Home > Net >  Manage multiple customers with AWS IoT
Manage multiple customers with AWS IoT

Time:10-19

I'm architecturing my product around aws technology, mainly using IoT. After reading about all the services, I will probably using Kinesis, Lambda and Greengrass.

Is it doable to manage all customers on the same AWS organization? Is it advised or a common pratice?

I believe having one organization per customer would make it safer, since it would be a more isolated environment, but on the other hand, it also means I would need to replicate the lambda functions, greengrass components (recipes and more) for each customer, and most likely manage permissions better, involving a big work on the CI to automate all of this.

Is one AWS organization per customer the way to go? Or how else should I split my resources? Thanks

EDIT: Addressing @John Rotenstein questions. They will not have direct access to AWS, but they will have access to a dashboard (to which they will need to identify) to read metrics about their resources (e.g temperature sensor). Of course, others' resources should not be accessible. The data needs to be identified to a particular customer (so we can provide metrics directly to them through the dashboard they will have access to). Regarding how data is stored, it could be in different DB or account (the current question is about this, so not sure yet). Finally, the customer will follow a subscription model.

CodePudding user response:

Unless you have a particular need to keep data separate, it would make most sense to:

  • Use the same infrastructure for all customers
  • Keep all information in the same data stores
  • Put business logic within your back-end apps to separate customer data

For example, when a customer makes a request to access their data, they would presumably communicate with your application. They would authenticate to the app, and the app would determine what data they are entitled to access. It can then query data in the storage layer that is specific to them as a customer.

Compare this to Facebook -- they don't have a "separate Facebook" for every user. Instead, the data is all co-mingled and there is application logic that determines what information a particular user can access.

The only reason to use separate data stores or separate AWS Accounts would be if there is some security requirement that prohibits customer data to be stored together, or if it is necessary to separately account for AWS costs between customers.

  • Related