|
1 | 1 | --- |
2 | | -title: "Building Scalable Multi-Tenant Systems with AWS CDK: An IAC Approach" |
| 2 | +title: "Building Scalable Multi-Tenant Systems with AWS CDK: An IaC Approach" |
3 | 3 | authorId: "mufaddal" |
4 | 4 | date: 2024-10-30 |
5 | 5 | draft: false |
6 | 6 | featured: true |
7 | 7 | weight: 1 |
8 | 8 | --- |
9 | | -In this blog I will be taking you on a journey of building the scalable and efficient IAC solution that we build for our multi tenant system. Here we are not going to debate why we choose the CDK; that will be another discussion that can be highlighted in another blog. Instead, how we approached solving using AWS CDK is going to be discussed in this blog. Even if you are not very familiar with CDK, this blog can help to build a mental model of how we can think while writing the code for the infrastructure of such a complex system. |
| 9 | +In this blog I will be taking you on a journey of building the scalable and efficient IaC solution that we build for our multi tenant system. Here we are not going to debate why we choose the CDK; that will be another discussion that can be highlighted in another blog. Instead, how we approached solving using AWS CDK is going to be discussed in this blog. Even if you are not very familiar with CDK, this blog can help to build a mental model of how we can think while writing the code for the infrastructure of such a complex system. |
10 | 10 |
|
11 | 11 | ## What are Multi-tenant Systems? |
12 | 12 |
|
13 | 13 | A multi-tenancy architecture uses a single instance of a software application to serve multiple customers. Each customer is referred to as a tenant. Tenants can customize certain aspects of the application, such as the color of the user interface or business rules, but they cannot change the application's code. |
14 | 14 |
|
15 | | -While there are mainly three types of multitenant architecture. |
| 15 | +While there are mainly three types of multi-tenant architecture. |
16 | 16 |
|
17 | 17 | 1. One Application, One Database: All tenants share a single database. |
18 | 18 | 2. One Application, Multiple Databases: Each tenant has its own database while sharing the same application instance. |
@@ -47,17 +47,17 @@ To visualize our architecture, consider the following components: |
47 | 47 |
|
48 | 48 | ## What do we know? |
49 | 49 |
|
50 | | -Now let’s briefly see what all things we have in our bucket and what is expected from IAC. |
| 50 | +Now let’s briefly see what all things we have in our bucket and what is expected from IaC. |
51 | 51 |
|
52 | 52 | As we were using AWS as our cloud provider, we started looking into finalizing the architecture that we were going to use for our system. After all the R&D, we decided to go with the Multi-VPC architecture that is one of the recommendations from AWS, and yes, this was written in AWS CDK. And hence, taking recommendations from this CDK solution, we were able to achieve a single VPC for a single tenant, which then solved our complete isolation problem along with the platform VPC connectivity with the tenant VPCs. We will be looking at this in detail in this blog too. |
53 | 53 |
|
54 | 54 | Considering we have what we wanted for our networking infrastructure, then for applications we are going to use Fargate ECS services, RDS for databases, SSM for application environment variables, Secret Manager for application secrets, and Route 53 for maintaining the DNS records. |
55 | 55 |
|
56 | | -And for continuous integration and continuous deployment we are going to use the Github action. From all this decision, you might realize that we are avoiding anything self-hosted for now. |
| 56 | +And for continuous integration and continuous deployment we are going to use the GitHub action. From all this decision, you might realize that we are avoiding anything self-hosted for now. |
57 | 57 |
|
58 | | -Before we start looking into CDK code, let me tell you I will only be going through the configuration file with you, not the actual code, because CDK only differs from other IAC tools in that it is written in imperative form, which means we make the configuration file public-facing and the actual code an abstraction, which then helps each member of the org to just learn how to manipulate the configuration file and not the actual code, which helps the infrastructure manipulation be very easy, quick, and scalable. |
| 58 | +Before we start looking into CDK code, let me tell you I will only be going through the configuration file with you, not the actual code, because CDK only differs from other IaC tools in that it is written in imperative form, which means we make the configuration file public-facing and the actual code an abstraction, which then helps each member of the org to just learn how to manipulate the configuration file and not the actual code, which helps the infrastructure manipulation be very easy, quick, and scalable. |
59 | 59 |
|
60 | | -## IAC of Networking |
| 60 | +## IaC of Networking |
61 | 61 |
|
62 | 62 | Let’s first start looking into how we break down the [recommended](https://github.com/aws-samples/aws-vpc-builder-cdk/tree/main) networking architecture to fit our solution. |
63 | 63 |
|
@@ -191,11 +191,11 @@ So we had two options: Either edit the same code to add another support for the |
191 | 191 | We choose to go with the 2nd approach because |
192 | 192 |
|
193 | 193 | 1. Change in application-related configuration will be more aggressive than networking. |
194 | | -2. To make application configuration manipulated by developers, we have to keep the unusual data, according to devs, as little as possible in the same place. |
| 194 | +2. To make application configuration manipulated by developers, we have to keep the unusual data, according to developers, as little as possible in the same place. |
195 | 195 | 3. Changes in networking configuration can impact the entire ecosystem, and hence maintenance of that should only come under specific teams like SRE/DevOps and should not be available to manipulate so easily by any member of the organization. |
196 | | -4. By keeping application IAC separate, it also helps in automating the CI/CD, which is also another topic we can discuss in a further blog. |
| 196 | +4. By keeping application IaC separate, it also helps in automating the CI/CD, which is also another topic we can discuss in a further blog. |
197 | 197 |
|
198 | | -## IAC of Application |
| 198 | +## IaC of Application |
199 | 199 |
|
200 | 200 | The basic idea of writing AWS CDK code is to bundle the unit of deployment into the same stack. CDK Stack represents a single CloudFormation stack, which is a collection of resources that are deployed together. So here,I have created the stack with a collection of resources that are going to be deployed together and are linked. |
201 | 201 |
|
@@ -266,7 +266,7 @@ CDK Stack that is used to create a separate internal ALB, such as in the platfor |
266 | 266 |
|
267 | 267 | ## Conclusion |
268 | 268 |
|
269 | | -In conclusion, building a scalable and efficient multi-tenant system on AWS requires careful planning and design. By using AWS CDK, we were able to define and provision our cloud infrastructure resources in a flexible and scalable way. Our approach to separating IAC code for networking and applications allowed us to maintain consistency and make changes more easily. We hope that this blog post has provided a useful example of how to use AWS CDK to build a multi-tenant system. |
| 269 | +In conclusion, building a scalable and efficient multi-tenant system on AWS requires careful planning and design. By using AWS CDK, we were able to define and provision our cloud infrastructure resources in a flexible and scalable way. Our approach to separating IaC code for networking and applications allowed us to maintain consistency and make changes more easily. We hope that this blog post has provided a useful example of how to use AWS CDK to build a multi-tenant system. |
270 | 270 |
|
271 | 271 | We look forward to sharing more of our experiences in future blog posts with follow-up questions like below. |
272 | 272 |
|
|
0 commit comments