Does CAP mean I must choose only two of consistency, availability, and partition tolerance?

Partition tolerance is not optional on AWS—you will have network partitions between AZs and Regions. The real design choice is how much consistency you sacrifice for availability during a partition, and which AWS API exposes that trade-off (strongly consistent DynamoDB reads vs eventual Global Tables, Aurora Global Database lag, SQS at-least-once).

When should I use DynamoDB Global Tables vs Aurora Global Database?

DynamoDB Global Tables optimize for multi-Region active-active with last-writer-wins conflict resolution—good for session carts, device state, idempotent counters. Aurora Global Database optimizes for a single primary writer with sub-second cross-Region replication—good when you need SQL, transactions on the primary, and can tolerate read lag on secondaries.

CAP Theorem on AWS — Multi-Region Practice Guide

CAP Theorem in Practice on AWS: What Architects Actually Need for Multi-Region

Quick summary: CAP is not a trivia question—it is the reason your global DynamoDB table shows stale inventory or why Aurora Global reads lag 80 ms behind the writer. This guide maps partition tolerance, consistency, and availability trade-offs to concrete AWS controls.

Key Takeaways

CAP is not a trivia question—it is the reason your global DynamoDB table shows stale inventory or why Aurora Global reads lag 80 ms behind the writer
This guide maps partition tolerance, consistency, and availability trade-offs to concrete AWS controls
As of June 2026, every multi-Region AWS architecture is partition-tolerant by default: AZ failures, Regional isolations, and cross-Region link brownouts are normal operating conditions—not edge cases
Benchmark pattern (first-party) — We replayed 50k cart updates/min across two Regions on DynamoDB Global Tables vs Aurora Global reader in /
Global Tables converged in <2 s with explicit conflicts on 0

As of June 2026, every multi-Region AWS architecture is partition-tolerant by default: AZ failures, Regional isolations, and cross-Region link brownouts are normal operating conditions—not edge cases. CAP becomes useful when it stops being a triangle on a whiteboard and starts explaining why checkout showed stale inventory or why your failover read returned pre-promotion data.

Benchmark pattern (first-party) — We replayed 50k cart updates/min across two Regions on DynamoDB Global Tables vs Aurora Global reader in us-east-1 / eu-west-1. Global Tables converged in <2 s with explicit conflicts on 0.3% of SKU rows; Aurora reader lag p95 was 78 ms but spiked to 4.2 s during writer failback. Artifact: consistency worksheet.

Symptom → mechanism → AWS control

Production symptom	Mechanism	AWS control
User sees old quantity after purchase	Eventual replication	DynamoDB `ConsistentRead=true` on critical path; avoid Global Tables for inventory ledger without conflict rules
Failover read shows rolled-back order	RPO > 0 on async replica	Aurora Global managed planned failover; Route 53 health checks on writer lag metric
Double charge after partition heal	Idempotency lost across Regions	DynamoDB conditional writes; SQS FIFO deduplication; outbox with global idempotency keys

Opinionated take: Treat DynamoDB strong reads on the home Region as your default for money paths; use Global Tables only when the product accepts merge semantics and you instrument conflict counters.

AWS services map

Need	Service	Skip when
Single-Region linearizable records	DynamoDB transactions + consistent reads	You need ad hoc SQL joins
Active-active item store	DynamoDB Global Tables	You need compare-and-swap across related rows in one transaction
SQL with one writer, many readers	Aurora Global Database	You need writable secondaries accepting conflicts
Cache with TTL staleness	ElastiCache	Cache is source of truth for inventory

When this advice breaks

Single-Region monolith on RDS Multi-AZ — CAP debates are quieter; latency is dominated by connection pool sizing, not replication.
Analytics replicas — Stale reads are a feature; do not pay for strong consistency on QuickSight paths.
S3 — Eventual consistency on LIST/HEAD edge cases still matter for pipeline orchestration; not solved by DynamoDB patterns.

What to do this week

Pick one revenue-critical read path and document its maximum staleness in milliseconds.
If using Global Tables, add a CloudWatch metric for conditional check failures / conflict retries.
For Aurora Global, alarm on AuroraGlobalDBReplicationLag at p95 > 1 s before failover drills.
Add idempotency keys to any cross-Region write triggered by EventBridge.

What this guide doesn’t cover

Paxos/Raft internals and CRDT merge semantics—see the coordination and CRDT guides in this track. We also do not re-derive saga/outbox patterns covered in the microservices production guide.

**As of June 2026**, every multi-Region AWS architecture is partition-tolerant by default: AZ failures, Regional isolations, and cross-Region link brownouts are normal operating conditions—not edge cases. CAP becomes useful when it stops being a triangle on a whiteboard and starts explaining **why checkout showed stale inventory** or **why your failover read returned pre-promotion data**. > **Benchmark pattern (first-party)** — We replayed 50k cart updates/min across two Regions on DynamoDB Global Tables vs Aurora Global reader in `us-east-1` / `eu-west-1`. Global Tables converged in **<2 s** with explicit conflicts on 0.3% of SKU rows; Aurora reader lag p95 was **78 ms** but spiked to **4.2 s** during writer failback. Artifact: [consistency worksheet](https://www.factualminds.com/examples/engineering-guides/cap-theorem-practice-aws/README.md). ## Symptom → mechanism → AWS control | Production symptom | Mechanism | AWS control | | ------------------------------------- | ------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | User sees old quantity after purchase | Eventual replication | DynamoDB `ConsistentRead=true` on critical path; avoid Global Tables for inventory ledger without conflict rules | | Failover read shows rolled-back order | RPO > 0 on async replica | Aurora Global **managed planned failover**; Route 53 health checks on writer lag metric | | Double charge after partition heal | Idempotency lost across Regions | DynamoDB conditional writes; SQS FIFO deduplication; outbox with global idempotency keys | **Opinionated take:** Treat **DynamoDB strong reads on the home Region** as your default for money paths; use Global Tables only when the product accepts merge semantics and you instrument conflict counters. ## AWS services map | Need | Service | Skip when | | ---------------------------------- | ---------------------------------------- | ---------------------------------------------------------------- | | Single-Region linearizable records | DynamoDB transactions + consistent reads | You need ad hoc SQL joins | | Active-active item store | DynamoDB Global Tables | You need compare-and-swap across related rows in one transaction | | SQL with one writer, many readers | Aurora Global Database | You need writable secondaries accepting conflicts | | Cache with TTL staleness | ElastiCache | Cache is source of truth for inventory | ## When this advice breaks - **Single-Region monolith on RDS Multi-AZ** — CAP debates are quieter; latency is dominated by connection pool sizing, not replication. - **Analytics replicas** — Stale reads are a feature; do not pay for strong consistency on QuickSight paths. - **S3** — Eventual consistency on LIST/HEAD edge cases still matter for pipeline orchestration; not solved by DynamoDB patterns. ## What to do this week 1. Pick one revenue-critical read path and document its **maximum staleness** in milliseconds. 2. If using Global Tables, add a CloudWatch metric for conditional check failures / conflict retries. 3. For Aurora Global, alarm on `AuroraGlobalDBReplicationLag` at p95 > 1 s before failover drills. 4. Add idempotency keys to any cross-Region write triggered by EventBridge. ## What this guide doesn't cover Paxos/Raft internals and CRDT merge semantics—see the coordination and CRDT guides in this track. We also do not re-derive saga/outbox patterns covered in the [microservices production guide](/blog/microservices-design-patterns-aws-production-guide-2026/).

CAP Theorem in Practice on AWS: What Architects Actually Need for Multi-Region

Symptom → mechanism → AWS control

AWS services map

When this advice breaks

What to do this week

What this guide doesn’t cover

Related AWS Services

AWS Architecture Review

AWS Serverless

AWS Migration

Recommended Reading

CRDTs and Eventual Consistency Anti-Patterns on AWS

Microservices Design Patterns on AWS: 10 Patterns That Actually Matter in 2026

Paxos, Raft, and Byzantine Fault Tolerance: What Cloud Architects Need

Distributed Locking, Redlock, and Consistent Hashing on AWS

AI & assistant-friendly summary

Summary

Key Facts

Entity Definitions

Related Content

Symptom → mechanism → AWS control

AWS services map

When this advice breaks

What to do this week

What this guide doesn’t cover

Related AWS Services

AWS Architecture Review

AWS Serverless

AWS Migration

Recommended Reading

CRDTs and Eventual Consistency Anti-Patterns on AWS

Microservices Design Patterns on AWS: 10 Patterns That Actually Matter in 2026

Paxos, Raft, and Byzantine Fault Tolerance: What Cloud Architects Need

Distributed Locking, Redlock, and Consistent Hashing on AWS