Architecture
The following is the architecture for enterprise users.
Each enterprise user gets a completely separate environment and secure https subdomain to provide isolation, in other words a shared nothing architecture. This environment is set up in a completely automated way from the UI which ultimately invokes a cloudformation script to set up EBS, API Gateway, Lambdas and the MySQL schema for the database. All schemas for the enterprise users are on the same RDS instance to optimize costs yet keep them isolated. Cognito is used for authentication and authorization by both the front end as well as back end using API Gateway lambda authorizer. Separate user pools and identity pools are set up for each enterprise user in Cognito.
The architecture for professional users is as follows: All professional users share the same front end but get their own secure subdomain. The front end built using Angular is hosted on EBS. The back end stack from API gateway to lambdas and database schema is completely separate for each professional user, thus providing isolation. There is a single Cognito user pool and identity pool for all the professional users.
There are 3 separate demo environments sharing a common backend but different front ends deployed on CDN/S3 as shown below:
The architecture for professional users is as follows: All professional users share the same front end but get their own secure subdomain. The front end built using Angular is hosted on EBS. The back end stack from API gateway to lambdas and database schema is completely separate for each professional user, thus providing isolation. There is a single Cognito user pool and identity pool for all the professional users.
There are 3 separate demo environments sharing a common backend but different front ends deployed on CDN/S3 as shown below: