AWS re:Invent 2019: SaaS tenant isolation patterns (ARC372-P)
This presentation was recorded prior to re:Invent. Tenant isolation is one of the most fundamental aspects of SaaS architecture. Every SaaS provider must consider how to ensure that their tenant resources are isolated and secure. The challenge is that each resource type (compute, storage, etc.) requires different isolation approaches. In this session, we build a clear roadmap for navigating the landscape of isolation options, highlighting the strategies for achieving isolation spanning the different multi-tenancy models and AWS services. Our goal is to create a comprehensive view of the considerations that impact your approach to introducing isolation into your SaaS solution.
Excellent content, thank you!
Great video Tod, thank you sooo much !!
Learned lot about SaaS isolation, thank you very much !
Thanks Tod great video! However it is still not clear to me from security perspective why is ECS so different from Lambda. You mentioned, that you can’t prevent code from ECS task executing other resources. If you define role per task, does that actually prevent running anything else than what is defined in Task IAM Role?
I’d also like to know more about this drawback of ECS
no *u*