Hybrid & Edge on AWS (2026): Outposts vs Local Zones vs Wavelength — Placement, Connectivity, and the Latency Bill

As of June 2026, AWS offers four distinct placement layers — Regions, Local Zones, Outposts, and Wavelength — plus CloudFront for cacheable edge delivery. The expensive mistake is treating them as interchangeable “edge” checkboxes. Local Zones put AWS-operated compute in metros; Outposts put AWS-managed hardware on your floor; Wavelength puts compute in carrier 5G facilities. Pick wrong and you buy a rack when a subnet would do.

This post covers where workloads run and how packets move — not EC2 vs Lambda economics. That hybrid-compute guide answers invocation patterns and SQS buffering; this one answers metro latency, residency, Direct Connect, and the service link.

We ship a placement decision matrix, hybrid connectivity checklist, and latency vs cost worksheet.

Benchmark pattern (not a cited client) — Composite regulated fintech API, ~12k RPS peak on payment authorization paths, users concentrated in Chicago metro, prior deployment full Outposts rack in customer colo for “low latency.” Measured p99 ~8ms app RTT. Migration: moved read-heavy account and catalog APIs to Chicago Local Zone; kept Outposts only for PIN HSM and card-present bridge. Result: p99 ~9ms (within SLO), hybrid infra ~$22k/mo → ~$13.6k/mo (~38% reduction) — rack amortization and power dominate Outposts TCO when Local Zone satisfies most paths.

Placement matrix (summary)

Download the full placement matrix for service availability rows.

Opinionated take: Local Zones before Outposts when compliance allows AWS-operated metro sites. Wavelength only with a carrier contract — otherwise you are paying for unused telco metal.

Connectivity layer (not optional)

Edge placement fails without hybrid networking:

1. Direct Connect (primary) into a networking-account Transit Gateway
2. Site-to-Site VPN backup on a separate path
3. Route 53 Resolver split-horizon for internal API names
4. Non-overlapping CIDR across on-prem, Outposts, and Regional VPCs

Outposts requires a service link to the parent Region — AWS documentation recommends ≥500 Mbps–1 Gbps redundant bandwidth. Undersize it and instability shows up as “mystery” API timeouts before user load spikes.

For VPC design depth, see VPC networking best practices — this post does not re-teach subnet sizing.

Context — AWS CLI 2.x, networking account:

aws directconnect describe-virtual-interfaces --query 'virtualInterfaces[*].[virtualInterfaceState,bgpStatus]'
aws ec2 describe-transit-gateway-attachments --filters Name=state,Values=available

Full steps: connectivity checklist.

Local Zone vs Outposts in practice

Local Zones extend a parent Region VPC. You create subnets mapped to the Local Zone; EC2 and EBS run locally while control-plane calls may still hit the Region. Service availability is a subset — verify Local Zone features before promising Aurora shapes.

Outposts export instances that look like Regional EC2 but physically sit in your cage. Use when data residency demands customer-controlled facilities or when hardware (HSM, legacy appliance) cannot move. Capex and colo power are real — model the latency-cost worksheet before signing a three-year rack order.

What broke — Platform team procured a full Outposts rack for “single-digit latency” to Chicago traders. Post-deploy measurement showed read APIs were cacheable and p99 from us-east-1 was 42ms — acceptable for half the portfolio. Local Zone pilots hit 9ms for those paths at ~$1.2k/mo incremental vs ~$22k/mo rack TCO. Rack stayed for HSM only; everything else moved to Local Zone + Regional analytics. Lesson: measure Region baseline before capex.

Wavelength and 5G

AWS Wavelength zones run in telco data centers at the edge of 5G networks — ideal for video distribution, game streaming, and industrial AR with mobility. Prerequisites: carrier partnership, handset routing validated with telco NOC, and acceptance that service catalog is a subset of the parent Region. Wavelength without 5G integration is the most common “edge for edge’s sake” failure we see in architecture reviews.

Residency cross-link

When placement is driven by sovereignty rather than milliseconds, pair this post with the data residency guide — Outposts and Local Zones satisfy different auditor questions.

What to do this week

1. Measure p99 RTT from target metros to parent Region — document before buying hardware.
2. Check Local Zone availability in those metros; run one latency-sensitive API there.
3. Inventory workloads that truly need your floor (HSM, OT bridge) vs cacheable reads.
4. Validate DX + VPN + TGW against the connectivity checklist.
5. If considering Wavelength, get carrier sign-off before architecture review closes.

What this post doesn’t cover

• Snow Family bulk migration — see migration cost surprises.
• Factory OT / OPC-UA edge — OT/IT convergence.
• EC2 vs Lambda cost break-even — hybrid compute guide.
• Full telco 5G core design — requires carrier engineering beyond AWS docs.

Related: VPC networking · Cross-account patterns · Managed services