Cognito was chosen as the core AWS service to use for the user service to manage user identities and authentication flows. Ikue highlighted that they wanted a user pool per tenant and needed a user service built to handle identities and application-specific permissions. Furthermore, a solution for isolating tenant user traffic to the respective tenant’s resources was developed leveraging the user service, API Gateway and its custom Lambda feature. Rebura also reviewed their current data ingestion and web application architectures, including their software deployment strategy using the SaaS
Lens tool.
To secure the isolation and routing within Ikue’s bridged, VPC-driven, siloed tenancy model the solution selected for this project uses context from a JWT with the user service (Cognito) to route a user through API Gateway to the correct tenant resource. A lambda authorizer is used on API Gateway to decode the JWT, verify it and provide the user access to the relevant tenant. See architecture diagram:
The SaaS Lens is part of the AWS Well-Architected Framework and provides a standardised set of questions addressing design principles and best practices for SaaS applications on AWS. It will enable Ikue to review and improve their cloud-based architectures and beter understand the business impact of their design decisions. During the review general design principles are addressed as well as specific best practices and guidance in line with the 6 pillars of the Well-Architected Framework.
Rebura provided Ikue with a SaaS Discovery Report detailing a prioritised list of tasks addressing the items outlined in the requirements for Tenant Isolation and Routing, User Service, SaaS Architecture Review and Software Application Updates.
The first 2 of these projects are strongly focused on the challenge of tenant and user management – identity and access, multi-tenant storage, tenant isolation. The User Service project also has ramifications to agility and operations – because of its role in onboarding users to the platform. The SaaS Architecture Review and Software Application Updates seek to improve the composition of Ikue’s SaaS product and address the DevOps challenges associated with Ikue’s siloed tenancy model.
Plantation Place South, 1st Floor
60 Great Tower Street
London, EC3R 5AZ
United Kingdom
5th Floor, Strawinskylaan 4117
1077 ZX
Amsterdam
Netherlands
14 Rue du Rhône 1204
Geneva
Switzerland