Numino Client-Ready Multitenant Architecture with AWS PaaS

Overview

When a new company launches a product, one of the biggest challenges is setting up an infrastructure that can scale with its growing user base while keeping development efforts focused on core functionality. Early-stage teams often struggle with managing tenant onboarding, handling authentication, and ensuring seamless access to the application across different clients. Without a well-structured foundation, developers can get caught up in infrastructure complexities, slowing down feature development and increasing operational overhead.

To address these challenges, a robust multitenancy architecture has been created that provides a foundational setup and accelerates product development. By streamlining tenant management, securing access, and enabling service isolation, this architecture allows teams to quickly onboard new clients without significant engineering effort. The approach ensures that scaling the product does not require constant infrastructure modifications, giving teams the flexibility to focus on innovation rather than operational bottlenecks.

This framework establishes a standardized architectural foundation for seamless software product onboarding, allowing development teams to concentrate on core features without being burdened by infrastructure complexities. As a key component of the Numino Software Development Toolkit for AWS, it streamlines project initiation, reducing both time and resource investment. By building on AWS PaaS offerings, it introduces a reusable, scalable solution that simplifies and accelerates multi-tenant application development for our clients.

Project Info

Category

Cloud Backend

Client

Numino

Tags

  • AWS
  • Microservices
  • Cognito
  • IAM

Product Features

Scalable Tenant Onboarding
Scalable Tenant Onboarding
Seamless addition of new tenants with minimal configuration.


API Gateway-Based Tenant Routing
API Gateway-Based Tenant Routing
Efficient request routing without dependencies on specific backend frameworks.
Containerized Tenant Services
Containerized Tenant Services
Isolated, scalable services allowing language-agnostic implementations.


Resource Optimization
Resource Optimization
Efficient utilization of shared and dedicated components.

Improved Security and Access Control
Improved Security and Access Control
Centralized identity management and tenant-specific policies.
Data Isolation Using AWS Services
Data Isolation Using AWS Services
Tenant-specific databases and storage, ensuring strict data separation.

Architecture

The reference solution illustrates many of the components needed to build a multi-tenant SaaS solution using AWS PaaS.

This SaaS solution incorporates two deployment models—silo (Dedicated Services) and pool (Shared Services)—to demonstrate how these models impact onboarding, isolation, noisy neighbor effects, performance, and tiering in a serverless SaaS environment.

  • Silo Model: Each tenant has its own set of infrastructure resources.
  • Pool Model: All tenants share a common storage and compute infrastructure.

Shared Tier (Multi-Tenant Model)

In the shared tier, multiple tenants utilize common infrastructure components while maintaining logical data separation.

API Gateway:
A single API Gateway instance routes requests based on tenant identifiers.
CloudFront & S3:​
A CloudFront instance with a common SSL certificate serves multiple tenants.
Containerized Services:
Tenant specific containerised application services handle multiple tenants on the common Ec2 infrastructure.
Database:
A multi-tenant database is used, with tenant-level data isolation through schema separation.

Best For: Small to mid-sized tenants who prioritize cost efficiency over strict isolation.

Silo Tier (Single-Tenant Model)

In the silo tier, each tenant gets a fully isolated environment, ensuring maximum security and performance.

CloudFront and S3
Each tenant has a dedicated CloudFront instance with its own SSL certificate.
API Gateway
A separate API Gateway instance is provisioned per tenant for complete request isolation.
Containerized Services:
Each tenant has a dedicated containerized service, allowing independent scaling and technology choices.
Database
A separate database instance per tenant ensures full data isolation.

Authentication
A dedicated Cognito user pool for each tenant enhances security and access control.

Best For: Large enterprises or clients with stringent security and performance requirements.

Below is a comparison of the 2 tiers –

Workflow

<span class="mil-accent">Client Request Initiation </span>
Client Request Initiation
  • A tenant-specific request is initiated from the frontend, which is served via CloudFront with an associated S3 bucket and SSL certificate.


    • <span class="mil-accent">Routing via API Gateway </span>
    Routing via API Gateway
  • The request is directed to API Gateway, which serves as the main entry point for all tenant-specific requests.
  • API Gateway determines the appropriate backend service based on the tenant's subdomain.
    • <span class="mil-accent">Authentication & Authorization </span>
    Authentication & Authorization
  • API Gateway integrates directly with AWS Cognito User Pools where the request is authenticated based on the tenant’s specific Cognito user pool and role-based access controls.
    • <span class="mil-accent">Tenant-Specific Service Invocation </span>
    Tenant-Specific Service Invocation
  • After authentication, API Gateway forwards the request to the appropriate containerized service (deployed on ECS/EKS).
  • Each tenant’s service instance operates independently, ensuring service isolation.
    • <span class="mil-accent">Database and Data Isolation </span>
    Database and Data Isolation
  • The backend service retrieves or stores data in a tenant-specific database (RDS) using tenant-aware connection routing.
  • Data isolation is maintained at the AWS service level, ensuring strict separation of tenant data.
    • <span class="mil-accent">Response Generation & Delivery to Client </span>
    Response Generation & Delivery to Client
  • The backend processes the request, applies business logic, and fetches necessary data.
  • The response is structured and returned to API Gateway that forwards the response back to the frontend via CloudFront

    • Tenant Registration and Onboarding

    The steps of the sign-up process are as follow

    Conclusion

    Choosing the Right Multitenancy Approach
    Choosing the Right Multitenancy Approach
    Selecting the right multitenancy architecture in AWS is crucial, as initial choices can have long-term implications. A well-established, proven approach minimizes risks and ensures seamless security management across diverse tenant requirements.





    Optimized for Maintainability and Business Growth
    Optimized for Maintainability and Business Growth
    This architecture is designed with maintainability in mind, allowing development teams to focus on business-critical tasks such as optimizing user experience, enhancing core product functionality, and improving application performance.





    Continuous Evolution for Scalable Solutions
    Continuous Evolution for Scalable Solutions
    At Numino, we continuously refine our architectural patterns based on real-world implementations across our client base. These proactive updates ensure that both new and existing clients benefit from the latest best practices and industry trends. By fostering an adaptive, evolving framework, we remain committed to delivering scalable, future-proof solutions that effectively address our clients' growing needs.

    Read More

    Pixm Anti Phishing v2.0
    Cloud Backend,Web Apps,
    Pixm Anti Phishing v2.0

    Pixm is an AI tool that stops phishing attacks instantly when clicked, using serverless technology for scalable, cloud-based threat detection and comprehensive enterprise security management.
    StrategicIT ePMOLite Project Management
    Cloud Backend,Web Apps,
    StrategicIT ePMOLite Project Management

    ePMOLite transforms IT PMO for small to mid-sized organizations with a cloud-based, serverless solution that tracks progress and financials, facilitating informed decision-making.
    PromptMule Prompt Cache LLMs
    AI,Cloud Backend,
    PromptMule Prompt Cache LLMs

    PromptMule, a managed caching service, leverages semantic caching and vector embeddings to deliver lightning-fast responses, reducing costs by 70% while improving application responsiveness by 5x.
    Choosing the Right Multitenancy Approach
    Choosing the Right Multitenancy Approach
    Selecting the right multitenancy architecture in AWS is crucial, as initial choices can have long-term implications. A well-established, proven approach minimizes risks and ensures seamless security management across diverse tenant requirements.





    Optimized for Maintainability and Business Growth
    Optimized for Maintainability and Business Growth
    This architecture is designed with maintainability in mind, allowing development teams to focus on business-critical tasks such as optimizing user experience, enhancing core product functionality, and improving application performance.





    Continuous Evolution for Scalable Solutions
    Continuous Evolution for Scalable Solutions
    At Numino, we continuously refine our architectural patterns based on real-world implementations across our client base. These proactive updates ensure that both new and existing clients benefit from the latest best practices and industry trends. By fostering an adaptive, evolving framework, we remain committed to delivering scalable, future-proof solutions that effectively address our clients' growing needs.