Evaluating Timestream DB for multi-tenant SaaS application - Per database encryption quota limit

Question

We are evaluating Timestream DB for handling metrics for our SaaS application that we are developing on AWS. In order to maintain data isolation we are looking at encrypting each customer's data separately. For Timestream this appears to mean we need a separate database for each customer as the encryption is done at a database level.

In short, this means we are limited to 500 databases per account (current quota limit) and therefore 500 customers if we stick to a single AWS account. I've checked Service Quota console and it appears none of these limits can be increased.

Do you have a recommended pattern for overcoming this limitation or a different approach?

Thanks,

Answer

If you are looking for a siloed tenancy at the database scope, you can explore adopting multiple AWS accounts to overcome the account level limit of 500 databases. 
If you can isolate your tenants at the table scope by limiting queries for users to their specific tables, then you have can go upto 50K tables.  Here is an IAM [policy](https://docs.aws.amazon.com/timestream/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-common-operations.limit-query-table) that shows how you can limit users by table.

Evaluating Timestream DB for multi-tenant SaaS application - Per database encryption quota limit

相關內容