SlideShare une entreprise Scribd logo

Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

SaaS presents developers with a unique blend of architectural challenges. Supporting a multi-tenant model often means re-thinking your approach to almost every layer of your architecture. Onboarding, security, data partitioning, tenant isolation, identity—these are areas that must be factored into how you design, build, and deploy your SaaS solution. Of course, the best way to wrap your mind around these SaaS architectural principles is to dig into a working example. In this workshop, we’ll expose you to the core concepts of SaaS architecture then dive into a reference SaaS architecture where you can see the moving parts of a SaaS solution in action. The goal here is to provide a series of activities that allow you to interact with a functional solution, introducing code and configuration that realizes and extends the capabilities of this SaaS environment. Through this combination of a brief lecture and hands-on exercises, you’ll get a healthy dose of SaaS best practices all through the lens of a working reference solution. 

1  sur  32
Télécharger pour lire hors ligne
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS Seth Fox Solutions Architecture Manager, AWS SaaS Factory Amazon Web Services A R C 3 2 7
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bootcamp goals • Introduce SaaS architecture fundamentals • Build the working elements of a SaaS environment • Introduce real-world strategies for addressing common multi- tenant practices • Provide a foundation that can inform the creation of your own SaaS solutions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The SaaS motive Web App Customer Web App Customer Web App Tenant Tenant Tenant
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key concepts Onboarding Data partitioningApplication services Authentication Service Tenant isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Not here, but key to SaaS • Management and monitoring • Analytics • Operations • Billing • SaaS DevOps
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High level flow Lab one: Tenant onboarding Lab two: Multi-tenant services Lab three: Tenant isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Tenant onboarding Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Onboarding • Configure an identity provider • Review user management service • Provision a new user via REST API • Review tenant management service • Provision a new tenant via REST API • Register a tenant via web app • Authenticate as the new user • Inspect the JWT token Identity management Tenant management Tenant registration & authentication
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding architecture User manager Tenant manager Tenant registration Authentication manager Web application API Gateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Configuring Amazon Cognito User pool User management POST/user Validation Attributes Policies Identity pool
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant management Tenant manager Generated Tenant Identifier 492c83ba-d565-47a8-a987-634bd01189db Status Active/Inactive Tier Basic, Advanced • UserId • TenantId • Name • Status • Role 1:Many
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding flow Amazon S3 Web application Authenticate Register Tenant registration Authentication manager APIGateway
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: Building multi-tenant microservices Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: A multi-tenant progression Single tenant product manager Multi-tenant product manager Add tenant security context • Single tenant table in Amazon DynamoDB • Use ProductId as partition key • No awareness of tenant identity • Multi-tenant, pooled table in DynamoDB • Use TenantId as partition key • Tenant supplied as REST parameter • Add security token to HTTP headers • Load products for two tenants • Verify tenant partitioning in DynamoDB
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building application services Application service Identity & tenant context Multi-tenant data partitioning Tenantawarelogging, metering,andanalytics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data partitioning model Partition Key Product ID Title Tenant-1 ECHO-123 Echo Dot Tenant-3 ECHO-456 Echo Show Tenant-1 ECHO-456 Echo Show Tenant-4 ECHO-910 Echo Spot Pooled Multi-Tenant Table Product ID Title ECHO-123 Echo Dot ECHO-456 Echo Show ECHO-456 Echo Show ECHO-910 Echo Spot Single Tenant Table Product manager Product manager /product/id=TenantId/product
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Injecting tenant context Product manager JWT Token 1 GetTenantId(Token) Token manager 2 TenantId 3 4
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab three: Tenant isolation Architecting SaaS applications on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Isolating tenant data • Alter the product manager service • Manually inject a tenant identifier • Verify cross tenant access enable • Leverage policies to restrict tenant access • Edit existing policies • Introduce leading key conditions • Examine roles emitted by provisioning • Examine Amazon Cognito role mapping • View the tenant admin/user mapping • Deploy the web application • Register a tenant • Authenticate the new user Cross tenant access Configure policies Map role to policies Get scoped credentials
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross tenant access Tenant One Tenant Two Tenant-11943 Tenant-9492 Product Table Tenant Identifier Partition Key Sort Key Tenant-9492 14019 Tenant-11943 49104 Tenant-11943 91044 Tenant-9492 85145 Tenant Identifier
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant-scoped policies { "Sid": "TenantReadOnlyOrderTable", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:000000000000:table/Order" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "3aecf790-7dfd-4aef-a95a-b63fc413bdc9" ] } } }
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mapping tenant roles to policies IAM policiesAmazon Cognito role mapping Tenant admin role Tenant user role
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary credentials (the payoff) getCredentialsForIdentity(idToken) Application service Amazon Cognito IAM role polices { ”custom:tenantId” : ”8391-9393-9933” “custom:role” : “TenantAdmin” } Cognito ID Token (JWT) Match role Return role scoped credentials Credentials": { "SecretKey":"2gZ8QJQqkAHBzebQmghavFAfgmYpKWRqexample", "AccessKeyId":"ASIAJIOA37R6EXAMPLE" }
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Accounts By engaging in this workshop, you acknowledge that the AWS account used for ARC327 may be used only for this workshop. All accounts used during the workshop will be closed immediately at the conclusion of the workshop. Any content in this AWS account will not be retrievable by you or any other workshop participants after the workshop has finished.
https://github.com/aws-samples/aws-saas-factory-bootcamp GitHub Repository (start here): https://dashboard.eventengine.run Launch your environment (with hash key):
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session repeats Friday, Nov. 30 ARC 327 – Hands-On SaaS: Constructing a Multi-Tenant Solution on AWS 9:15 a.m. – 11:15 a.m. | Mirage, Mirage Event Center C2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional SaaS breakouts Monday, 11/26 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS 6:15 p.m. | Venetian, Level 2, Venetian Theater Tuesday, 11/27 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS (Repeat) 4:00 p.m. | Venetian, Level 2, Titian 2204 Wednesday, 11/28 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS 12:15 p.m. | Mirage, Mirage Event Center B Thursday, 11/29 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (Repeat) 4:00 p.m. | Aria, Aria West, Level 3, Ironwood 5
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Monday, 11/26 ARC216 - SaaS Operations: The Foundation of SaaS Agility 11:30 a.m. – 12:30 a.m. | Venetian, Level 2, Veronese 2406 Tuesday, 11/27 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 9:15 a.m. – 10:15 a.m. | Venetian, Level 4, Lando 4304 Wednesday, 11/28 ARC419 – Optimizing Your SaaS Solutions on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202 ARC326 - Migrating Single-Tenant Applications to Multi-Tenant SaaS 4:00 p.m. – 5:00 p.m. | Aria West, Level 3, Starvine 7 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | Aria West, Level 3, Ironwood 8
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Thursday, 11/29 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | MGM, Level 1, South Concourse 105 Friday, 11/30 ARC326 – Migrating Single-Tenant Applications to Multi-Tenant SaaS 10:00 a.m. – 11:00 a.m. | MGM, Level 1, South Concourse 105 ARC419 – Optimizing Your SaaS Architecture on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Seth Fox foseth@amazon.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommandé

Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
 
Amazon Connect delivers personalized customer experience for your contact center
Amazon Connect delivers personalized customer experience for your contact centerAmazon Connect delivers personalized customer experience for your contact center
Amazon Connect delivers personalized customer experience for your contact center
Amazon Web Services
 
Amazon Connect Technical Introduction & Use Cases
Amazon Connect Technical Introduction & Use CasesAmazon Connect Technical Introduction & Use Cases
Amazon Connect Technical Introduction & Use Cases
CloudHesive
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 

Recommandé

Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (A...
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
 
Amazon Connect delivers personalized customer experience for your contact center
Amazon Connect delivers personalized customer experience for your contact centerAmazon Connect delivers personalized customer experience for your contact center
Amazon Connect delivers personalized customer experience for your contact center
Amazon Web Services
 
Amazon Connect Technical Introduction & Use Cases
Amazon Connect Technical Introduction & Use CasesAmazon Connect Technical Introduction & Use Cases
Amazon Connect Technical Introduction & Use Cases
CloudHesive
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
Amazon Web Services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
Amazon Web Services
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
SQL Database on Azure
SQL Database on AzureSQL Database on Azure
SQL Database on Azure
Thurupathan Vijayakumar
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
Amazon Web Services
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
Amazon Web Services
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Amazon Web Services
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Amazon Web Services
 

Contenu connexe

Tendances

AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
Amazon Web Services
 

Tendances (20)

Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech TalksDeep Dive on AWS Migration Hub - AWS Online Tech Talks
Deep Dive on AWS Migration Hub - AWS Online Tech Talks
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
SQL Database on Azure
SQL Database on AzureSQL Database on Azure
SQL Database on Azure
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
게임사를 위한 Amazon GameLift 세션 - 이정훈, AWS 솔루션즈 아키텍트
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
Getting Started with Serverless Architectures with Microservices_AWSPSSummit_...
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
SaaS Reference Architectures: Review of Real-World Patterns & Strategies (GPS...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 

Similaire à Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Amazon Web Services
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Amazon Web Services
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven Microservices
Chris Munns
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Amazon Web Services
 
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Amazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
Amazon Web Services
 
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Amazon Web Services
 
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Amazon Web Services
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Amazon Web Services
 

Similaire à Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018 (20)

Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
 
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
Deploying Microservices using AWS Fargate (CON315-R1) - AWS re:Invent 2018
 
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
Build End-to-End IT Lifecycle Management on AWS with ServiceNow (ENT330) - AW...
 
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
Control for Your Cloud Environment Using AWS Management Tools (ENT226-R1) - A...
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Taking serverless to the edge
Taking serverless to the edgeTaking serverless to the edge
Taking serverless to the edge
 
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
Building API-Driven Microservices with Amazon API Gateway - AWS Online Tech T...
 
Building API Driven Microservices
Building API Driven MicroservicesBuilding API Driven Microservices
Building API Driven Microservices
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
 
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
 
The Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 KeynoteThe Serverless Tidal Wave - SwampUP 2018 Keynote
The Serverless Tidal Wave - SwampUP 2018 Keynote
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
Deep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormationDeep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormation
 
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
Build Modern Applications that Align with Twelve-Factor Methods (API303) - AW...
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
Architecting Next Generation Serverless SaaS Solutions on AWS (ARC324-R1) - A...
 
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS (ARC327-R1) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hands-on SaaS: Constructing a Multi-Tenant Solution on AWS Seth Fox Solutions Architecture Manager, AWS SaaS Factory Amazon Web Services A R C 3 2 7
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bootcamp goals • Introduce SaaS architecture fundamentals • Build the working elements of a SaaS environment • Introduce real-world strategies for addressing common multi- tenant practices • Provide a foundation that can inform the creation of your own SaaS solutions
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The SaaS motive Web App Customer Web App Customer Web App Tenant Tenant Tenant
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key concepts Onboarding Data partitioningApplication services Authentication Service Tenant isolation
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Not here, but key to SaaS • Management and monitoring • Analytics • Operations • Billing • SaaS DevOps
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High level flow Lab one: Tenant onboarding Lab two: Multi-tenant services Lab three: Tenant isolation
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Tenant onboarding Architecting SaaS applications on AWS
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab one: Onboarding • Configure an identity provider • Review user management service • Provision a new user via REST API • Review tenant management service • Provision a new tenant via REST API • Register a tenant via web app • Authenticate as the new user • Inspect the JWT token Identity management Tenant management Tenant registration & authentication
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding architecture User manager Tenant manager Tenant registration Authentication manager Web application API Gateway
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Configuring Amazon Cognito User pool User management POST/user Validation Attributes Policies Identity pool
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant management Tenant manager Generated Tenant Identifier 492c83ba-d565-47a8-a987-634bd01189db Status Active/Inactive Tier Basic, Advanced • UserId • TenantId • Name • Status • Role 1:Many
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Onboarding flow Amazon S3 Web application Authenticate Register Tenant registration Authentication manager APIGateway
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: Building multi-tenant microservices Architecting SaaS applications on AWS
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab two: A multi-tenant progression Single tenant product manager Multi-tenant product manager Add tenant security context • Single tenant table in Amazon DynamoDB • Use ProductId as partition key • No awareness of tenant identity • Multi-tenant, pooled table in DynamoDB • Use TenantId as partition key • Tenant supplied as REST parameter • Add security token to HTTP headers • Load products for two tenants • Verify tenant partitioning in DynamoDB
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building application services Application service Identity & tenant context Multi-tenant data partitioning Tenantawarelogging, metering,andanalytics
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data partitioning model Partition Key Product ID Title Tenant-1 ECHO-123 Echo Dot Tenant-3 ECHO-456 Echo Show Tenant-1 ECHO-456 Echo Show Tenant-4 ECHO-910 Echo Spot Pooled Multi-Tenant Table Product ID Title ECHO-123 Echo Dot ECHO-456 Echo Show ECHO-456 Echo Show ECHO-910 Echo Spot Single Tenant Table Product manager Product manager /product/id=TenantId/product
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Injecting tenant context Product manager JWT Token 1 GetTenantId(Token) Token manager 2 TenantId 3 4
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Lab three: Tenant isolation Architecting SaaS applications on AWS
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Isolating tenant data • Alter the product manager service • Manually inject a tenant identifier • Verify cross tenant access enable • Leverage policies to restrict tenant access • Edit existing policies • Introduce leading key conditions • Examine roles emitted by provisioning • Examine Amazon Cognito role mapping • View the tenant admin/user mapping • Deploy the web application • Register a tenant • Authenticate the new user Cross tenant access Configure policies Map role to policies Get scoped credentials
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross tenant access Tenant One Tenant Two Tenant-11943 Tenant-9492 Product Table Tenant Identifier Partition Key Sort Key Tenant-9492 14019 Tenant-11943 49104 Tenant-11943 91044 Tenant-9492 85145 Tenant Identifier
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant-scoped policies { "Sid": "TenantReadOnlyOrderTable", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:000000000000:table/Order" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "3aecf790-7dfd-4aef-a95a-b63fc413bdc9" ] } } }
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mapping tenant roles to policies IAM policiesAmazon Cognito role mapping Tenant admin role Tenant user role
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Temporary credentials (the payoff) getCredentialsForIdentity(idToken) Application service Amazon Cognito IAM role polices { ”custom:tenantId” : ”8391-9393-9933” “custom:role” : “TenantAdmin” } Cognito ID Token (JWT) Match role Return role scoped credentials Credentials": { "SecretKey":"2gZ8QJQqkAHBzebQmghavFAfgmYpKWRqexample", "AccessKeyId":"ASIAJIOA37R6EXAMPLE" }
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Accounts By engaging in this workshop, you acknowledge that the AWS account used for ARC327 may be used only for this workshop. All accounts used during the workshop will be closed immediately at the conclusion of the workshop. Any content in this AWS account will not be retrievable by you or any other workshop participants after the workshop has finished.
  • 26. https://github.com/aws-samples/aws-saas-factory-bootcamp GitHub Repository (start here): https://dashboard.eventengine.run Launch your environment (with hash key):
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session repeats Friday, Nov. 30 ARC 327 – Hands-On SaaS: Constructing a Multi-Tenant Solution on AWS 9:15 a.m. – 11:15 a.m. | Mirage, Mirage Event Center C2
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional SaaS breakouts Monday, 11/26 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS 6:15 p.m. | Venetian, Level 2, Venetian Theater Tuesday, 11/27 ARC324 - Architecting Next Generation Serverless SaaS Solutions on AWS (Repeat) 4:00 p.m. | Venetian, Level 2, Titian 2204 Wednesday, 11/28 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS 12:15 p.m. | Mirage, Mirage Event Center B Thursday, 11/29 ARC418 Deconstructing SaaS: Deep Dive into Building Multi-Tenant Solutions on AWS (Repeat) 4:00 p.m. | Aria, Aria West, Level 3, Ironwood 5
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Monday, 11/26 ARC216 - SaaS Operations: The Foundation of SaaS Agility 11:30 a.m. – 12:30 a.m. | Venetian, Level 2, Veronese 2406 Tuesday, 11/27 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 9:15 a.m. – 10:15 a.m. | Venetian, Level 4, Lando 4304 Wednesday, 11/28 ARC419 – Optimizing Your SaaS Solutions on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202 ARC326 - Migrating Single-Tenant Applications to Multi-Tenant SaaS 4:00 p.m. – 5:00 p.m. | Aria West, Level 3, Starvine 7 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | Aria West, Level 3, Ironwood 8
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SaaS chalk talks Thursday, 11/29 ARC210 - SaaS Jumpstart: A Primer for Launching Your SaaS Journey 1:45 p.m. – 2:45 p.m. | MGM, Level 1, South Concourse 105 Friday, 11/30 ARC326 – Migrating Single-Tenant Applications to Multi-Tenant SaaS 10:00 a.m. – 11:00 a.m. | MGM, Level 1, South Concourse 105 ARC419 – Optimizing Your SaaS Architecture on AWS 1:00 p.m. – 2:00 p.m. | Venetian, Level 3, Murano 3202
  • 31. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Seth Fox foseth@amazon.com
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.