Architecture help - How can I architect a web app with a custom subdomain and it's own configuration for each customer?
I would like to deploy a multi tenant web application say webapp.com and I would like each customer to have their own subdomain like app.customer1.webapp.com, api.customer1.webapp.com, app.customer2.webapp.com, api.customer2.webapp.com, etc. This was each customer has their own API and Web App URL. I would like all web app urls to go to the same instance of the application but load a different configuration for each customer - each customer has their own cognito userpool. Similarly for API but I would need to authenticate based on Bearer Token and Domain used. For the backend I think I will have a dynamodb table to hold the details of each customer.
The web app is NextJS app so I think I will use a fargate cluster for both the web app and api (I want to avoid API Gateway and lambda). I will also use CDK for all infrastructure so I might also use it to bootstrap each customer using a stack that consists of Route53 configs and other resources like userpool that is unique to each customer. What is the easiest way to achieve this (preferably with CDK) ?
If I were doing this, I would take the easiest approach which would be to have a r53 CNAME pointing to an application load balancer:
// ... const tenantName = new cdk.CfnParameter(this, "TenantName", { type: "String" }) const webAlb = new elb.ApplicationLoadBalancer(this, 'alb', { ... }) const apiAlb = new elb.ApplicationLoadBalancer(this, 'alb', { ... }) const zone = new r53.HostedZone(this, 'zone', { zoneName: 'example.com' }) new r53.CnameRecord(this, 'webcname', { domainName: webAlb.loadBalancerDnsName, zone: zone, recordName: `${tenantName.valueAsString}.example.com` }) new r53.CnameRecord(this, 'apicname', { domainName: apiAlb.loadBalancerDnsName, zone: zone, recordName: `api.${tenantName.valueAsString}.example.com` }) // ...
then you can also have a Cognito user pool per tenant per the documentation here.
Alternatively, and slightly more complicated would be to use CloudFront to provide CDN capability with R53 in front, also with CNAME entries. With this, you can also provide tenant-specific behavior rules in CloudFront to provide custom branding per tenant for example.
// ... const tenantName = new cdk.CfnParameter(this, "TenantName", { type: "String" }) const webAlb = new elb.ApplicationLoadBalancer(this, 'alb', { ... }) const apiAlb = new elb.ApplicationLoadBalancer(this, 'alb', { ... }) const distro = new cf.Distribution(this, 'distro', { defaultBehavior: {origin: new cfo.LoadBalancerV2Origin(webAlb)}, ... }) const zone = new r53.HostedZone(this, 'zone', { zoneName: 'example.com' }) new r53.CnameRecord(this, 'webcname', { domainName: distro.distributionDomainName, zone: zone, recordName: `${tenantName.valueAsString}.example.com` }) new r53.CnameRecord(this, 'apicname', { domainName: apiAlb.loadBalancerDnsName, zone: zone, recordName: `api.${tenantName.valueAsString}.example.com` }) // ...
You can read the details of the CDK apis I used here:
https://docs.aws.amazon.com/cdk/api/v1/docs/aws-cloudfront-origins-readme.html https://docs.aws.amazon.com/cdk/api/v1/docs/aws-cloudfront-origins-readme.html https://docs.aws.amazon.com/cdk/api/v1/docs/aws-route53-readme.html
Relevant questions
Is it possible to deploy a small HTTPS web app on Fargate, internet accessible, without using a load balancer?
asked a month agoBuilt a dynamic website using Wordpress hosted on a 3-tier architecture
asked 4 months agoHow to setup interface VPC endpoints in a multi tier architecture?
Accepted Answerasked 2 years agoLooking for ideas, How can I create a secure SFTP server with scanning?
asked 4 months agoMigrating multi-tenant application to Cognito ... how many user pools is too many?
asked 7 months agoArchitecture help - How can I architect a web app with a custom subdomain and it's own configuration for each customer?
asked 2 months agoHow can I change pw and access my web server instance?
asked 9 months agoArchitecture for multi-region ECS application
asked 2 months agoHow to give users a limited access time to a web app running on ECS/EC2
asked 2 months agoCustomizing the environment on a Windows Server
asked 3 years ago