By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Multi-tenant design

0

I want to understand how the multi-tenant application are built ? Assume a product called "company.com" exist. The client want to use this company.com and create a sub domain i.e client1.company.com.

In AWS how this can be achieved ? Does Route 53 provides any way to create the sub-domain using runtime APIs.

After the creation of sub domain is successful, how to identify the client1 i.e tenant from url in AWS ? Does Route 53 provides some way to identify the tenant ?

Also How does cognito works in multiple tenant application? For every tenant do we need to create cognito identity pool ? What is the recommendation for this ?

Can some one explain this ?

Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon CognitoAmazon Route 53Domain Name System (DNS)
Language
English
Navin GV
asked 2 years ago720 views
1 Answer
2

Hi, @Navin GV

The most important part to consider when designing an infrastructure for a multi-tenant application is the tenant isolation strategy.
Check the following.

https://aws.amazon.com/partners/programs/saas-factory/tenant-isolation/?nc1=h_ls

Tenant separation mainly includes silos, pools, and bridges.

Let me give you an example.
It's simple if you use silo strategies and subdomains. It can be separated by simply changing the destination of name resolution for each subdomain to a different infrastructure.
In the case of pools and bridges, it is possible to change the behavior in the host header in the same infrastructure, but in that case it is necessary to think about how to separate tenants in the shared infrastructure.

If you use Cognito, you can separate the ID pool separately, or you can include the tenant ID in the custom attribute and separate it.

The answer is that AWS defines best practices for various multi-tenant applications, but which one you apply depends on your strategy.
Check out the SaaS best practices below for more information on multi-tenant strategies.

https://docs.aws.amazon.com/wellarchitected/latest/saas-lens/general-design-principles.html

profile picture
EXPERT
iwasa
answered 2 years ago
profile pictureAWS
EXPERT
Toni_S
reviewed 2 years ago
  • Navin GV
    2 years ago

    Suppose if i decided to use pool model with tenant id as custom attribute in cognito, how do I restrict the cross tenant data access in dynamo ? Do I need to handle the tenant_id of data with tenant_id of the request in the application ? Or Do we have some mechanism to get STS token (temp credentials) with using tenant id ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content