Open smalers opened 1 year ago
After research, some of the above points have been dealt with or are no longer necessary.
There seems to be 4 ways that Amazon suggests using, and I will list them here briefly. Here is the link to all 4 of them that go a bit more in-depth: https://docs.aws.amazon.com/cognito/latest/developerguide/multi-tenant-application-best-practices.html
Steve can let me know what he thinks about these 4 options. Most seem to have good and bad things about them, but if I had to order them right now from best to worst it would be
3 - Best
1 - Better
4 - Good
2 - Moderate
You need to explain why you are ranking the way you do. I suggest that you put the 4 in a table across the top and then have rows for different criteria, with each cell having clear + and - indicators. My input is that I am Ok with a bit more complexity if it provides clarity, security, and other benefits.
Explaining vocabulary in documentation is important such as a tenant is an organization with each organization having one or more associated users.
A clear summary would also help such as "A user-pool-based multi-tenancy approach requires a user pool for each organization with more complexity due to defining the multiple user pools and policies." "An app-client-based multitenancy approach uses a single user pool for the application and the application enforces behaviors". The rows of the table might then indicate relevant information such as "Number of user pools" and "1 per organization" and "1 for all organizations".
The evaluation needs to be considered given our tenant types (organization with 1+ users, personal user, and community).
I am slightly leaning towards option 1 mainly because it gives flexibility and better separation of organizations. For example, we get into a situation where we need to provide a more complex hierarchy of roles.
We need to implement authentication in order to allow certain users to edit InfoMapper configurations. Although our initial goal is public websites, we need to control who creates and edits them, and also who creates Organization and Personal accounts, Users, etc. Below are technical considerations:
The immediate work is to figure out the mechanics of using Cognito to login and working with AWS Organizations.