Amazon CloudFront SaaS Manager
Amazon is announced that Amazon CloudFront SaaS Manager, a new functionality that enables online development platform providers, software-as-a-service (SaaS) providers, and businesses with numerous brands and websites effectively manage delivery across many domains, is now generally available. CloudFront is already being used by customers to safely deliver content with fast transfer rates and minimal latency.
Managing tenant websites at scale, each of which needs TLS certificates, distributed denial-of-service (DDoS) protection, and performance monitoring, is a significant difficulty that Amazon CloudFront SaaS Manager tackles.
Web development platform providers and business SaaS providers who oversee several domains will be able to utilise Amazon CloudFront SaaS Manager’s straightforward APIs and reusable settings that leverage AWS WAF, AWS Certificate Manager, and CloudFront edge locations throughout the globe. In addition to offering enterprise-grade security and high-performance content delivery for all customer domains, CloudFront SaaS Manager may significantly minimise operational complexity.
How it works
A single CloudFront distribution may deliver content for several different tenants (people or organisations) through the usage of multi-tenant SaaS installations in CloudFront. To deliver content across several domains while sharing infrastructure and configuration, Amazon CloudFront SaaS Manager employs a novel template-based distribution paradigm known as a multi-tenant distribution. However, a standard distribution would be preferable or advised if supporting a single website or application.
The fundamental configuration that will be applied across domains, including security settings, cache behaviours, and origin configurations, is specified via a template distribution. To represent domain-specific origin pathways or origin domain names, including web access control list (ACL) overrides and custom TLS certificates, each template distribution includes a distribution tenant.
The connection group that supplies the CloudFront routing endpoint that delivers content to viewers can optionally be used by many distribution tenants. DNS records use a Canonical Name Record (CNAME) to link to the connection group’s CloudFront endpoint.
Amazon CloudFront SaaS Manager in action
An example will demonstrate Amazon CloudFront SaaS Manager’s capabilities. Your popular e-commerce platform, MyStore, makes it easy for your clients to open online stores. With 99.95 percent uptime over the past 12 months, MyStore’s tenants already benefit from exceptional customer service, security, dependability, and ease of use. There is also minimal setup needed to get a shop up and operating.
Each MyStore client is given a persistent mystore.app subdomain, and they are disproportionately split across the three pricing tiers: Bronze, Silver, and Gold. These tiers may be applied to various client categories, operating regions, and customised parameters. For instance, as an advanced feature, you might provide AWS WAF service in the Gold tier. To manage TLS connections and security for an increasing number of applications hosted on their platform, MyStore has chosen not to operate its own web servers. To find out if it will help them cut operating expenses, they are assessing CloudFront.
Let’s examine how to use the Amazon CloudFront SaaS Manager to set up your customers’ websites that are spread over several tiers like MyStore. Beginning with the Bronze, Silver, and Gold price tiers that are displayed in the Multi-tenant distribution under the SaaS menu on the Amazon CloudFront dashboard, you may establish a multi-tenant distribution that serves as a template for each of the three MyStore pricing levels.
If you have numerous websites or apps that will share the same configuration, you may establish a multi-tenant distribution by selecting Multi-tenant architecture under establish distribution. Complete the following steps to include basic information such your distribution name, tags, and wildcard certificate; describe the kind and location of your content’s origin, such as a website or application; and activate security features using the AWS WAF web ACL feature.
You may establish a distribution tenant by selecting establish tenant from the Distribution tenants menu in the left navigation pane once the multi-tenant distribution has been successfully formed. To link your current client to the Bronze tier, you can construct a distribution tenant.
Up to one multi-tenant distribution may be linked to each tenant. In addition to assigning custom parameter values like origin domains and origin pathways, you may add one or more of your customers’ domains to a distribution tenant. The security setup and TLS certificate of a multi-tenant distribution can be passed down to a distribution tenant. Additionally, you have the option to modify the tenant security setup or attach a fresh certificate made just for the tenant.
Once the distribution tenant has been successfully formed, you can complete this step by creating a CNAME directed to the CloudFront application endpoint and modifying a DNS record to direct traffic to the domain in this distribution tenancy.
By upgrading those distribution tenants to a real multi-tenant distribution, you may move your clients from Bronze to Silver levels as their business needs grow.
Amazon find domains linked to dormant customer accounts that may be securely retired as part of the monthly maintenance procedure. You can remove a multi-tenant distribution that is associated with the Bronze tier if you have made the decision to deprecate it and move all of your current Bronze tier clients to the Silver tier.
By default, all of your CloudFront traffic is handled by a single connection group in your AWS account. To create multiple connection groups and have greater control over traffic management and tenant isolation, you may enable Connection group in the Settings menu located in the left navigation pane.
Thank you for your Interest in Cloud Computing. Please Reply