Skip to main content
awsdown
criticalDynamoDBus-east-1

AWS us-east-1 Outage (October 20, 2025): The DynamoDB DNS Failure, Explained

AWSDown Research · Incident analysisPublished October 24, 2025Updated June 15, 20269 min read

Timeline

  1. Impact begins

    Error rates for DynamoDB requests in us-east-1 spike as dynamodb.us-east-1.amazonaws.com stops resolving. Dependent AWS services begin failing their own DynamoDB calls.

  2. Investigating

    AWS confirms elevated error rates across multiple services in us-east-1 and begins tracing the fault to DNS resolution of the DynamoDB regional endpoint.

  3. Identified

    Root cause identified: the endpoint’s DNS record was emptied by DynamoDB’s own DNS management automation. Engineers begin manual restoration.

  4. Monitoring

    DNS information is restored. DynamoDB begins recovering, but a backlog of retries and dependent-service congestion keeps error rates elevated.

  5. Cascading impact

    EC2’s internal launch subsystem (DWFM), which depends on DynamoDB, enters a congestive state - new instance launches fail region-wide even as DynamoDB itself recovers.

  6. Mitigating

    Network Load Balancer health-check failures - a knock-on effect that removed healthy capacity from service - are mitigated.

  7. Resolved

    AWS declares all services returned to normal operation, roughly 15 hours after the first errors.

Root cause

DynamoDB manages the DNS records for its regional endpoints with automation - a DNS Planner that computes the desired state and redundant DNS Enactors that apply it. On October 19–20, an unusual timing interaction between two Enactors produced a classic race: a slow Enactor applied a stale plan, a cleanup process then deleted the plan the other Enactor had just applied, and the system ended up removing every IP address from dynamodb.us-east-1.amazonaws.com. The automation could not self-repair from that state; humans had to intervene.

Two properties made this catastrophic rather than annoying. First, DNS sits in front of everything: an empty record doesn't degrade a service, it makes it unreachable. Second, DynamoDB in us-east-1 is not just a customer database - it is a dependency of AWS's own control planes. When it disappeared, services that customers think of as independent (EC2 launches, Lambda, IAM propagation, NLB health checking) discovered their shared foundation in public.

How the cascade unfolded

The incident is a textbook example of how recovery can hurt more than failure. Restoring the DNS record took about three hours. The next twelve were spent fighting physics:

  • Retry storms. Every client that failed for three hours retried at once, hitting a service that was warming back up.
  • Congestive collapse in EC2's launch path. The internal DropletWorkflow Manager, which leases the physical hosts EC2 launches onto, had lost its DynamoDB-backed state. As leases timed out en masse, re-establishing them queued behind itself, and new instance launches failed region-wide long after DynamoDB was healthy. Engineers ultimately had to throttle launches and restart components to break the feedback loop.
  • Health-check flapping. Network Load Balancer health checks began failing healthy targets that were merely slow, removing real capacity at the worst moment - mitigated only when AWS disabled the automatic failover behavior mid-incident.

If your architecture retried aggressively that day, you were part of the problem - and your bill was part of the evidence.

Business impact

This was, by breadth, the most disruptive cloud incident since 2021: consumer apps, banks, airlines, and government services went dark or degraded for most of a business day, with public estimates of aggregate damage running into the billions. For individual AWS customers the impact concentrated in three places: anything stateful on DynamoDB in us-east-1, anything that needed to scale during the window (no new EC2 capacity meant no autoscaling), and anything fronted by an NLB whose healthy targets were being flapped out of service.

Prevention and lessons

The honest lesson is not "multi-cloud" - it is that us-east-1 is a single point of failure you chose. Concretely:

  1. Treat region as your blast-radius unit. Critical workloads need a tested path to run somewhere other than us-east-1. Our Multi-AZ vs Multi-Region guide covers when the cost is justified - Multi-AZ did nothing for you in this event.
  2. Bound your retries. Exponential backoff with jitter and circuit breakers is the difference between recovering in minutes and participating in a region-wide retry storm.
  3. Know your hidden DynamoDB dependencies. Many teams discovered mid-incident that "we don't use DynamoDB" was false - via Cognito, IAM, feature-flag vendors, or their own platform teams. Dependency mapping is DR work, not documentation work (the DR checklist has a concrete exercise for this).
  4. Watch the DynamoDB status page - not Twitter. During the event, status pages lagged reality by minutes; social media lagged by an hour and was mostly wrong about the cause.

SLA credit eligibility

Yes - affected us-east-1 workloads fell well below monthly SLA targets. Roughly 15 hours of impact equates to ~97.9% monthly uptime if fully down, which reaches the 10–30% credit tier for services like EC2 and DynamoDB. Claims required evidence and a support case within ~60 days.

Work out what your bill was owed with the independent AWS SLA credit calculator, or automate breach detection with Next Signal (sponsor). For the full claim process, see the AWS credit-recovery playbook.

Questions about this outage

What caused the AWS outage on October 20, 2025?

A race condition in the automation that manages DNS records for DynamoDB’s regional endpoint left dynamodb.us-east-1.amazonaws.com with an empty DNS record. Everything that called DynamoDB in us-east-1 - including large parts of AWS itself - failed until the record was manually restored, and knock-on congestion extended recovery for hours.

How long did the October 2025 AWS outage last?

About 15 hours end to end in us-east-1: DNS was repaired within roughly three hours, but cascading failures in EC2 instance launches and NLB health checks kept services degraded until around 22:00 UTC.

Which services were affected by the DynamoDB DNS outage?

AWS listed over 100 affected services. The biggest customer-visible impacts were DynamoDB itself, new EC2 instance launches, Lambda invocation errors, and Network Load Balancer health-check flapping - plus every SaaS product built on top of them.

Did the October 2025 outage qualify for SLA credits?

Yes. For workloads in us-east-1, ~15 hours of impact in a month is far below the 99.99% uptime targets of DynamoDB and EC2, putting affected customers in the 10% credit tier at minimum. Credits required filing a claim with evidence within roughly 60 days.

Next time, hear it from us first

Instant alerts when AWS incidents are detected - services and regions included.

Get outage alerts

More post-mortems

Lambda

AWS Lambda Outage in us-east-1 (June 13, 2023): What Happened

A degradation in the subsystem that manages Lambda’s execution capacity caused elevated invocation error rates in us-east-1 for about three hours. Because Lambda sits inside so many AWS features - including STS and parts of the console - the blast radius reached far beyond “serverless” workloads.

S3

The 2017 S3 Outage: A Typo That Broke the Web - Lessons That Still Apply

A playbook command executed with a mistyped parameter removed far more S3 index capacity than intended in us-east-1. The subsystems needed a full restart - something S3 hadn’t done in years at that scale - and for ~4 hours, a huge share of the web (including AWS’s own status dashboard) broke.