SlideShare a Scribd company logo

Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

SaaS presents developers with a unique blend of architectural challenges. Supporting a multi-tenant model often means re-thinking your approach to almost every layer of your architecture. Onboarding, security, data partitioning, tenant isolation, identity—these are areas that must be factored into how you design, build, and deploy your SaaS solution. Of course, the best way to wrap your mind around these SaaS architectural principles is to dig into a working example. In this workshop, we’ll expose you to the core concepts of SaaS architecture then dive into a reference SaaS architecture where you can see the moving parts of a SaaS solution in action. The goal here is to provide a series of activities that allow you to interact with a functional solution, introducing code and configuration that realizes and extends the capabilities of this SaaS environment. Through this combination of a brief lecture and hands-on exercises, you’ll get a healthy dose of SaaS best practices all through the lens of a working reference solution. 

1 of 32
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS Seth Fox Solutions Architecture Manager, AWS SaaS Factory Amazon Web Services A R C 3 2 7
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bootcamp goals • Introduce SaaS architecture fundamentals • Build the working elements of a SaaS environment • Introduce real-world strategies for addressing common multi- tenant practices • Provide a foundation that can inform the creation of your own SaaS solutions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The SaaS motive Web App Customer Web App Customer Web App Tenant Tenant Tenant
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key concepts Onboarding Data partitioningApplication services Authentication Service Tenant isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Not here, but key to SaaS • Management and monitoring • Analytics • Operations • Billing • SaaS DevOps
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High level flow Lab one: Tenant onboarding Lab two: Multi-tenant services Lab three: Tenant isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Tenant onboarding Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Onboarding • Configure an identity provider • Review user management service • Provision a new user via REST API • Review tenant management service • Provision a new tenant via REST API • Register a tenant via web app • Authenticate as the new user • Inspect the JWT token Identity management Tenant management Tenant registration & authentication
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding architecture User manager Tenant manager Tenant registration Authentication manager Web application API Gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Configuring Amazon Cognito User pool User management POST/user Validation Attributes Policies Identity pool
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant management Tenant manager Generated Tenant Identifier 492c83ba-d565-47a8-a987-634bd01189db Status Active/Inactive Tier Basic, Advanced • UserId • TenantId • Name • Status • Role 1:Many
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding flow Amazon S3 Web application Authenticate Register Tenant registration Authentication manager APIGateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: Building multi-tenant microservices Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: A multi-tenant progression Single tenant product manager Multi-tenant product manager Add tenant security context • Single tenant table in Amazon DynamoDB • Use ProductId as partition key • No awareness of tenant identity • Multi-tenant, pooled table in DynamoDB • Use TenantId as partition key • Tenant supplied as REST parameter • Add security token to HTTP headers • Load products for two tenants • Verify tenant partitioning in DynamoDB
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building application services Application service Identity & tenant context Multi-tenant data partitioning Tenantawarelogging, metering,andanalytics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data partitioning model Partition Key Product ID Title Tenant-1 ECHO-123 Echo Dot Tenant-3 ECHO-456 Echo Show Tenant-1 ECHO-456 Echo Show Tenant-4 ECHO-910 Echo Spot Pooled Multi-Tenant Table Product ID Title ECHO-123 Echo Dot ECHO-456 Echo Show ECHO-456 Echo Show ECHO-910 Echo Spot Single Tenant Table Product manager Product manager /product/id=TenantId/product
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Injecting tenant context Product manager JWT Token 1 GetTenantId(Token) Token manager 2 TenantId 3 4
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab three: Tenant isolation Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Isolating tenant data • Alter the product manager service • Manually inject a tenant identifier • Verify cross tenant access enable • Leverage policies to restrict tenant access • Edit existing policies • Introduce leading key conditions • Examine roles emitted by provisioning • Examine Amazon Cognito role mapping • View the tenant admin/user mapping • Deploy the web application • Register a tenant • Authenticate the new user Cross tenant access Configure policies Map role to policies Get scoped credentials
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross tenant access Tenant One Tenant Two Tenant-11943 Tenant-9492 Product Table Tenant Identifier Partition Key Sort Key Tenant-9492 14019 Tenant-11943 49104 Tenant-11943 91044 Tenant-9492 85145 Tenant Identifier
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant-scoped policies { "Sid": "TenantReadOnlyOrderTable", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:000000000000:table/Order" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "3aecf790-7dfd-4aef-a95a-b63fc413bdc9" ] } } }
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mapping tenant roles to policies IAM policiesAmazon Cognito role mapping Tenant admin role Tenant user role
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary credentials (the payoff) getCredentialsForIdentity(idToken) Application service Amazon Cognito IAM role polices { ”custom:tenantId” : ”8391-9393-9933” “custom:role” : “TenantAdmin” } Cognito ID Token (JWT) Match role Return role scoped credentials Credentials": { "SecretKey":"2gZ8QJQqkAHBzebQmghavFAfgmYpKWRqexample", "AccessKeyId":"ASIAJIOA37R6EXAMPLE" }
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Accounts By engaging in this workshop, you acknowledge that the AWS account used for ARC327 may be used only for this workshop. All accounts used during the workshop will be closed immediately at the conclusion of the workshop. Any content in this AWS account will not be retrievable by you or any other workshop participants after the workshop has finished.
https://github.com/aws-samples/aws-saas-factory-bootcamp GitHub Repository (start here): https://dashboard.eventengine.run Launch your environment (with hash key):
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session repeats Friday, Nov. 30 ARC 327 – Hands-On SaaS: Constructing a Multi-Tenant Solution on AWS 9:15 a.m. – 11:15 a.m. | Mirage, Mirage Event Center C2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional SaaS breakouts Monday, 11/26 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS 6:15 p.m. | Venetian, Level 2, Venetian Theater Tuesday, 11/27 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS (Repeat) 4:00 p.m. | Venetian, Level 2, Titian 2204 Wednesday, 11/28 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS 12:15 p.m. | Mirage, Mirage Event Center B Thursday, 11/29 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (Repeat) 4:00 p.m. | Aria, Aria West, Level 3, Ironwood 5
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Monday, 11/26 ARC216 - SaaS Operations: The Foundation of SaaS Agility 11:30 a.m. – 12:30 a.m. | Venetian, Level 2, Veronese 2406 Tuesday, 11/27 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 9:15 a.m. – 10:15 a.m. | Venetian, Level 4, Lando 4304 Wednesday, 11/28 ARC419 – Optimizing Your SaaS Solutions on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202 ARC326 - Migrating Single-Tenant Applications to Multi-Tenant SaaS 4:00 p.m. – 5:00 p.m. | Aria West, Level 3, Starvine 7 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | Aria West, Level 3, Ironwood 8
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Thursday, 11/29 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | MGM, Level 1, South Concourse 105 Friday, 11/30 ARC326 – Migrating Single-Tenant Applications to Multi-Tenant SaaS 10:00 a.m. – 11:00 a.m. | MGM, Level 1, South Concourse 105 ARC419 – Optimizing Your SaaS Architecture on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Seth Fox foseth@amazon.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...Amazon Web Services
 
Amazon Kinesis
Amazon KinesisAmazon Kinesis
Amazon KinesisAmazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
HSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessHSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 

Recommended

Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS LambdaAmazon Web Services
 
Getting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesGetting Started with Serverless Architectures
Getting Started with Serverless ArchitecturesAmazon Web Services
 
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...
Modern Cloud Data Warehousing ft. Intuit: Optimize Analytics Practices (ANT20...Amazon Web Services
 
Amazon Kinesis
Amazon KinesisAmazon Kinesis
Amazon KinesisAmazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
HSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessHSBC and AWS Day - Microservices and Serverless
HSBC and AWS Day - Microservices and ServerlessAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
Building-a-Data-Lake-on-AWS
Building-a-Data-Lake-on-AWSBuilding-a-Data-Lake-on-AWS
Building-a-Data-Lake-on-AWSAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Getting Started with Amazon Kinesis
Getting Started with Amazon KinesisGetting Started with Amazon Kinesis
Getting Started with Amazon KinesisAmazon Web Services
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDSAmazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveAmazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 
A Brief Look at Serverless Architecture
A Brief Look at Serverless ArchitectureA Brief Look at Serverless Architecture
A Brief Look at Serverless ArchitectureAmazon Web Services
 
AWS Route53
AWS Route53AWS Route53
AWS Route53zekeLabs Technologies
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerAmazon Web Services
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and RecoveryAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Amazon Web Services
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Amazon Web Services
 

More Related Content

What's hot

(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessAmazon Web Services
 
Getting Started with Amazon Kinesis
Getting Started with Amazon KinesisGetting Started with Amazon Kinesis
Getting Started with Amazon KinesisAmazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveAmazon Web Services
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018Amazon Web Services
 
A Brief Look at Serverless Architecture
A Brief Look at Serverless ArchitectureA Brief Look at Serverless Architecture
A Brief Look at Serverless ArchitectureAmazon Web Services
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerAmazon Web Services
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...Amazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 

What's hot (20)

(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 
Building-a-Data-Lake-on-AWS
Building-a-Data-Lake-on-AWSBuilding-a-Data-Lake-on-AWS
Building-a-Data-Lake-on-AWS
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless Applications
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & Fargate
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Getting Started with Amazon Kinesis
Getting Started with Amazon KinesisGetting Started with Amazon Kinesis
Getting Started with Amazon Kinesis
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
 
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
[REPEAT] Microsoft Active Directory Deep Dive (WIN303-R) - AWS re:Invent 2018
 
A Brief Look at Serverless Architecture
A Brief Look at Serverless ArchitectureA Brief Look at Serverless Architecture
A Brief Look at Serverless Architecture
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKS
 

Similar to Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Amazon Web Services
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Amazon Web Services
 
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...Amazon Web Services
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Amazon Web Services
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
 
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Amazon Web Services
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven MicroservicesChris Munns
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Amazon Web Services
 
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...Amazon Web Services
 
The Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteThe Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteArun Gupta
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...Amazon Web Services
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB
 
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...Amazon Web Services
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
 
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 

Similar to Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018 (20)

Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
 
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Taking serverless to the edge
Taking serverless to the edgeTaking serverless to the edge
Taking serverless to the edge
 
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven Microservices
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
 
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
 
The Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteThe Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 Keynote
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
Deep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormationDeep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormation
 
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS Seth Fox Solutions Architecture Manager, AWS SaaS Factory Amazon Web Services A R C 3 2 7
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bootcamp goals • Introduce SaaS architecture fundamentals • Build the working elements of a SaaS environment • Introduce real-world strategies for addressing common multi- tenant practices • Provide a foundation that can inform the creation of your own SaaS solutions
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The SaaS motive Web App Customer Web App Customer Web App Tenant Tenant Tenant
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key concepts Onboarding Data partitioningApplication services Authentication Service Tenant isolation
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Not here, but key to SaaS • Management and monitoring • Analytics • Operations • Billing • SaaS DevOps
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High level flow Lab one: Tenant onboarding Lab two: Multi-tenant services Lab three: Tenant isolation
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Tenant onboarding Architecting SaaS applications on AWS
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Onboarding • Configure an identity provider • Review user management service • Provision a new user via REST API • Review tenant management service • Provision a new tenant via REST API • Register a tenant via web app • Authenticate as the new user • Inspect the JWT token Identity management Tenant management Tenant registration & authentication
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding architecture User manager Tenant manager Tenant registration Authentication manager Web application API Gateway
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Configuring Amazon Cognito User pool User management POST/user Validation Attributes Policies Identity pool
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant management Tenant manager Generated Tenant Identifier 492c83ba-d565-47a8-a987-634bd01189db Status Active/Inactive Tier Basic, Advanced • UserId • TenantId • Name • Status • Role 1:Many
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding flow Amazon S3 Web application Authenticate Register Tenant registration Authentication manager APIGateway
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: Building multi-tenant microservices Architecting SaaS applications on AWS
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: A multi-tenant progression Single tenant product manager Multi-tenant product manager Add tenant security context • Single tenant table in Amazon DynamoDB • Use ProductId as partition key • No awareness of tenant identity • Multi-tenant, pooled table in DynamoDB • Use TenantId as partition key • Tenant supplied as REST parameter • Add security token to HTTP headers • Load products for two tenants • Verify tenant partitioning in DynamoDB
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building application services Application service Identity & tenant context Multi-tenant data partitioning Tenantawarelogging, metering,andanalytics
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data partitioning model Partition Key Product ID Title Tenant-1 ECHO-123 Echo Dot Tenant-3 ECHO-456 Echo Show Tenant-1 ECHO-456 Echo Show Tenant-4 ECHO-910 Echo Spot Pooled Multi-Tenant Table Product ID Title ECHO-123 Echo Dot ECHO-456 Echo Show ECHO-456 Echo Show ECHO-910 Echo Spot Single Tenant Table Product manager Product manager /product/id=TenantId/product
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Injecting tenant context Product manager JWT Token 1 GetTenantId(Token) Token manager 2 TenantId 3 4
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab three: Tenant isolation Architecting SaaS applications on AWS
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Isolating tenant data • Alter the product manager service • Manually inject a tenant identifier • Verify cross tenant access enable • Leverage policies to restrict tenant access • Edit existing policies • Introduce leading key conditions • Examine roles emitted by provisioning • Examine Amazon Cognito role mapping • View the tenant admin/user mapping • Deploy the web application • Register a tenant • Authenticate the new user Cross tenant access Configure policies Map role to policies Get scoped credentials
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross tenant access Tenant One Tenant Two Tenant-11943 Tenant-9492 Product Table Tenant Identifier Partition Key Sort Key Tenant-9492 14019 Tenant-11943 49104 Tenant-11943 91044 Tenant-9492 85145 Tenant Identifier
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant-scoped policies { "Sid": "TenantReadOnlyOrderTable", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:000000000000:table/Order" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "3aecf790-7dfd-4aef-a95a-b63fc413bdc9" ] } } }
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mapping tenant roles to policies IAM policiesAmazon Cognito role mapping Tenant admin role Tenant user role
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary credentials (the payoff) getCredentialsForIdentity(idToken) Application service Amazon Cognito IAM role polices { ”custom:tenantId” : ”8391-9393-9933” “custom:role” : “TenantAdmin” } Cognito ID Token (JWT) Match role Return role scoped credentials Credentials": { "SecretKey":"2gZ8QJQqkAHBzebQmghavFAfgmYpKWRqexample", "AccessKeyId":"ASIAJIOA37R6EXAMPLE" }
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Accounts By engaging in this workshop, you acknowledge that the AWS account used for ARC327 may be used only for this workshop. All accounts used during the workshop will be closed immediately at the conclusion of the workshop. Any content in this AWS account will not be retrievable by you or any other workshop participants after the workshop has finished.
  • 26. https://github.com/aws-samples/aws-saas-factory-bootcamp GitHub Repository (start here): https://dashboard.eventengine.run Launch your environment (with hash key):
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session repeats Friday, Nov. 30 ARC 327 – Hands-On SaaS: Constructing a Multi-Tenant Solution on AWS 9:15 a.m. – 11:15 a.m. | Mirage, Mirage Event Center C2
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional SaaS breakouts Monday, 11/26 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS 6:15 p.m. | Venetian, Level 2, Venetian Theater Tuesday, 11/27 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS (Repeat) 4:00 p.m. | Venetian, Level 2, Titian 2204 Wednesday, 11/28 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS 12:15 p.m. | Mirage, Mirage Event Center B Thursday, 11/29 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (Repeat) 4:00 p.m. | Aria, Aria West, Level 3, Ironwood 5
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Monday, 11/26 ARC216 - SaaS Operations: The Foundation of SaaS Agility 11:30 a.m. – 12:30 a.m. | Venetian, Level 2, Veronese 2406 Tuesday, 11/27 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 9:15 a.m. – 10:15 a.m. | Venetian, Level 4, Lando 4304 Wednesday, 11/28 ARC419 – Optimizing Your SaaS Solutions on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202 ARC326 - Migrating Single-Tenant Applications to Multi-Tenant SaaS 4:00 p.m. – 5:00 p.m. | Aria West, Level 3, Starvine 7 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | Aria West, Level 3, Ironwood 8
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Thursday, 11/29 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | MGM, Level 1, South Concourse 105 Friday, 11/30 ARC326 – Migrating Single-Tenant Applications to Multi-Tenant SaaS 10:00 a.m. – 11:00 a.m. | MGM, Level 1, South Concourse 105 ARC419 – Optimizing Your SaaS Architecture on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202
  • 31. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Seth Fox foseth@amazon.com
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.