CBAss: you have a very good point, but I think you're oversimplifying also. I'll double-check with the Amazon folks, but as far as I know the "core routing infrastructure" is fault-tolerant within a region. If you look carefully at the NAT done by Amazon, it's stateless. This means that packets can come in & out multiple entry points. So if one availability zone goes down, there is some interesting stuff happening such that packets for your IPs can enter through other transit points into the region and go to a server in a different zone than previously. Even without the routing challenges, it's actually not so easy to keep such regional routing infrastructure failure isolated. It's pretty easy to set-up, but on a daily basis it's so easy to slip in innocent looking changes that compromise the isolation. At least that has been my experience as well as that of others. Thanks for the comment!