AWS Lambda + Serverless framework - Make website accessible from China

Question

I'm trying to understand the various steps and requirements I need to go through in order to make our website available from China, both on the regulation side (Great Firewall) but also on the technical side (technical limitations and changes to perform) for https://unly.org/

Right now, it doesn't seem to be allowed: http://www.chinafirewalltest.com/?siteurl=https%3A%2F%2Funly.org%2F

I don't need nor want to own a .ch website, I just want to make my website available for Chinese at https://unly.org/. Also, the website is currently hosted on AWS Lambda (using the Serverless framework), and only deployed in the eu-west-1 region (Ireland) only.

The website doesn't sell anything online: It's an information website, not e-commerce.

---

I've looked into this issue for a few hours, but I'm a bit lost regarding the exact steps needed to make it happen.

Here are a few questions I haven't found answers for:

• Does deploying the lambda to cn-north-1 (China Beijing) is a requirement or can Chinese users access my eu-west-1 lambda if I get an ICP license?

Regardless of the deploying region, I seem to need an ICP License, as the AWS FAQ says at https://www.amazonaws.cn/en/about-aws/china/faqs/#new%20step:

Q: Do I need to file for ICP Recordal or ICP License if I want to host public content on AWS China (Beijing) Region or AWS China (Ningxia) Region?

Yes. In accordance with Chinese laws and regulations, if you use either AWS China Region to host a website providing non-commercial internet information services, you must undertake filing procedures for a non-commercial website (“ICP Recordal”) through the relevant government authority. If you use either AWS China Region to host a website providing commercial internet information services, you must obtain a value-added telecommunications license for a commercial website (“ICP License”) from the relevant government authority. You may be required to produce your ICP Recordal or ICP License, as applicable, before you host public content using one of the AWS China Regions.

AWS China (Beijing) Region is operated by Sinnet, who is responsible for content hosted in the Beijing Region, while AWS China (Ningxia) Region is operated by NWCD, who is responsible for content hosted in the Ningxia Region. Both Sinnet and NWCD provide support at no additional charge for customers seeking ICP related services, though customers are responsible for any fees imposed by the applicable government authorities. To learn more about the filing procedures, please visit Sinnet at http://www.sinnet.com.cn/service.aspx?PartNodeId=35 and NWCD at http://nwcdcloud.cn/ICP.aspx.

As for actually getting the license, it's a bit out of topic here, but I couldn't understand the first provider workflow:

• http://www.sinnet.com.cn/en/ website is a mix of english and chinese and I got lost in translation (even when using their english website version)
• http://nwcdcloud.cn/ContactUs.aspx seems to require to send an email to [email protected], no idea what happens next

Anyway, the process seems to take around 4-6 weeks. So, it likely takes even more time than that.

---

Regarding the technical details now, it seems like the China region (cn-north-1 Beijing and cn-northwest-1 Ningxia) behave in a very particular way on AWS Lambda.

1. They only support REGIONAL endpoints
2. They do not support native Serverless environment variables

See

• https://github.com/serverless/serverless/pull/4665#issuecomment-365843810
• Lambda - EnvironmentVariablesFeature is not supported in cn-north-1 region

Also, there are technical impacts on the website itself:

• Google services are banned, or limited (Google Analytics (limited), Google Tag Manager, Google Fonts (banned)) and must be changed, converted to owned CDN, etc.

And I've probably missed other technical limitations, since that's just those I learned about within 2h of digging around.

Are there other steps I overlooked? (regulation or technical) Do you have any advices or feedback about how to make a website hosted on AWS Lambda available in China?

Answer 1

Since your question contains several different aspects, I'll split my answer into two parts:

Make your website available from China

• From my experience, it doesn't matter whether you're using a .com or .cn domain. You could use a .cn domain to host a Chinese version of your website, of course. But I don't think it would help with any of the problems you describe
• For a "standard", international website hosted outside China, it depends on the GFW whether it's accessible from inside China or not. In your case, it seems to be blocked
• Google services are banned indeed. There's nothing you can do about it
• In order to officially register your website (to get it "unblocked"), you do need an ICP license as you've already found out. A good overview about the registration workflow is given by Alibaba Cloud
• I've never went through the complete exercise, but I doubt it's possible without some help from somebody speaking Chinese

AWS Lambda

The setup you describe - deploying lambda functions to two different regions, one being somehow non "standard" (the Chinese one) - might create problems on the techical side as well. I'd suggest starting with a simple (one region) setup first until you get the ICP problem fixed, maybe using some China-aware CDN provider. Or you try with a "standard" AWS region closer to China; for this case, some people recommend the Singapore region.