Enterprise SaaS Architecture on AWS | Video

Enterprise SaaS Architecture on AWS

Are you tired of creating different application code sources for each customer or tenant, wasting money, or creating multiple environments across different customers? This Enterprise SaaS Architecture on AWS is for you.

The next architecture will help unify all your customer’s environments into having one unique environment and source code, which is called multi-tenant architecture.

You’ll be guided through the whole technical approach with a diagram and samples and a vital Enterprise SaaS architecture using Kubernetes, Amazon EKS, microservices, and a multi-tenancy technique, which is essential to jumpstart into the Enterprise SaaS architecture diagram world on AWS. Let’s get into it.

Table of contents

Introduction to the SaaS Enterprise

You will have two tenants that will be the pro for today’s architecture, and those tenants hit obviously to Route 53, which is the one to roll the domain or the subdomain in this case. Then it will hit the CloudFront CDN service, which you know it holds or clears all the static content from videos in the CSS or even a front-end application.

Going more deeply into the stream, you will hit the application load balancer, which is the latest application LB from Amazon Web Services and this can help you to upload any HTTP requests and utilizing the AWS shared services like Certificate Manager, which is the Amazon certificate manager.

Then, they’ll be routed between the two Ingress or namespaces, which will be detailed later inside the EKS cluster. This EKS cluster is a multi-tenant architecture. But, going deeply into the database, the database layer will be a single-tenant database approach.

The Enterprise SaaS Architecture Network on AWS

Now, let’s talk about the SaaS Network on AWS. As you know, as a best practice, Amazon requests you to have a public subnet and a private network.

In the public subnet, you will hold the ALB, and in the private network, you will have the AKS cluster, the namespaces, and microservices, and also you will have another private Network that will call the databases.

That’s the best for creating an Enterprise SaaS architecture diagram. On the left side, you will have all the AWS shared services outside of the public and private network in the AWS cloud.

Enterprise Architecture SaaS on AWS

Enterprise SaaS Architecture: Microservices, Containers, and Docker

In this part, we will talk about the microservice architecture, which covers containers, Docker, and Amazon EKS.

You will have three microservices. In this particular case, you will have three applications in one microservice: the front-end web application, the signup, and the login. Then you will have the second microservice, which is the SaaS application per se, the whole ecosystem, and the admin dashboard, which is very common in SaaS architectures. This namespace will be mimicked to namespace two or tenant two, namespace three, four, etc.

Something very important to mention is that microservices bring many benefits, from flexibility, portability, and speed to developing software. So it’s imperative that besides adding an EKS cluster or using Amazon ECS, Fargate, or another cloud provider, you must use microservices for your development testing production and, if you are really growing use a content management system like an EKS cluster.

The web stack that we will be using for this SaaS architecture diagram will be Vue.js, and all the back-end development will be Node.js with the Express framework. Also, all the microservices will be updated from the ECR, the container repository system from Amazon.

Lastly, the login will interact with Cognito. When you log in, instead of creating your own login, you can integrate. You need a small application and integrate it with Amazon Cognito, and this will bring some benefits when you are developing software. So that’s a good practice as well.

Amazon ECS vs EKS: Read the full comparison to choose the best container service.

The Kubernetes Cluster Amazon EKS Setup
Application Layer – Multi-Tenancy

You have tenants one and two in this enterprise SaaS architecture; every tenant will go to the Nginx ingress controller and the ingress controller two. Remember that every Namespace should have its own Nginx controller.

Now, how is this environment isolated?

Well, that’s why you have to configure in Kubernetes the namespaces one, two, and three, which are the ecosystems to isolate different tenants. These, with a hand of the IAM roles, the port security, and some other security roles, will help you have a silo model, which that’s the common label from Amazon Web Services, having an isolated environment per each tenant or namespace.

Amazon Web Service has released an LB controller service, which will replace the Nginx controller. But there is an LB controller, which will be under replacement from the Nginx ingress controller.

But this is a little complex. If you require DevOps assistance, you can reach out to us, and we will help you with a dedicated DevOps Engineer in this particular case or with all your SaaS architecture diagram and DevOps practices.

increase your web development productivity with a nearshore dedicated team

The Kubernetes Cluster Amazon EKS Setup
Database Layer – Multi-Tenancy

There won’t be a multi-tenancy. In this case, we use a single tenancy for PostgreSQL tenant one and PostgreSQL tenant two. These Postgres are inside an Amazon RDS, and every database is an isolated database called Amazon RDS, which has the Postgres SQL engine. This is important to mention because sensitive data can be left inside or in a single database.

So, imagine that again, tenant one accesses important data from tenant two, and that can compromise security regulations. That’s why the database or the data is very important, and we have to divide it per each database. There are some cons, obviously, more costs and more database management, but it’s really required on this setup, and more so if you’re a Fintech, banking, or security system, you probably need to use a single multi-sensory approach in the database layer.

As an alternative, you could use it for every tenant or, let’s say, a tenant ID. You could use the same database per schema, per table, or even if you want to create a single user table and identify with a tenant ID, that’s very common.

I see a lot of MVPs, startups, or big SaaS that need to modernize their tenancy. They usually use the same table to find a tenant ID, which probably isn’t a problem if it’s a normal small or medium SaaS. But once you move your enterprise, you really need to take care of your data.

modernize your saas enterprise with AWS: multi tenant saas application ebook

How Do We Create New Tenants?

This requires a lot of DevOps expertise to orchestrate new tenants in your enterprise saas architecture. For the next steps, you will need Codepipeline, Amazon Code Build, and Amazon CloudFormation to create new tenants, and usually, it starts with some scripting using those DevOps tools or tenant deployment tools.

  1. Create the new subdomain for tenant two from tenant three using Route 53.
  2. Create some entries in the LB because there will be a new tenant.
  3. Get a new namespace, namespace three, with the pertinent routes to the microservices. The microservices need to be updated from the ECR. There will be a new tenant and new microservices, and you’ll also need to update the EKS cluster.

After the application layer, you will have to create an RDS environment for namespace three and you will have the Amazon RDS three or Postgres in tenant three.

But don’t forget as well that in the end, you will have to add the new domain. You’ll probably need to add a new certificate and for all this you might require Python scripting.

There is another alternative, which is using an API, a restful API, with Amazon APIGateway, Lambda, and Python or Node.js.

Enterprise SaaS Architecture: Final Thoughts

We have concluded this guide. What do you think? Have you learned how to create an Enterprise SaaS architecture on AWS?

I’m hoping that you understand now the pieces required to create a multi-tenant architecture from the application layer and there is a layer along with how to create a new tenant, which if you look in the network or in Google, it’s complex to find what are the missing pieces, which are just a few of them.

Lastly, contact us to find out more about how ClickIT helps SaaS Enterprises run and develop DevOps practices in the cloud or if you’re just curious about hiring a nearshore Software Developer in your same timezone.

subscribe to our youtube channel

Enterprise SaaS Architecture FAQs

Why do you need an enterprise SaaS architecture?

An enterprise SaaS architecture offers a range of benefits, including scalability, cost efficiency, accessibility, security, and flexibility, making it a compelling choice for businesses looking to leverage modern, efficient software solutions.

How can you build an enterprise SaaS architecture?

To build an enterprise SaaS architecture, start by defining clear requirements and selecting an appropriate technology stack. Design a scalable and secure architecture with a focus on multi-tenancy, integration capabilities, and a user-friendly experience. Prioritize security measures, data management strategies, and compliance with regulations.

Why should I build a SaaS on AWS?

AWS provides a robust and flexible foundation for building and scaling SaaS applications, offering a combination of global reach, security, cost efficiency, and a rich set of services that cater to diverse business needs.


to our newsletter

Table of Contents

We Make
DevOps Easier

From building robust applications to staff augmentation

We provide cost-effective solutions tailored to your needs. Ready to elevate your IT game?

Contact us

Work with us now!

You are all set!
A Sales Representative will contact you within the next couple of hours.
If you have some spare seconds, please answer the following question


Modernize Your SaaS Enterprise With AWS

The adoption of a Multi-tenant architecture approach will bring extensive valuable benefits for your SaaS application.