What Happened?
On October 20, 2025, Amazon Web Services (AWS) experienced a major outage around 3:00 a.m. Eastern. General service was restored by 3:30 p.m., though some services were still degraded.
The outage affected AWS’s US-EAST-1 region, impacting thousands of websites and applications such as airlines, social media, gaming, financial services and Amazon’s own services.
Experts traced the root cause to a misconfiguration of the Domain Name System (DNS), a service that serves as an address book for the internet. The DNS resolution failure impacted one of AWS’s core databases which resulted in cascading impacts to other essential AWS services like network load balancers, virtual servers, application programming interface (API) connections.
Why does it matter?
Economic Impact: The financial impact could reach billions of dollars due to lost productivity, delayed business operations and disrupted services.
Critical Infrastructure: Cloud services are the backbone of the modern internet, powering everything from government and education platforms to financial services and entertainment. When cloud services fail, the ripple effects are immediate and global.
Service Centralization: The incident highlights the fragility of internet infrastructure and the concentration risk of reliance on a handful of providers for foundational services like DNS and cloud-hosted services.
What to do to avoid impacts from future events?
Business Continuity: Update disaster recovery and continuity plan to account for cloud and DNS outages and test them with technical and tabletop exercises. Ensure alternative systems are available for critical operations.
Monitoring & Communication: Have monitoring tools and clear communication protocols for incident response. Be sure to develop and test out-of-band communication plans and systems.
Diversification: If possible, reduce reliance on a single cloud provider. Consider multi-cloud or hybrid with on-premises strategies to mitigate risk.
DNS Management: The incident highlights the central role of DNS in orchestrating Internet-based communications (including also web, email, etc.). Organizations should review the security and resiliency of their DNS-related dependencies – including both DNS resolution, registration and related practices.
Jon Tran is a senior associate in Cybersecurity at The Chertoff Group.
