Login/Register
AWS Lambda + Serverless framework - Make website accessible from China
Asked Answered
amazon-web-servicesaws-lambdaserverless-frameworkaws-serverlessgreat-firewall-of-china
A

1

7

I'm trying to understand the various steps and requirements I need to go through in order to make our website available from China, both on the regulation side (Great Firewall) but also on the technical side (technical limitations and changes to perform) for https://unly.org/

Right now, it doesn't seem to be allowed: http://www.chinafirewalltest.com/?siteurl=https%3A%2F%2Funly.org%2F

enter image description here

I don't need nor want to own a .ch website, I just want to make my website available for Chinese at https://unly.org/. Also, the website is currently hosted on AWS Lambda (using the Serverless framework), and only deployed in the eu-west-1 region (Ireland) only.

The website doesn't sell anything online: It's an information website, not e-commerce.

I've looked into this issue for a few hours, but I'm a bit lost regarding the exact steps needed to make it happen.

Here are a few questions I haven't found answers for:

  • Does deploying the lambda to cn-north-1 (China Beijing) is a requirement or can Chinese users access my eu-west-1 lambda if I get an ICP license?

Regardless of the deploying region, I seem to need an ICP License, as the AWS FAQ says at https://www.amazonaws.cn/en/about-aws/china/faqs/#new%20step:

Q: Do I need to file for ICP Recordal or ICP License if I want to host public content on AWS China (Beijing) Region or AWS China (Ningxia) Region?

Yes. In accordance with Chinese laws and regulations, if you use either AWS China Region to host a website providing non-commercial internet information services, you must undertake filing procedures for a non-commercial website (“ICP Recordal”) through the relevant government authority. If you use either AWS China Region to host a website providing commercial internet information services, you must obtain a value-added telecommunications license for a commercial website (“ICP License”) from the relevant government authority. You may be required to produce your ICP Recordal or ICP License, as applicable, before you host public content using one of the AWS China Regions.

AWS China (Beijing) Region is operated by Sinnet, who is responsible for content hosted in the Beijing Region, while AWS China (Ningxia) Region is operated by NWCD, who is responsible for content hosted in the Ningxia Region. Both Sinnet and NWCD provide support at no additional charge for customers seeking ICP related services, though customers are responsible for any fees imposed by the applicable government authorities. To learn more about the filing procedures, please visit Sinnet at http://www.sinnet.com.cn/service.aspx?PartNodeId=35 and NWCD at http://nwcdcloud.cn/ICP.aspx.

As for actually getting the license, it's a bit out of topic here, but I couldn't understand the first provider workflow:

Anyway, the process seems to take around 4-6 weeks. So, it likely takes even more time than that.

Regarding the technical details now, it seems like the China region (cn-north-1 Beijing and cn-northwest-1 Ningxia) behave in a very particular way on AWS Lambda.

  1. They only support REGIONAL endpoints
  2. They do not support native Serverless environment variables

See

Also, there are technical impacts on the website itself:

  • Google services are banned, or limited (Google Analytics (limited), Google Tag Manager, Google Fonts (banned)) and must be changed, converted to owned CDN, etc.

And I've probably missed other technical limitations, since that's just those I learned about within 2h of digging around.

Are there other steps I overlooked? (regulation or technical) Do you have any advices or feedback about how to make a website hosted on AWS Lambda available in China?

Anabelanabella answered 11/7, 2019 at 14:41 Comment(0)
P
1

Since your question contains several different aspects, I'll split my answer into two parts:

Make your website available from China

  • From my experience, it doesn't matter whether you're using a .com or .cn domain. You could use a .cn domain to host a Chinese version of your website, of course. But I don't think it would help with any of the problems you describe
  • For a "standard", international website hosted outside China, it depends on the GFW whether it's accessible from inside China or not. In your case, it seems to be blocked
  • Google services are banned indeed. There's nothing you can do about it
  • In order to officially register your website (to get it "unblocked"), you do need an ICP license as you've already found out. A good overview about the registration workflow is given by Alibaba Cloud
  • I've never went through the complete exercise, but I doubt it's possible without some help from somebody speaking Chinese

AWS Lambda

The setup you describe - deploying lambda functions to two different regions, one being somehow non "standard" (the Chinese one) - might create problems on the techical side as well. I'd suggest starting with a simple (one region) setup first until you get the ICP problem fixed, maybe using some China-aware CDN provider. Or you try with a "standard" AWS region closer to China; for this case, some people recommend the Singapore region.

Pastelki answered 30/7, 2019 at 9:41 Comment(3)
Thank you for sharing your feedback. The most problematic issues I see right now are [1] How to get an ICP license considering we are a very small company and aren't fluent in Chinese, will those Sinnet and NWCD provider guide us through the process for free? Or shall we rather use some third party provider? [2] We must technically replace all our Google services by Chinese-approved services, but still respecting EU compliances, such as the GDPR. (GFonts, GAnalytics, GTM, mainly) [3] We must learn to optimise our services from China, passing regulation is not the end, just the beginning.Anabelanabella
@Anabelanabella Considering 1½ year has passed, would you be able to share any experiences from this? Did you pull through? Did you manage to get an ICP license? Was it straight-forward? Technical challenges? Overall experience?Cienfuegos
@Cienfuegos TLDR; It looked too complicated for us considering the benefits, so we didn't even try. Also, the customer who wanted this feature didn't go through with it, so we didn't have any obligation to implement it. Although, because a customer asked once it might be asked again, I did some more research and eventually select Vercel as hosting provider (instead of AWS directly), and Vercel somehow allows websites to be accessible from China (it worked, then it didn't, then they fixed it), but unless you're under an Enterprise plan, it's not 100% reliable. (but it's the simplest solution I found)Anabelanabella

© 2022 - 2024 — McMap. All rights reserved.