AWS Availability Zone names may look like unique identifiers, but they are mapped to physical availability zones essentially at random. This means that us-west-2b in one account may be the same physical availability zone as us-west-2a in another account.

If you are doing certain kinds of cross-account networking mapping by name can result in errors. To solve this AWS provides the ID of the availability zone, which will map to the same physical availability zone in every account. They don't make it easy though: it's hidden away inside the Resource Access Manager.

Luckily, if you are using terraform you can easily get the the availability zone ID as a value by mapping it against the aws_availability_zones data resource. Here is an example using a VPC Service Endpoint.

data "aws_availability_zones" "available" {}

output "service_provider_zone_ids" {
  description = "Availability Zone IDs of the Provider"

  value = "${matchkeys(
    data.aws_availability_zones.available.zone_ids,
    data.aws_availability_zones.available.names,
    aws_vpc_endpoint_service.service_provider.availability_zones
  )}"
}