Using CloudFront SaaS Manager Parameters for Tenant-level Regional Traffic Routing

Introduction

Amazon CloudFront offers multiple approaches for regional traffic routing, including dynamic options like CloudFront Functions and Lambda@Edge that can make routing decisions in real-time based on request attributes. While these dynamic solutions provide maximum flexibility, they incur additional costs and complexity.

CloudFront SaaS Manager parameters offer an alternative for scenarios where routing patterns are known in advance and can be defined at tenant creation time. This parameter-based approach provides a cost-effective, static routing solution that avoids the per-request execution charges associated with CloudFront Functions or Lambda@Edge.

Let's explore how to use CloudFront SaaS Manager parameters to establish predetermined region-specific routing patterns based on tenant requirements or geographic location.

Understanding CloudFront SaaS Manager

CloudFront SaaS Manager simplifies how you scale and manage multi-tenant web applications by providing reusable configuration templates and parameters. It helps maintain consistent security settings across tenant domains while allowing flexibility for tenant-specific customizations, such as origin routing.

The core components of SaaS Manager include:

• Multi-tenant distribution: A template distribution that defines base configurations shared across domains
• Distribution tenant: A tenant-specific implementation that inherits configuration from the multi-tenant distribution
• Parameters: Key-value pairs for placeholder values that enable tenant-specific customizations

To read more about CloudFront SaaS Manager, review the documentation.

Introduction to CloudFront SaaS Manager Parameters

Parameters are a feature of CloudFront SaaS Manager that allow you to define placeholder values in your multi-tenant distribution. These placeholders can later be populated with specific values at the distribution tenant level.

Parameters work as key-value pairs that can be used to customize the origin domain or origin path to provide tenant-specific routing logic. The syntax for parameters is {{parameterName}}, which can be inserted into configuration elements like origin domains and paths.

When creating a multi-tenant distribution, you can define up to 5 parameters per distribution. These parameters can be either required or optional with default values.

Implementing Region-Based Routing with Parameters

Before creating your parameters, you'll need to evaluate your origin naming conventions to determine how to best parameterize them. For AWS resources, the domain will have the region in the URL, but there are generally other unique traits to consider with regional resources that may require parameters. In this section, we'll break down two primary patterns:

1. Single parameter patterns
2. Dual parameter patterns

Single Parameter Patterns

This pattern applies when regional origin resources share a common pattern where the region is the unique identifier in both the resource identifier and domain.

Using S3 origins as an example, S3 buckets are regional, but bucket names must be unique globally. This forces a naming convention that is unique across regions where the name can differ slightly. An easy way to achieve this is to add the region to the bucket name, for example:

content-bucket-us-west-2.s3.us-west-2.amazonaws.com

This example allows you to create a single "region" parameter and insert it into the origin domain as follows:

content-bucket-{{region}}.s3.{{region}}.amazonaws.com

Single parameter patterns will also work for resources that do not have globally unique naming conventions, where only the region in the domain must be parameterized.

Dual Parameter Patterns

In cases where the region isn't a simple identifier in the resource domain, you can make use of a second parameter, which we'll refer to as "identifier." Re-using the S3 example above, let's say our bucket URL naming convention is "content-bucket-<abbreviated regional identifier>":

content-bucket-usw2.s3.us-west-2.amazonaws.com

You would utilize two parameters as follows:

content-bucket-{{identifier}}.s3.{{region}}.amazonaws.com

The example above was used for consistency, but it's also possible to use the identifier parameter as the complete unique string in the domain, for example:

{{identifier}}.s3.{{region}}.amazonaws.com

Creating a Multi-Tenant Distribution with Region Parameters

Once you've determined your parameterization strategy, follow these steps to implement it:

1. Sign in to the AWS Management Console and navigate to CloudFront
2. Choose "Create Distribution" and select "Multi-tenant distribution"
3. Configure your cache behaviors and other settings as needed
4. For the origin configuration:
   • Add an origin with a parameterized domain name using one of the patterns described above
   • For example: content-bucket-{{region}}.s3.{{region}}.amazonaws.com
5. Define your parameters:
   • Parameter name: region
     • Description: AWS Region for tenant deployment
     • Required: No
     • Default: us-west-2
   • Parameter name: identifier
     • Description: AWS Region for tenant deployment
     • Required: Yes
6. Complete the distribution creation process

Assigning Parameter Values to Distribution Tenants

When creating distribution tenants, you'll provide specific values for your parameters based on the region each tenant should use, for example:

Tenant 1 (US West):

• region: us-west-2 (Note: This is the default value, so we don't technically need to supply it here, but we're providing it for demonstration purposes.)
• identifier: usw2

Tenant 2 (Europe):

• region: eu-west-1
• identifier: euw1

CloudFront will then route requests for each tenant to their respective regional origins without requiring per-request computation from CloudFront Functions or Lambda@Edge.

Conclusion

CloudFront SaaS Manager parameters provide a useful mechanism for implementing region-based routing in multi-tenant applications. By defining region parameters in your multi-tenant distribution and assigning specific values at the distribution tenant level, you can create sophisticated routing strategies that address data residency requirements, regulatory compliance, and geographic optimization.

This approach enables multi-tenant application owners to efficiently manage global deployments while maintaining tenant isolation and meeting regional compliance requirements.