Enterprise SaaS Architecture on AWS | Video

Enterprise SaaS Architecture on AWS

Are you tired to create different application code sources for each customer or tenant, wasting money, or creating multiple environments across different customers? This Enterprise SaaS Architecture on AWS is for you!

The next architecture will help unify all your customer’s environments into having one and unique environment and source code, which is called the multi tenant architecture.

You’ll be guided through the whole technical approach with a diagram and samples as well as a vital Enterprise SaaS architecture utilizing Kubernetes, Amazon EKS, microservices, and a multi tenancy technique, which is essential to jumpstart into the Enterprise SaaS world on AWS. Let’s start.

Table of contents

Introduction to the SaaS Enterprise

You will have two tenants that will be the pro for today’s architecture and those tenants hit obviously to Route 53, which is the one to roll the domain or the subdomain in this case. Then it will hit the CloudFront CDN service which you know it holds or it clears all the static content from videos in the CSS or even a front-end application.

Going more deeply into the stream, you will hit the application load balancer, which is the latest application LB from Amazon Web Services and this can help you to upload any HTTP requests and utilizing the AWS shared services like Certificate Manager, which is the Amazon certificate manager.

Then, they’ll be routed between the two Ingress or namespaces, which will be detailed later inside the EKS cluster. This EKS cluster it’s a multi tenant architecture. But, going deeply into the database, the database layer will be a single tenant database approach.

The Enterprise SaaS Network on AWS

Now let’s talk about the SaaS Network on AWS. As, you know, as a best practice, Amazon requests you to have a public subnet and a private network.
In the public subnet, you will hold the ALB, and in the private network, you will have the AKS cluster, the namespaces, microservices, and also you will have another private Network that will call the databases.
That’s the best for creating an Enterprise SaaS architecture. In the left side, you will have all the AWS shared services that are outside of the public and private network but are in the AWS cloud, let’s say that.

Enterprise Architecture SaaS on AWS

Microservices, Containers, and Docker

In this part, we will talk about the microservice architecture which covers containers, Docker, and Amazon EKS.

You will have three microservices. In this particular case, you will have three applications in one microservice, which will be the front-end web application, the signup, and the login. Then you will have the second microservice which is the SaaS application per se, the whole ecosystem, and the admin dashboard which is very common in SaaS architectures. This namespace will be mimicked to namespace two or tenant two, namespace three, four, etc.

Something very important to mention is that microservices brings a lot of benefit from flexibility, portability, and speed to develop software. So it’s imperative that besides adding an EKS cluster or using Amazon ECS, Fargate, or using another cloud provider, you must use microservices for your development testing production and if you are really growing using a content management system like an EKS cluster.

The web stack that we will be using for this SaaS application will be Vue.js and for all the back-end development will be Node.js, with express framework and all the microservices will be updated from the ECR, the container repository system from Amazon.

Lastly, the login will interact with Cognito. When you log in, instead of creating your own login, you can integrate, you need a small application and integrate it with Amazon Cognito and this will bring some benefits when you are developing software. So that’s a good practice as well.

The Kubernetes Cluster Amazon EKS Setup
Application Layer – Multi Tenancy

You have tenant one and tenant two and every tenant will go to Nginx ingress controller and the ingress controller two. Remember that every Namespace should have its own Nginx controller.

Now, how this environment is isolated?

Well, that’s why you have to configure in Kubernetes the namespaces one, two, three, which are the ecosystem to isolate different tenants which with a hand of the IAM roles, the port security, and some other security roles, will help you have a silo model, which that’s the common label from Amazon Web Services, having an isolated environment per each tenant or namespace.

Amazon Web Service has released an LB controller service, which will replace the Nginx controller. But there is an LB controller, which will be under replacement from the Nginx ingress controller.

But this is a little be complex. If you require a nearshore DevOps Engineer just contact us at clickittech.com, reach out and we will help you with a dedicated DevOps Engineer in this particular case or with all your SaaS architecture and DevOps practices.

hire a nearshore dedicated team

The Kubernetes Cluster Amazon EKS Setup
Database Layer – Multi Tenancy

There won’t be a multi tenancy. In this case, we use a single tenancy for PostgresSQL tenant one and PostgresSQL tenant two. These Postgres are inside an Amazon RDS or it can be said those two databases, every database is an isolated database called Amazon RDS, which has the Postgress SQL engine. This is important to mention because there is sensitive data that can be left inside or in a single database.

So, imagine that again, tenant one access important data from tenant two and that can compromise with security regulations so that’s why the database or the data is very important and you divide per each database. There are some cons obviously, more costs, more database management but it’s really required on this setup and more if you’re a Fintech, banking or security system, probably you need to use a single multi-sensory approach in the database layer.

As an alternative, you could use for every tenant or let’s say a tenant ID, you could use in the same database per schema, per table, or even if you want to create a single user table and identify with a tenant ID, that’s very common.

I see a lot of MVPs, startups, or big SaaS, that need to modernize their tenancy. They usually are using the same table, they are using to find a tenant ID, which if it’s a normal SaaS probably isn’t a problem, small, medium, but once you move your enterprise, you really need to take care of your data.

multi tenant saas application ebook

How Do We Create New Tenants?

This requires a lot of DevOps expertise which the way to orchestrate new tenants, it’s composed in the next steps and you will need Codepipeline, Amazon Code Build, and Amazon CloudFormation to create new tenants and usually, it starts with some scripting using those DevOps tools or tenant deployment tools.

  1. Create the new subdomain for tenant two from tenant three, which is using Route 53.
  2. Create some entries in the LB obviously because there will be a new tenant.
  3. Get a new namespace, namespace three with the pertinent routes to the microservices. The microservices need to be updated from the ECR which there will be a new tenant, new microservices and also update the EKS cluster, per see.

After the application layer, you will have to create an RDS environment for namespace three and you will have the Amazon RDS three or Postgres in tenant three.

But don’t forget as well that in the end, you will have to add the new domain, probably you need to add a new certificate and all this probably you will require Python scripting.

There is another alternative, which is using an API, a restful API, with Amazon APIGateway, Lambda, and Python or Node.js.

Final Thoughts

We have concluded this video. What do you think? Have you learned how to create an Enterprise SaaS multi tenant architecture on AWS?

I’m hoping that you understand now the pieces required to create a multi tenant architecture from the application layer and there is a layer along with how to create a new tenant, which if you look in the network or in Google, it’s complex to find what are the missing pieces, which are just a few of them.

And lastly, to find out more about how ClickIT helps SaaS Enterprises run and develop DevOps practices in the cloud or just curious about hiring a nearshore Software Developer in your same timezone, please check out our website at clickittech.com.

Please don’t forget to subscribe to our YouTube channel and comment below on any technology that I missed, let’s contribute to our network. ¡Hasta la vista!

subscribe to our youtube channel


to our newsletter

Table of Contents

We Make DevOps Easier

Weekly DevOps Newsletter

Subscribe to our DevOps News

Subscribe to a monthly newsletter to receive the IT best practices, startup-related insights & emerging technologies.

Join hundreds of business leaders and entrepreneurs, who are part of our growing tech community.

We guarantee 100% privacy. Your information will not be shared.