AWS Partner Network (APN) Blog

Tag: token vending machine

AWS-SaaS-Factory-1

Isolating SaaS Tenants with Dynamically Generated IAM Policies

Many SaaS organizations leverage AWS Identity and Access Management (IAM) to define a series of policies and roles that can be used to ensure tenants are not allowed to cross tenant boundaries when accessing resources. To make this work, you have to create separate policies for each tenant which can create an explosion of tenant policies that push the account limits of IAM. Learn how dynamic policy generation creates a more scalable and manageable isolation experience.