Reference

SaaS Reference: Review of Real-World Patterns & Strategies There is no single approach to building SaaS applications on AWS. Domain, compliance, performance, legacy considerations, and business forces all play a big role in shaping the architecture of your solutions. While there are many strategies for implementing SaaS on AWS, there are some common architectural patterns that are used to address the varying needs of SaaS providers. In this session, we review in detail a collection of SaaS reference architectures that represent a spectrum of approaches to addressing identity, onboarding, storage partitioning, tenant isolation, billing, deployment, regional distribution, and operational models. Our goal is to provide a menu of concrete solutions that can provide insights into how AWS constructs are leveraged to realize SaaS best practices on AWS

Application Migration

Migrating Applications to SaaS: A Minimally Invasive Approach In this blog post, we review the merits of each minimally invasive migration strategy. We’ll also look at how the management and operational aspects of the business need to change to support migration. This blog post should provide you with insights into some of the patterns that might fit the migration needs of your SaaS applications.

Migrating Applications to SaaS: Rethinking Your Design The goal of this blog post is to look at SaaS migration models that allow you to stop and reconsider the design and architecture of your applications. The emphasis shifts from minimizing change to putting your solution on a path where it can begin to align itself with AWS and SaaS best practices and design principles. This will also put your solution in a much better position to adopt the agility and automation values that enable your business to more rapidly respond to market and competitive pressures.

SaaS Migration: Real-world Patterns and Strategies Migrating an existing single-tenant solution to a multi-tenant SaaS model can be challenging. Finding a migration approach that balances the ongoing needs of the business with the market, cost, and competitive pressures of getting to SaaS often requires teams to identify creative migration strategies. In this session, we explore common SaaS migration patterns and dive deep into the specific architecture, operational, deployment, and build strategies that are used to implement these patterns. We review a range of options that span from minimally invasive to a complete rewrite, highlighting the challenges, advantages, and demands of each of these approaches.

Technology

Building Serverless SaaS Applications on AWS In this blog post, we discuss how serverless computing and AWS Lambda influence the compute, deployment, management, and operational profiles of your SaaS solution.

Managing SaaS Users with Amazon Cognito This blog post takes a look at the key capabilities of the Amazon Cognito Identity user pools feature. The goal is to touch on the main concepts and provide an introduction to some of the fundamental capabilities of this new feature.

Identity Federation and SSO for SaaS on AWS In this blog post we explore some of the technologies and concepts behind single sign-on (SSO), linking third-party user identity to your applications (identity federation), and some of AWS products and partner solutions that can help with implementation.

Serverless SaaS Deep Dive: Building Serverless SaaS on AWS The emergence of serverless infrastructure and services represents a fundamental shift in how developers approach architecting applications. This is especially relevant in the world of SaaS, where systems must efficiently and cost-effectively respond to continually shifting multi-tenant loads and profiles. In this session, we dive into all the moving parts of a serverless SaaS application, exploring the detailed code, design, and architecture strategies that are commonly applied to support the complex scale and agility requirements of multi-tenant serverless SaaS environments. We also look at how serverless influences core multi-tenant strategies, including tenant isolation, service decomposition, management, deployment, and identity.

AWS Developer: Deploying on AWS self-paced digital course In this course, part of the AWS Developer Series, you will learn how to use DevOps methodologies and tools. You will build and test your application using AWS Cloud9, and deploy to your cloud-based infrastructure with AWS Elastic Beanstalk. You will create a continuous integration/continous delivery (CI/CD) pipeline using AWS CodeBuild, AWS CodeCommit, and AWS CodePipeline. (by edX)

Deep Dive on AWS Fargate: Building Serverless Containers at Scale Containers allow you to craft sophisticated cloud-native applications, but how do you manage scale? In this course you will learn how to better launch and manage your large-scale containerized workloads with AWS Fargate. Dmitriy Novikov will walk through the essentials of AWS Fargate to get the most out of your container deployment and management strategy.

Deep Dive on Container Security Security should be the first concern for any project – maintaining the confidentiality, integrity and availability of your architecture. Containers present a unique middle ground between full instance management and pure services.

Examples

SaaS Identity and Isolation with Amazon Cognito AWS Quick Start This Quick Start implements a high availability solution for identity and isolation in multi-tenant software as a service (SaaS) environments, using Amazon Cognito as the identity provider. The Quick Start provides a lightweight SaaS order management system that illustrates different aspects of identity and isolation, spanning the roles in a multi-tenant environment.

Managed Service

AWS Cloud Enterprise Strategy Blog: The Future of Managed Services in the Cloud IT Managed Services is an area that has seen substantial changes in the last few years, thanks to the growing popularity of cloud services. This area is served by what the industry calls MSPs (Managed Service Providers), and this group’s role and business model is rapidly evolving. This post explores a few things your enterprise may want to consider in light of this shift.

Architecting

Architecting Next Generation Serverless SaaS Solutions on AWS The emergence of serverless infrastructure and services represents a fundamental shift in how developers approach architecting applications. This is especially relevant in the world of SaaS, where systems must efficiently and cost-effectively respond to continually shifting multi-tenant loads and profiles. We conduct an end-to-end review of all the elements of a serverless SaaS architecture that leverages a combination of AWS Lambda, AWS Fargate, and Amazon Aurora Serverless. We look at how serverless influences the core elements of your architecture, including tenant isolation, service decomposition, management and monitoring, deployment, and identity.

Billing & Metering

Calculating Tenant Costs in SaaS Environments This blog post examines some of the strategies that you can use to capture and analyze tenant consumption data in multi-tenant environments. It highlights some of the challenges associated with instrumenting your services and architecture to enable a more granular view of consumption that you can use to inform your price modeling.

AWS Marketplace SaaS Subscriptions AWS Marketplace enables you to discover, buy, and launch dozens of SaaS and API products. Procure on AWS Marketplace and consume directly through the seller’s website or API. AWS Marketplace enables you to easily manage your subscriptions in one place, with all charges coming on a single bill from AWS. AWS Marketplace supports two options for purchasing SaaS and API products. With SaaS Subscriptions, you pay only for what you use each month. With SaaS Contracts, you pay for your expected usage with monthly, 1, 2, or 3 year terms.

How to Best Architect Your AWS Marketplace SaaS Subscription Across Multiple AWS Accounts In this post, I walk through best practices for architecting your AWS Marketplace SaaS Subscription across multiple AWS accounts. Let’s begin!

Software as a Service (SaaS) and API Vendors Can Offer Unified Billing on AWS with SaaS Subscriptions As a Forrester Consulting study commissioned by AWS showed, sellers have chosen SaaS solutions because it lets them be more agile, reach new customers, and lower the cost of application development. Now, sellers can take advantage of the full suite of AWS Marketplace features, including customer acquisition, unified billing, and reporting. This feature is available to any SaaS or API seller who runs their application on AWS and follows AWS security best practices. Members of the AWS Partner Network (APN) in the Advanced tier will automatically be eligible to list their products, but any software vendor can request to become a seller.

How to Integrate Your SaaS Service with SaaS Subscriptions for AWS Marketplace The AWS Marketplace SaaS Subscription feature allows customers to find, subscribe and pay for the usage of your SaaS solution through AWS. In this post I’ll give you a quick overview describing the concepts, integration points and how to get started.

Announcing SaaS Contracts, a Feature to Simplify SaaS Procurement on AWS Marketplace This blog post provides an overview of AWS Marketplace SaaS Subscriptions, and the way this enables sellers to offer their SaaS solutions directly to AWS customers, with all charges consolidated on the customer’s bill alongside other services bought directly from AWS or through AWS Marketplace.

Multi-tenant

Architecting multi-tenant PaaS offerings with Amazon EKS Although this Global Partner Summit session is open to anyone, it is geared toward current and potential AWS Partner Network (APN) Partners. In it, we describe the value proposition of architecting a multi-tenant platform as a service (PaaS) offering on Amazon Web Services, and the technical considerations for securing, scaling, and automating the provisioning of your customer instances within Amazon Elastic Kubernetes Service (Amazon EKS). Learn a number of the strategies for isolating customers (tenants), workloads, and data in an EKS cluster, and learn a number of the open-source and APN Partner technologies that can enable an automated delivery for the typical PaaS use cases customers are looking for.

Enablement

AWS Cloud Enterprise Strategy Blog: How to Create a Cloud Center of Excellence in Your Enterprise The best practice, which is arguably the hardest to implement, but also the most impactful when it comes to creating change in your organization: creating a cloud center of excellence (CCoE).

AWS Cloud Enterprise Strategy Blog:  Common Responsibilities for Your Cloud Center of Excellence Remember to start small: you only need to solve for the issues you face in your current projects rather than needing to boil the ocean. You can experiment, measure, and learn as you go.

Deployment & Integration

Enabling New SaaS Strategies with AWS PrivateLink In this post, we will dig into the specifics of the AWS PrivateLink model and identify areas where PrivateLink has the potential to impact the architecture, integration model, and compliance footprint of your SaaS solution.

Architecting Multi-Region SaaS Solutions on AWS Embracing the need for multi-region distribution, while remaining responsive to your market, is the focus of this blog post. This blog post explores the factors that are often behind a SaaS organization’s adoption of a multi-region strategy. With this motivation as a backdrop, we can dig into the architectural patterns and strategies that are commonly used when building, deploying, and managing multi-region SaaS environments.

Microservices decomposition The goal of this webinar is to explore the technical footprint of AWS PrivateLink and connect this to the various patterns and strategies that are being used SaaS providers to simplify the integration story for their solution internally and externally. In this webinar we’ll look at how these solutions are designed and delivered as part of SaaS solutions on AWS. We’ll use this time to review the technical details of these patterns and outline how AWS PrivateLink can impact the performance and security footprint of your SaaS environment.

Multi-Region SaaS The consumption profile, cost dynamics, deployment model, agility, and isolation story of serverless computing has a direct alignment with the architectural strategies employed by SaaS environments. For this webinar, we’ll explore the elements of this alignment and dig into how serverless computing can be realized in a SaaS solution. We’ll also look at how Serverless influences the DevOps, operational, and agility profiles of your SaaS environment.

AWS Certification

AWS Certified Solutions Architect – Professional certification exam  This certification is intended for individuals who perform a solutions architect role with two or more years of hands-on experience managing and operating systems on AWS.

AWS Certified Solutions Architect – Professional Exam Guide Review the exam guide, which contains the content outline and target audience for the certification exam. Perform a self-assessment to identify your knowledge or skills gaps.

AWS Certified Solutions Architect – Professional sample questions Review the sample questions, which demonstrate the format of the questions used on the exam.

Exam Readiness: AWS Certified Solutions Architect – Professional The AWS Certified Solutions Architect – Professional exam validates advanced technical skills and experience in designing distributed applications and systems on the AWS platform.

Exam Readiness: AWS Certified Solutions Architect – Professional The AWS Certified Solutions Architect – Professional exam validates advanced technical skills and experience in designing distributed applications and systems on the AWS platform.

AWS Certified Advanced Networking - Specialty 2019 In this course we will cover all of the major areas of AWS networking and associated services you’ll need to know to become an AWS networking specialist. (by CloudGuru, 13 hrs video material)

AWS Certified Solutions Architect Professional 2020 The AWS Certified Solutions Architect Professional (CSA-Pro) exam reaches far beyond testing in-depth knowledge of the AWS platform and delves into your ability to make decisions in ambiguous situations, wrestle with sub-optimal trade-offs, and tease-out minute details from paragraphs of text. All this is carefully designed to permit only those with true, multi-dimensional mastery of cloud architectures to call themselves Certified Solutions Architects at the Professional level. (by CloudGuru, 12 hrs video material)

Optional Content

General

Developing on AWS In this course, you learn how to use the AWS SDK to develop secure and scalable cloud applications. Explore how to interact with AWS using code and also learn about key concepts, best practices, and troubleshooting tips.

Reference

One Year with Sagemaker: enhancing SaaS products based on custom Deep Learning with Econda GmbH In this Software Builders Connect webinar, AWS customer econda GmbH presents will share their journey and learnings of leveraging ML to capture greater business value. (by Dennis Weyland, econda GmbH)

Technology

Beyond the SQL WHERE Clause: Isolating SaaS Multi-Tenant Data in Shared Relational Databases SaaS providers leverage shared resources to maximize agility and minimize costs. As you move toward a more shared model, you must consider how you will still ensure that tenant resources remain isolated. This can be especially challenging when working with a shared relational database where tenant data sits side-by-side in the same tables. In these environments, you must find more creative ways to enforce the isolation of tenant data. In this session, we explore the challenges and approaches to this problem, digging into specific mechanisms and strategies that can be used to realize your tenant isolation goals. This will allow you to move beyond the use of SQL WHERE clauses and focus on less invasive, more systemic models for enforcing isolation. More specifically, we’ll look at how you can leverage Row Level Security (RLS) policies in Amazon Aurora and Amazon RDS to implement a more robust isolation scheme.

Kubernetes Deep Dive Kubernetes is fast-becoming the most important cloud-native technology in the world. You’ll learn how to build a Kubernetes cluster, and how to deploy and manage applications on it. Along the way, you’ll learn the internals of how Kubernetes works, as well as best-practices such as managing applications declaratively. By the end of the course you’ll have all the tools you need to get started with Kubernetes and take your career to the next level. (by CloudGuru, 4 hrs video material)

SaaS Storage Partitioning with Amazon Aurora Serverless In this post, we take a closer look at how Aurora Serverless works and how it influences your approach to storage partitioning in SaaS environments. The goal here is to highlight the implications of the serverless storage model, identifying key areas that will be of particular interest to SaaS developers.

Scaling Multi-Tenant SaaS data with Amazon Aurora Serverless In this webinar, we’ll explore the fundamentals of the Amazon Aurora Serverless architecture and outline how this service directly addresses some of the core challenges of managing multi-tenant data.

Managing SaaS Identity Through Custom Attributes and Amazon Cognito In this post, we will explore how to architect a multi-tenant system and identify tenant context and role using Amazon Cognito, which lets you easily add user sign-up and sign-in to your mobile and web apps. We’ll first explain how to introduce tenant context into a multi-tenant application and then define custom attributes and claims. We’ll also present a few design considerations and show you how to take advantage of custom attributes within a multi-tenant system.

SaaS Quick Start Highlights Identity and Isolation with Amazon Cognito The SaaS Identity and Isolation with Amazon Cognito Quick Start equips developers with a full working solution that digs into the nuances of injecting tenant identity into SaaS applications. This Quick Start addresses a broad range of SaaS identity topics with specific emphasis on illustrating how tenant context is introduced via Amazon Cognito and used in combination with AWS Identity and Access Management (IAM) to scope access to tenant resources.

Hands on with AWS Redshift: Table Design For decades, traditional data warehousing has been integral to business intelligence. But now, we have a new service category in this space: the cloud data warehouse. Cloud data warehouses like Amazon Redshift let you implement data warehousing solutions quickly, at scale, and at a lower cost all with significant gains in performance. In this introductory course, you’ll learn the ins-and-outs of designing, creating, and analyzing tables on Amazon Redshift. (by CloudGuru, 2.5 hrs video material)

Amazon DynamoDB for Serverless Architectures This digital course provides an in-depth and hands-on introduction to Amazon DynamoDB and how it is leveraged in building a serverless architecture. The course talks about core DynamoDB components and how-to setup and access them in creating a serverless application. You will also learn about several DynamoDB features, best practices and how this NoSQL service is beneficial in comparison to SQL solutions.

Running Container Enabled Microservices on AWS In this course, you will learn how to manage and scale container-enabled applications by using Amazon Elastic Container Service (Amazon ECS). We will explore the challenges of running containerized applications at scale and provide guidance on creating and using Amazon ECS to develop and deploy containerized microservices‒based applications.

AWS Certified Machine Learning - Specialty 2020 With this course you’ll get a solid understanding of the services and platforms available on AWS for Machine Learning projects, build a foundation to pass the certification exam and feel equipped to use the AWS ML portfolio in your own real-world applications. (by CloudGuru, 13 hrs video material)

AWS Lambda@Edge This course is an introduction to creating, deploying, testing, and managing Lambda@Edge functions. Lambda@Edge is an amazing solution that takes Lambda to a whole new level by enabling you to run your function code directly at CloudFront edge locations. (by CloudGuru, 3 hrs video material)

AWS ECS - Scaling Docker Learn to deploy Docker with AWS EC2 Container Service (ECS) in about 6 hours. The main AWS component that you’ll learn about in this course is Amazon ECS, which is the Amazon EC2 Container Service. It’s Amazon’s take on how to manage a cluster of Docker containers. (by CloudGuru, 6 hrs video material)

Modernize .NET Applications Using the Latest Features on AWS Development Tools Developers are increasingly looking to modernize their .NET applications on AWS, using the AWS development tools for .NET to quickly get started and manage their applications. Join us for this fireside chat where AWS Technical Evangelist, Steve Roberts, and Norm Johanson, Senior Developer on the AWS .NET SDKs and Tools team, dive deep and demonstrate the latest updates to the AWS SDK and tools for .NET to make development for .NET developers even easier and more productive.

Building .NET-based Serverless Architectures and Running .NET Core Explore common approaches to refactoring legacy .NET applications to microservices and AWS serverless architectures.

Examples

SaaS and OpenID Connect: The Secret Sauce of Multitenant Identity and Isolation Identity is a foundational element of SaaS design, and getting it right can be challenging. You need a strategy that allows you to connect users to tenants, roles, and policies in a seamless model that doesn’t handcuff developers. Fortunately, identity providers and OpenID Connect give us a model that equips SaaS providers with the tools they need to address all the moving parts of SaaS identity. In this session, we dive into the details of how you can use these solutions to build a robust identity solution—a solution that covers binding identities to tenants, supports tenant and system roles, and isolates tenant access. The goal here is to provide a concrete example of how to orchestrate all of these elements of the SaaS identity model on AWS.

Architecting

Multi-tenant Storage with Amazon DynamoDB If you’re designing a true multi-tenant software as a service (SaaS) solution, you’re likely to devote a significant amount of time to selecting a strategy for effectively partitioning your system’s tenant data. On AWS, your partitioning options mirror much of what you see in the wild. If you’re looking to use Amazon DynamoDB, you’ll find that the global, managed nature of this NoSQL database presents you with some new twists that will likely influence your approach. The specific needs of your solutions will steer you toward one or more of these approaches. This blog post looks at how these partitioning models map to the different partitioning approaches that are available with DynamoDB.

AWS SaaS Factory Architecture Track: Multi-tenant Data Partitioning The goal of this course is to provide you with an end-to-end review of the common techniques that are used to implement partitioning in SaaS environments. This course outlines the various models for partitioning and concludes with a review of how each storage pattern is realized on Amazon DynamoDB, Amazon RDS, Amazon Redshift, and Amazon S3. We’ll also explore optimization strategies than can be employed to address some of the challenges associated variations in tenant load and data size.

Best Practices

SaaS tenant isolation patterns Tenant isolation is one of the most fundamental aspects of SaaS architecture. Every SaaS provider must consider how to ensure that their tenant resources are isolated and secure. The challenge is that each resource type (compute, storage, etc.) requires different isolation approaches. In this session, we build a clear roadmap for navigating the landscape of isolation options, highlighting the strategies for achieving isolation spanning the different multi-tenancy models and AWS services. Our goal is to create a comprehensive view of the considerations that impact your approach to introducing isolation into your SaaS solution.

The Secret to SaaS (Hint: It’s Identity) Identity is a fundamental element of any SaaS environment. It must be woven into the fabric of your SaaS architecture and design, enabling you to authorize and scope access to your multi-tenant services, infrastructure, and data effectively. In this session, we pair with AWS partner Okta to examine how tenant identity is introduced into SaaS applications without undermining flexibility or developer productivity. The goal here is to highlight strategies that encapsulate tenant awareness and leverage the scale, security, and innovation enabled by AWS and its ecosystem of identity solutions. We dig into all the moving parts of the SaaS identity equation, showcasing the best practices and common considerations that will shape your approach to SaaS identity management.

Management & Operations

Testing SaaS Solutions on AWS This blog post highlights the areas where SaaS can influence your approach to testing on AWS. In some cases, SaaS will simply extend your existing testing models (load, performance, and so on). In other cases, the multi-tenant nature of SaaS will introduce new considerations that will require new types of tests that exercise the SaaS-specific dimensions of your solution. This post also examines and provides insights into how expanding the scope of your tests can add value to SaaS environments.

AWS Certification

AWS Certified Big Data - Specialty 2019 The AWS Big Data - Specialty certification will not only help you learn some new skills, it can position you for a higher paying job or help you transform your current role into a Big Data and Analytics professional. You must already have at least one associate level certificate to take this exam. This course gives you a study guide and tips on what to expect in the exam. (by CloudGuru, 12 hrs video material)

AWS Certified Specialty – Security certification exam This certification is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads.

AWS Certified Security - Specialty Exam Guide Review the exam guide, which contains the content outline and target audience for the certification exam. Perform a self-assessment to identify your knowledge or skills gaps.

AWS Certified Security -Specialty Exam Guide Review the exam guide, which contains the content outline and target audience for the certification exam. Perform a self-assessment to identify your knowledge or skills gaps.

AWS Certified Security -Specialty Sample Questions Review the sample questions, which demonstrate the format of the questions used on the exam.

Exam Readiness: AWS Certified Security – Specialty The AWS Certified Security Specialty exam validates technical skills and experience in securing and hardening workloads and architectures on the AWS platform.

Exam Readiness: AWS Certified Security – Specialty The AWS Certified Security Specialty exam validates technical skills and experience in securing and hardening workloads and architectures on the AWS platform.

AWS Certified Developer - Associate 2020 Learn how to develop, deploy, and debug Serverless applications using AWS. This course for intermediate-level students begins with an overview of the fundamentals of Cloud computing, then moves you through an in-depth curriculum on developing, deploying, and maintaining applications on AWS. (by CloudGuru, 16.5 hrs video material)