Here’s what it would look like in the AWS SDK:Įxport default class ApplicationLayerStack extends cdk. To add a WAF, you must deploy a new WAF element via AWS, and create an IP set. Adding a WAFĪdding a WAF via NodeJS using the AWS SDK In our specific usecase, we also prefer our infrastructure to require as little self managed infrastructure as possible. To filter out specific tenants from your SaaS, you need to have filtering infrastructure that can process all requests with minimal Latency. Generally, you can write rules that regex-match within the request and it's body, or you can match based on origin via matching the origin IP.
After attachment, you can configure rules on the WAF and it will match all traffic to decide if the specific request should be blocked. How does it work?ĪWS' implementations of WAF are attached to data ingress infrastructure to analyze their traffic, like ALB, CloudFront, or AWS API gateway. This article by Paloalto Networks explains it well. WAFs are software that analyze traffic to decide if they should be let through based on certain criterias, usually at the HTTP layer. This fleet will be fronted with an AWS Application Load Balancer.Īt the database layer, we can assume it's a Amazon DynamoDB table.
In this article, we can assume that the multi-tenant SaaS is running a traditional 3 tier architecture.Īt the presentation layer: We can assume it is a ReactJS application running in S3 and served with CloudFront.Īt the application layer, we can assume it's an autoscaled fleet of ECS tasks running a NodeJS Express API in Fargate mode. This blog will explore an easier way to deal with this by creating a big red button using AWS WAF (web application firewall). It can be excruciating to try and recover your system while all your other customers cannot access their resources, and you destroy your SLA. A rogue tenant who is sending a significant amount of requests to the system will ruin everyone else's experience in your multi-tenant SaaS.
0 kommentar(er)
