Recently I have been developing a multi tenant system in where each user was assigned an EC2 that contained a full stack deployment of a web app. This EC2 also needed to have access to access to a folder in a S3 bucket where the tenant could upload anything they want but only to their designated folder in the bucket.
This posed quite a challenge to make this scaleable (i.e I want to make the policy once, and it should scale regardless of how many tenant I sign on) as I discovered many different account limitations with different approaches.
One method of achieving this was to assign 1 IAM User per Tenant. I can then make a policy that is attached to each user saying that "Tenant X can only access X Folder in this bucket". Great solution, but we have our first hiccup.
AWS limits the amount of users to 5,000. This means I can only onboards up to 5000 tenants before having to create another AWS account. Not ideal.
Top comments (0)