Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Agent based multi tenant SaaS using AWS IoT core

0

I am trying to build an agent based SaaS similar to what's mention in this article. Basically, I want to deploy a container (agent) application on client's cloud infra and have the container communicate with my SaaS on my cloud infra. The agent's behaviour is controlled in real time by the SaaS by using some configurations and the agent sends some discovery information back to the SaaS.

From the two part article I shared above, it seems the AWS IoT core is best suited for my use case. My concern is about the client bypassing my SaaS and controlling the agent directly. Most of the business logic is going to be on the agent and if client can get access to client specific x.509 certificates and decrypts the live session, it can bypass controls established by my SaaS. First of all is this possible? second is there a way to avoid this?

Topics
Internet of Things (IoT)SaaS on AWS
Tags
SaaS on AWSAWS IoT Core
Language
English
asked 10 months ago167 views
1 Answer
0

Building an agent-based multi-tenant SaaS solution using AWS IoT Core is indeed a viable approach for your use case. AWS IoT Core provides secure communication channels between your SaaS application and the agents deployed on your clients' infrastructure. However, your concerns about potential bypassing of your SaaS controls are valid and need to be addressed carefully.

To address your specific questions:

  1. Is it possible for a client to bypass your SaaS and control the agent directly?

    Yes, it is theoretically possible if the client gains access to the client-specific X.509 certificates and manages to decrypt the live session. However, AWS IoT Core provides several security measures to mitigate this risk.

  2. Is there a way to avoid this?

    While it's challenging to completely eliminate the risk, you can implement several strategies to significantly reduce the possibility of unauthorized access:

    a. Use AWS IoT Core's fine-grained permissions: Implement strict IAM policies and AWS IoT policies to control what actions each device (agent) can perform. This limits the potential damage even if a client gains unauthorized access.

    b. Implement mutual authentication: Use both server and client-side certificates for authentication. This ensures that both the agent and your SaaS platform can verify each other's identity.

    c. Rotate credentials regularly: Implement a system to rotate the X.509 certificates periodically. This limits the window of opportunity for potential misuse.

    d. Encrypt sensitive data: Use AWS IoT Core's encryption capabilities to protect sensitive data in transit and at rest.

    e. Implement robust monitoring and alerting: Use AWS IoT Core's monitoring features to detect unusual patterns or unauthorized access attempts.

    f. Split functionality between agent and SaaS: Consider keeping critical business logic on your SaaS platform rather than on the agent. The agent could be designed to request instructions from the SaaS for sensitive operations.

    g. Implement additional authentication layers: Consider adding application-level authentication in addition to the AWS IoT Core's security measures.

By implementing these measures, you can create a robust security model that significantly reduces the risk of unauthorized access or bypassing of your SaaS controls. Remember that security is an ongoing process, and you should regularly review and update your security measures to address new potential threats.

Sources
Tenant Switching and Custom Permissions in a Multi-Tenant Serverless Application | AWS Partner Network (APN) Blog
Amazon Verified Permissions multi-tenant design considerations - AWS Prescriptive Guidance
Multi-tenant SaaS authorization and API access control: Implementation options and best practices - AWS Prescriptive Guidance

answered 10 months ago
AWS
EXPERT
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content