Originally posted by **Xenoha** May 16, 2024
Hello!
As usual, this is some good stuff. It incompasses a lot of best practices for Multi tenant SaaS. And because of your teams experience, the architecture of resources flows nicely.
I'm a little confused on a major best practice that is talked about all the time and used. That is the use of multiple accounts. In practice, services, app planes, control planes, and etc, would all live in other accounts. When are we going to see something that really showcases this major hurdle?
When using multiple accounts you have networking and resource sharing management, secret sharing management, IAM management for organizations or accounts based on security needs of the services/products, permissions services, and more. One of the major pain points is the SDLC of these different services and deployment of these service. Not to mention if there is a need to build/configure resources for tenants dynamically.
Is the team addressing these challenges through the community with kits like this one?
It would be interesting to introduce the concept of a cell, where a cell may encompass an entire AWS account for a single tenant, or multiple tenants can co-occupy a single AWS account.
Discussed in https://github.com/awslabs/sbt-aws/discussions/45