Category: Best Practices

Most SaaS solutions which undergo an AWS Foundational Technical Review (FTR) ingest, manage, and store sensitive data. The FTR is a review based on the AWS Well-Architected Framework and enables AWS Partners to identify and remediate risks in their solutions. Learn how to manage and secure sensitive data within their SaaS solutions with a focus on addressing requirements related to PII or PHI requirements in the Foundational Technical Review.

Data transfer cost is a key component to consider when selecting your strategy to get data into Splunk Cloud on AWS. Customers using Splunk Cloud on AWS for their security, operational, and observability use cases may manage large volumes of data. Having a thorough understanding of AWS data transfer charges can help them optimize their architectures and costs. This post discusses the data transfer costs for five of the most common Splunk use cases.

As you consider migrating to VMware Cloud on AWS or have already done so, you could have the requirement to protect web servers residing in a vSphere environment on the AWS global infrastructure. To provide one aspect of security for these workloads, you can leverage the AWS WAF, a web application firewall that helps protect your apps or APIs against common web exploits and bots. AWS WAF provides scanning of designated HTTP/HTTPS traffic to protect against various attacks.

Amazon OpenSearch Service is frequently used by SaaS providers to address a broad range of use cases. The use of Amazon OpenSearch Service in a multi-tenant environment, however, introduces a collection of new considerations that will influence how you partition, isolate, deploy, and manage your solution. Explore the strategies and patterns that are used to address these common issues, and look at the specific models used to represent and isolate each tenant’s data with Amazon OpenSearch Service constructs.

It’s often required for a partner solution running on Amazon Web Services to access AWS accounts owned by their customers (third-party AWS accounts). This kind of access is known as cross-account access. In such scenarios, a cross-account AWS Identity and Access Management (IAM) role with external ID should be used. Explore the best practices for using external ID to avoid the confused deputy problem it is designed to solve.

Data security is a particularly important topic for multi-tenant SaaS applications that handle customers’ sensitive data. How to securely segregate tenant data and how to provide data access to customers will vary depending on the SaaS solution’s architecture and its requirements. This post explores how SaaS vendors can build secure, scalable, and cost-effective data exchange mechanisms using SFTP (SSH File Transfer Protocol) with AWS managed services like AWS Transfer Family.

Building multi-tenant systems can represent a major effort for some teams. This post focuses on introducing strategies that allow developers to write their day-to-day code without having to think about how tenancy might influence their implementation. AWS Lambda Layers allow SaaS architects to centralize tenant-aware libraries without impacting the size or load-time of your application’s functions.

The AWS Competency program validates and promotes AWS Partners with demonstrated technical expertise and proven customer success. Attaining a Competency helps partners market and differentiate their business to customers by showcasing their capabilities in specialized areas. To get there, it’s important AWS Partners have a list of best practices and recommendations. Learn how partners can achieve and make the most out of the AWS Competency program through four key steps.

Customers building on AWS can benefit from specific alignment to either their architecture or an industry vertical via lenses which are included within the AWS Well-Architected Tool and include questions applicable to that particular workload. Learn how findings from the Serverless Application Lens can be automated using Dashbird Insights to show misconfigurations and best practice violations in relation to serverless workloads. This post walks through the deployment of an example serverless application that we’ll profile using Dashbird Insights.

Many SaaS applications store multi-tenant data with Amazon S3. Learn about the various strategies that can be applied when partitioning tenant data with S3, and explore the considerations that may influence how and when you apply these mechanisms in your own solution. See how this influences tenant isolation and the accessibility of S3 objects, and dive deep on tenant activity and cost tracking, lifecycle management for objects, and additional bucket security configurations.