AWS Availability Zone names may look like unique identifiers, but they are mapped to physical availability zones essentially at random. This means that us-west-2b in one account may be the same physical availability zone as us-west-2a in another account.

If you are doing certain kinds of cross-account networking mapping by name can result in errors. To solve this AWS provides the ID** of the availability zone, which *will* map to the same physical availability zone in every account. They don’t make it easy though: it’s hidden away inside the esource Access Manager**R.

Luckily, if you are using terraform you can easily get the the availability zone ID as a value by mapping it against the aws_availability_zones data resource. Here is an example using a VPC Service Endpoint.

data "aws_availability_zones" "available" {}

output "service_provider_zone_ids" {
  description = "Availability Zone IDs of the Provider"

  value = "${matchkeys(
    data.aws_availability_zones.available.zone_ids,
    data.aws_availability_zones.available.names,
    aws_vpc_endpoint_service.service_provider.availability_zones
  )}"
}