In the previous story, we introduced multi-tenancy models with AWS Cognito. We have chosen the multi-tenant approach based on user pools. In this story, we are going to do the implementation.
The above architecture shows the level of isolation of the tenants. Each tenant has their own user pool on AWS cognito (Tenant A -> User Pool A, Tenant B -> User Pool B, Tenant C -> User Pool C).
We’ve used Amazon DynamoDB, storing each tenant identifier and the user pools credentials.
Step 1: The tenant users send requests with tenant identifier (X-Tenant) in http header.
Step 2: The Java Core application intercepts the X-Tenant header and checks if the tenant exists in DynamoDb (with AWS SDK). Next, retrieves the credentials of the tenant’s user pool.
Step 3: With the credentials of the tenant’s user pool, we can interact with the corresponding tenant’s user pool in Cognito.
Getting Started
For this example, we will implement three endpoints /sign-up, /sign-in, /logout.
We will start by creating a multi-module project with Spring Boot.
Project Structure
- web: api entry point.
- user-manager: Connects the API to aws cognito with the corresponding credentials..
- tenant-manager: Stores and manages tenant user pool credentials in DynamoDB.
- common: Component shared between other modules.
Test the REST APIs:
Run the Spring Boot Application.
- Register a user
2. User sign-in
3. Logout
Conclusion
This User pool-based multi-tenancy model require high development and operation effort. You need to build tenant onboarding and administration components into your application that uses Amazon Cognito API operations and automation tools.
The complete source code can be found in my GitHub repository.
Hope this was helpful and looking forward to hearing your thoughts
