Multi-AZ protects you from a datacenter outage inside a region with lower latency and simpler ops. Multi-region can survive a full region outage but adds latency, data replication complexity, and higher costs.
Advanced answer
Deep dive
High availability starts with defining failure domains and objectives:
**RTO** (how quickly you must recover)
**RPO** (how much data loss is acceptable)
Multi-AZ (within a region)
Typical baseline:
stateless app instances spread across 2–3 AZs,
load balancer with health checks,
managed DB in multi-AZ mode or replication/failover,
redundant caches/queues.
Multi-region (across regions)
Used for disaster recovery or global latency:
**active-passive**: one region serves traffic; the other is standby (simpler, but failover time).
**active-active**: both serve traffic (harder: data consistency, conflict resolution, split-brain risks).
Practical guidance
Do multi-AZ by default for production.
Add multi-region when your RTO/RPO or regulatory needs require surviving a region outage.