AWS re:Invent 2022
How Buy with Prime Built a Resilient Multi Tenant Saas Architecture Bwp301

Title

AWS re:Invent 2022 - How Buy with Prime built a resilient multi-tenant SaaS architecture (BWP301)

Summary

  • Presenters: Jiwon Young (Solutions Architect at Bioprime), JD (Professional Service Consultant at Amazon AWS), and Ryan Lohan (Principal Engineer at Amazon).
  • Service Introduction: Buy with Prime (Bioprime) is a service that extends Prime shopping benefits to non-Amazon websites, allowing merchants to offer Prime benefits like two-day free shipping and easy returns.
  • Architecture Overview: The architecture is split into a customer-facing layer (products, buttons, APIs, developer tools) and backend services (payment, orders, catalog, delivery, etc.).
  • Multi-Tenancy Model: Bioprime allows each microservice team to choose their own multi-tenancy model, with a mix of siloed and pooled architectures, guided by AWS Well-Architected Framework and internal best practices.
  • Identity and Isolation: Tenant-specific resources are created using CloudFormation, and access is controlled via AWS Identity and Access Management (IAM) and tenant-specific encryption keys.
  • Noisy Neighbor Problem: JD discusses strategies to prevent and monitor for noisy neighbors, including rate limiting at multiple layers and using AWS services like CloudWatch for telemetry.
  • Key Takeaways: Ensure resources know their owner (tenant ID), use tenant ID for isolation and tackling noisy neighbors, have dedicated multi-tenancy test cases, throttle at multiple layers, and use telemetry to identify noisy neighbors.

Insights

  • Flexibility and Security: Bioprime's architecture emphasizes flexibility to allow product teams to experiment without backend dependencies, while also ensuring security and reliability through tenant isolation and data encryption.
  • Cost Efficiency: The architecture aims to be cost-efficient by using pooled resources where appropriate and avoiding unnecessary resource consumption.
  • Tenant-Aware Architecture: The use of tenant IDs and tenant-specific resources is critical for maintaining security and isolation in a multi-tenant SaaS environment.
  • Prevention and Monitoring: Bioprime employs a multi-layered approach to prevent and monitor for noisy neighbors, using AWS services like WAF, API Gateway, and CloudWatch, as well as custom tools like the ByWithPrime CloudWatch Log CLI.
  • Community Engagement: The presentation encourages community engagement by inviting attendees to visit the AWS demo theater and to subscribe for future updates on ByWithPrime.
How Bp Gained Flexibility and Cost Savings by Migrating to Rosa Con202How Capital One Accelerates Innovation with Aws Databases Dat211