teams

  • Audit your architecture: identify key dependencies (DNS, databases, regional endpoints) and ask: what happens if this fails?
  • Practice failure drills: simulate regional cloud failures, DNS endpoint failures, database service interruptions.
  • Establish incident runbooks: how will your system behave when infrastructure fails? How will you alert, fail-over, notify users?
  • Understand your SLAs and business impact: quantify how many minutes/hours of outage translate to revenue or user trust loss.
  • Keep technical skills up-to-date: architecture, multi-region cloud services, automation, observability. The AWS October 2025 event is a reminder that what may seem like “cloud provider handled it” really relies on you having resilient systems above it.

Conclusion

The October 2025 outage of AWS in the US-EAST-1 region — traced to a DNS automation failure around 10:19 AM local time — showed that even the biggest cloud providers are vulnerable. For developers and cloud architects, this event reinforces that resilience is not automatic. You must build it. By designing for failure, monitoring aggressively, and keeping your architecture adaptive, you ensure that when the cloud provider hiccups, your systems don’t go down too.

“Cloud failures will happen again. The question isn’t whether you’ll face another outage, but whether your architecture will be ready.” INE