Announcing the Launch of Amazon CloudFront SaaS Manager
Amazon Web Services (AWS) has officially introduced a powerful new tool, the Amazon CloudFront SaaS Manager. This feature is designed to assist Software-as-a-Service (SaaS) providers, web development platform providers, and companies managing multiple brands and websites to deliver content more efficiently across numerous domains. CloudFront is already well-regarded for its ability to securely deliver content with low latency and high transfer speeds. Now, with the introduction of the CloudFront SaaS Manager, AWS addresses a significant challenge faced by organizations: the management of tenant websites at scale, each requiring Transport Layer Security (TLS) certificates, distributed denial-of-service (DDoS) protection, and performance monitoring.
Key Features of CloudFront SaaS Manager
The CloudFront SaaS Manager streamlines operations for web development platforms and SaaS providers managing a vast number of domains. It leverages simple APIs and reusable configurations that integrate with CloudFront edge locations globally, AWS Web Application Firewall (WAF), and AWS Certificate Manager. This can considerably reduce operational complexity while ensuring high-performance content delivery and robust security for each customer domain.
Understanding Multi-Tenant SaaS Deployments
In CloudFront, users can employ multi-tenant SaaS deployments, a strategy where a single CloudFront distribution serves content for various distinct tenants, be it users or organizations. The CloudFront SaaS Manager introduces a new template-based distribution model known as a multi-tenant distribution. This model facilitates content delivery across multiple domains while sharing configuration and infrastructure. However, for supporting individual websites or applications, a standard distribution is recommended.
A template distribution defines the foundational configuration that will be utilized across domains, encompassing origin configurations, cache behaviors, and security settings. Each template distribution includes a distribution tenant to represent domain-specific origin paths or origin domain names, including web access control list (ACL) overrides and custom TLS certificates.
Utilizing CloudFront SaaS Manager: A Practical Example
To better illustrate the capabilities of the CloudFront SaaS Manager, consider a hypothetical company, MyStore, a popular e-commerce platform aiding customers in setting up and managing online stores. MyStore’s tenants already benefit from outstanding customer service, security, reliability, and ease of use, with minimal setup required to get a store operational, achieving a 99.95% uptime over the past year.
MyStore’s customers are spread across three pricing tiers: Bronze, Silver, and Gold, with each customer assigned a persistent mystore.app subdomain. Different customer segments, customized settings, and operational regions can be applied to these tiers. For instance, the Gold tier can include the AWS WAF service as an advanced feature. MyStore is evaluating CloudFront to reduce operational overhead, eliminating the need to maintain their own web servers for handling TLS connections and security for their growing number of hosted applications.
Configuring CloudFront SaaS Manager for MyStore
For MyStore, configuring customer websites distributed across multiple tiers with the CloudFront SaaS Manager involves creating a multi-tenant distribution. This acts as a template for each of the three pricing tiers offered by MyStore: Bronze, Silver, and Gold, as seen under the Multi-tenant distribution in the SaaS menu on the Amazon CloudFront console.
To create a multi-tenant distribution, users select “Create distribution” and choose “Multi-tenant architecture” if multiple websites or applications are to share the same configuration. The process involves providing basic details such as a name for the distribution, tags, and wildcard certificate, specifying origin type and location for the content, and enabling security protections with AWS WAF web ACL features.
Once the multi-tenant distribution is successfully created, users can create a distribution tenant by choosing “Create tenant” in the Distribution tenants menu. This allows the addition of active customers to be associated with the Bronze tier.
Managing Distribution Tenants
Each tenant can be linked to one multi-tenant distribution. Distribution tenants can inherit the TLS certificate and security configuration from their associated multi-tenant distribution. Alternatively, a new certificate can be attached specifically for the tenant, or the tenant security configuration can be overridden. After creating a distribution tenant, the final step involves updating a DNS record to route traffic to the domain within this distribution tenant and creating a CNAME pointed to the CloudFront application endpoint.
Upgrading and Decommissioning
With business needs growing, customers can be upgraded from Bronze to Silver tiers by moving distribution tenants to the appropriate multi-tenant distribution. During regular maintenance, domains associated with inactive customer accounts can be decommissioned. Should MyStore decide to deprecate the Bronze tier and migrate all customers to the Silver tier, they can delete the multi-tenant distribution associated with the Bronze tier.
Connection Groups for Enhanced Traffic Management
AWS accounts have a default connection group managing all CloudFront traffic. However, users can enable the Connection group in the Settings menu to create additional connection groups. This offers greater control over traffic management and tenant isolation.
Availability and Further Information
The Amazon CloudFront SaaS Manager is now available. For more details, users can visit the CloudFront SaaS Manager product page and the documentation page. To explore SaaS on AWS, visit the AWS SaaS Factory. AWS encourages users to try CloudFront SaaS Manager in the CloudFront console and provide feedback through AWS re:Post for Amazon CloudFront or their usual AWS Support contacts.
For those interested in a deeper dive into the technical setup and customization options, resources such as the Amazon CloudFront Developer Guide are invaluable. They provide comprehensive insights into configuring multi-tenant distributions, creating custom connection groups, and updating distributions.
In summary, the Amazon CloudFront SaaS Manager is a robust tool designed to simplify the lives of SaaS providers and companies managing multiple brands and websites. By reducing operational complexity and enhancing performance and security, it stands to revolutionize content delivery for organizations worldwide.
For more Information, Refer to this article.
