Best Practices

Building a Scalable and Secure Multi-VPC AWS Network Infrastructure This whitepaper describes best practices for creating scalable and secure network architectures in a large network using AWS services like Amazon VPC, AWS Transit Gateway, AWS PrivateLink, and AWS Direct Connect Gateway.It demonstrates solutions for managing growing infrastructure—ensuring scalability, high availability,and security while keeping overhead costs low.

Technology

Managing SaaS Users with Amazon Cognito This blog post takes a look at the key capabilities of the Amazon Cognito Identity user pools feature. The goal is to touch on the main concepts and provide an introduction to some of the fundamental capabilities of this new feature.

Identity Federation and SSO for SaaS on AWS In this blog post we explore some of the technologies and concepts behind single sign-on (SSO), linking third-party user identity to your applications (identity federation), and some of AWS products and partner solutions that can help with implementation.

Examples

SaaS Identity and Isolation with Amazon Cognito AWS Quick Start This Quick Start implements a high availability solution for identity and isolation in multi-tenant software as a service (SaaS) environments, using Amazon Cognito as the identity provider. The Quick Start provides a lightweight SaaS order management system that illustrates different aspects of identity and isolation, spanning the roles in a multi-tenant environment.

AWS Certification

AWS Certified Specialty – Security certification exam This certification is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads.

AWS Certified Security - Specialty Exam Guide Review the exam guide, which contains the content outline and target audience for the certification exam. Perform a self-assessment to identify your knowledge or skills gaps.

AWS Certified Security -Specialty Exam Guide Review the exam guide, which contains the content outline and target audience for the certification exam. Perform a self-assessment to identify your knowledge or skills gaps.

AWS Certified Security -Specialty Sample Questions Review the sample questions, which demonstrate the format of the questions used on the exam.

Exam Readiness: AWS Certified Security – Specialty The AWS Certified Security Specialty exam validates technical skills and experience in securing and hardening workloads and architectures on the AWS platform.

Exam Readiness: AWS Certified Security – Specialty The AWS Certified Security Specialty exam validates technical skills and experience in securing and hardening workloads and architectures on the AWS platform.

AWS Certified Security - Specialty 2020 The top issue in the IT industry right now is finding enough trained talent to run an effective IT team. The second issue is security. Amazon Web Services are addressing both of these needs by launching the AWS Security certification. (by CloudGuru, 14 hrs video material)

Optional Content

Best Practices

SaaS tenant isolation patterns Tenant isolation is one of the most fundamental aspects of SaaS architecture. Every SaaS provider must consider how to ensure that their tenant resources are isolated and secure. The challenge is that each resource type (compute, storage, etc.) requires different isolation approaches. In this session, we build a clear roadmap for navigating the landscape of isolation options, highlighting the strategies for achieving isolation spanning the different multi-tenancy models and AWS services. Our goal is to create a comprehensive view of the considerations that impact your approach to introducing isolation into your SaaS solution.

The Secret to SaaS (Hint: It’s Identity) Identity is a fundamental element of any SaaS environment. It must be woven into the fabric of your SaaS architecture and design, enabling you to authorize and scope access to your multi-tenant services, infrastructure, and data effectively. In this session, we pair with AWS partner Okta to examine how tenant identity is introduced into SaaS applications without undermining flexibility or developer productivity. The goal here is to highlight strategies that encapsulate tenant awareness and leverage the scale, security, and innovation enabled by AWS and its ecosystem of identity solutions. We dig into all the moving parts of the SaaS identity equation, showcasing the best practices and common considerations that will shape your approach to SaaS identity management.

Technology

Beyond the SQL WHERE Clause: Isolating SaaS Multi-Tenant Data in Shared Relational Databases SaaS providers leverage shared resources to maximize agility and minimize costs. As you move toward a more shared model, you must consider how you will still ensure that tenant resources remain isolated. This can be especially challenging when working with a shared relational database where tenant data sits side-by-side in the same tables. In these environments, you must find more creative ways to enforce the isolation of tenant data. In this session, we explore the challenges and approaches to this problem, digging into specific mechanisms and strategies that can be used to realize your tenant isolation goals. This will allow you to move beyond the use of SQL WHERE clauses and focus on less invasive, more systemic models for enforcing isolation. More specifically, we’ll look at how you can leverage Row Level Security (RLS) policies in Amazon Aurora and Amazon RDS to implement a more robust isolation scheme.

Managing SaaS Identity Through Custom Attributes and Amazon Cognito In this post, we will explore how to architect a multi-tenant system and identify tenant context and role using Amazon Cognito, which lets you easily add user sign-up and sign-in to your mobile and web apps. We’ll first explain how to introduce tenant context into a multi-tenant application and then define custom attributes and claims. We’ll also present a few design considerations and show you how to take advantage of custom attributes within a multi-tenant system.

SaaS Quick Start Highlights Identity and Isolation with Amazon Cognito The SaaS Identity and Isolation with Amazon Cognito Quick Start equips developers with a full working solution that digs into the nuances of injecting tenant identity into SaaS applications. This Quick Start addresses a broad range of SaaS identity topics with specific emphasis on illustrating how tenant context is introduced via Amazon Cognito and used in combination with AWS Identity and Access Management (IAM) to scope access to tenant resources.

Introduction to AWS X-Ray In this course, we discuss how you can use AWS X-Ray to create a service map, identify errors and bugs, and build your own analysis and visualization applications. Use cases and a demonstration of AWS X-Ray will also be included.

Reference

SaaS Reference: Review of Real-World Patterns & Strategies There is no single approach to building SaaS applications on AWS. Domain, compliance, performance, legacy considerations, and business forces all play a big role in shaping the architecture of your solutions. While there are many strategies for implementing SaaS on AWS, there are some common architectural patterns that are used to address the varying needs of SaaS providers. In this session, we review in detail a collection of SaaS reference architectures that represent a spectrum of approaches to addressing identity, onboarding, storage partitioning, tenant isolation, billing, deployment, regional distribution, and operational models. Our goal is to provide a menu of concrete solutions that can provide insights into how AWS constructs are leveraged to realize SaaS best practices on AWS

Architecting

Advanced Architecting on AWS In this course, you will build on concepts introduced in Architecting on AWS. You will learn how to build complex solutions that incorporate data services, governance, and security on the AWS platform. You will also learn about specialized AWS services, including AWS Direct Connect and AWS Storage Gateway, that support hybrid architecture, and you will learn about best practices for building scalable, elastic, secure, and highly available applications on AWS.

AWS SaaS Factory Architecture Track: Tenant Isolation The goal of this course is to examine the competing forces that influence different isolation strategies, weighing the pros and cons of each approach. This highlights how each of these models are realized on AWS and outlines mechanisms that can be used to prevent cross-tenant access.

SaaS Multi-Tenant Isolation Architectures with Amazon Elastic Kubernetes Service Kubernetes represents a very compelling model for SaaS providers. However, it also presents new challenges when it comes to isolating the compute resources of your SaaS environment. In this session, we review the general challenges associated with building a multi-tenant with the Amazon Elastic Kubernetes Service (Amazon EKS). We examine the fundamentals of SaaS Amazon EKS architecture, evaluating the design considerations, architectural patterns, and best practices that will shape this isolation model of an Amazon EKS SaaS environment.

AWS SaaS Factory Architecture Track: SaaS Identity and Onboarding In this course, you will learn the end-to-end elements of the onboarding process and highlight key considerations of building a robust SaaS identity and onboarding experience, explore a specific approach that leverages OpenID Connect to embed tenant context into your system’s identity tokens, and examine how these tokens can be used to scope access to tenant resources. You will also explore the broader elements of onboarding, including billing relationships and the configuration and provisioning of the tenant environment.

AWS Certification

AWS Certified Solutions Architect Associate 2020 Learn the major components of Amazon Web Services, and prepare for the associate-level AWS Certified Solutions Architect exam – one of the industry’s most in-demand certifications! (by CloudGuru, 12.5 hrs video material)

AWS Certified Developer - Associate 2020 Learn how to develop, deploy, and debug Serverless applications using AWS. This course for intermediate-level students begins with an overview of the fundamentals of Cloud computing, then moves you through an in-depth curriculum on developing, deploying, and maintaining applications on AWS. (by CloudGuru, 16.5 hrs video material)