Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How to handle different clients software (my own company software) versions deployment and who is the data owner and how to handle this?
Hi!
If a client uses my app to collect data and the data is stored in my database who is the owner of the data? I saw that with legal agreements you can define if for example my company stores the data in our databases but it belongs to the client so we give them the option to export the data when they want or removed the data. But if they need and want to have the data in their databases, my app should connect in a way to their databases to store the data there. Is this something that is done in the industry? If so am I right? or I missed something?
Then regarding the option to deploy my app to diferent clients but with custom flows and implementations what should be the best way?
- Have sepparate branches of the software for each client and deploy each branch in different ecs cluster with isolated vpcs and databases?
- Have sepparate branches but use the same cluster, vpc and databases for every client but of course filtering everything by ids etc?
- Have common branches but use the same cluster, vpc and databases for every client but of course filtering everything by ids etc?
- Have common branches that have all the custom code for each client but depending on where I do the deployment some classes or others will be compiled and runned based on the client?
Thanks in advance!
- Topics
- Application IntegrationAnalyticsServerlessFront-End Web & MobileStorageNetworking & Content DeliveryAWS Well-Architected Framework
- Language
- English
- Newest
- Most votes
- Most comments
Data Ownership and Storage:
You're correct that data ownership is typically defined through legal agreements. In SaaS models, even when data is stored in the provider's infrastructure, it commonly belongs to the customer, with the provider acting as a data processor. Offering data export and deletion capabilities is a standard practice and often a regulatory requirement.
Regarding storing data in client databases, yes, this is done in the industry through different deployment models:
-
Provider-Hosted Model: Your company manages everything in your AWS account, including databases. This maximizes operational efficiency but requires you to handle all infrastructure management, security, scalability, and compliance.
-
Customer-Hosted Data Plane: The application components that handle customer data run in the customer's environment (their AWS account or on-premises), while you maintain a control plane for management. This enables customers to maintain data sovereignty while benefiting from your expertise. You would manage application components in their environment while they manage the underlying infrastructure.
-
Hybrid Approach: Allows deployment into customer environments while keeping control plane components in your account, accommodating diverse customer needs around data residency and compliance.
Handling Different Client Versions and Deployments:
For managing multiple clients with custom implementations, consider these multi-tenant partitioning approaches:
Silo Model (closest to your first option): Separate infrastructure (database instance/cluster) for each tenant. This provides full data isolation and control over resource usage but has higher infrastructure costs and slower onboarding for new tenants.
Bridge with Separate Databases: Each tenant gets a separate database within a shared infrastructure, offering data isolation with moderate onboarding agility and moderate infrastructure costs.
Bridge with Separate Schemas: Tenants share a database but have separate schemas, providing moderate isolation with faster onboarding and lower costs than full silos.
Pool Model (closest to your third option): Shared tables with tenant identification through IDs, offering the fastest onboarding and lowest infrastructure costs, but requiring careful design for data isolation and query performance.
Best Practices for Version Management:
When deploying different versions or customizations:
- Decouple schema changes from code changes to minimize risk during deployments
- Use additive schema modifications first (adding fields, entities) that are backward compatible
- Implement strong testing and QA phases before production deployments
- Consider deployment strategies like:
- Blue/green deployments to shift traffic between environments with minimal downtime
- Canary deployments to incrementally roll out changes
- Rolling updates to deploy gradually across instances
Recommendations:
Rather than maintaining separate branches per client (which creates significant maintenance overhead), consider:
- Building a feature flag system within a common codebase to enable/disable functionality per tenant
- Using configuration-driven customization where client-specific behaviors are defined through configuration rather than code branches
- Implementing a plugin architecture for client-specific extensions
- Choosing your isolation model based on:
- Customer requirements for data sovereignty and compliance
- Your operational capabilities and automation maturity
- Cost considerations and scale requirements
- The degree of customization needed per client
The industry trend is toward maximizing code reuse through configuration and feature management rather than maintaining separate codebases, while offering flexible deployment options (provider-hosted vs. customer-hosted) based on customer needs for data control and compliance.
Sources
Decision matrix - AWS Prescriptive Guidance
Best Practices for Managing Data Synchronization and Schema Changes - Blue/Green Deployments on AWS
Deployment strategies - Introduction to DevOps on AWS
SaaS deployment architectures with Amazon EKS | Containers
Relevant content
- AWS OFFICIALUpdated a year ago
If you are providing your application to clients, you should definitely have a legal user agreement in place both to protect you and to define expectations for both sides.