- Newest
- Most votes
- Most comments
Hi, @Navin GV
The most important part to consider when designing an infrastructure for a multi-tenant application is the tenant isolation strategy.
Check the following.
https://aws.amazon.com/partners/programs/saas-factory/tenant-isolation/?nc1=h_ls
Tenant separation mainly includes silos, pools, and bridges.
Let me give you an example.
It's simple if you use silo strategies and subdomains. It can be separated by simply changing the destination of name resolution for each subdomain to a different infrastructure.
In the case of pools and bridges, it is possible to change the behavior in the host header in the same infrastructure, but in that case it is necessary to think about how to separate tenants in the shared infrastructure.
If you use Cognito, you can separate the ID pool separately, or you can include the tenant ID in the custom attribute and separate it.
The answer is that AWS defines best practices for various multi-tenant applications, but which one you apply depends on your strategy.
Check out the SaaS best practices below for more information on multi-tenant strategies.
https://docs.aws.amazon.com/wellarchitected/latest/saas-lens/general-design-principles.html
Relevant content
- asked a year ago
- asked 6 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 5 months ago
Suppose if i decided to use pool model with tenant id as custom attribute in cognito, how do I restrict the cross tenant data access in dynamo ? Do I need to handle the tenant_id of data with tenant_id of the request in the application ? Or Do we have some mechanism to get STS token (temp credentials) with using tenant id ?