IaC in SaaS World

  1. Tenant Isolation at Account Level.
  2. Tenant Isolation at Amazon VPC Level.
  3. Tenant Isolation at VPC Subnet Layer.
  4. Tenant Isolation at Container Layer.
  5. Tenant Isolation at the Application Layer.
  1. Each new deployment infrastructure should have security group rules.
  2. Infrastructure sizing should be precise.
  3. Proper tagging of resources to keep billing simple.
  4. Automated infrastructure monitoring for newly provisioned infrastructure.
  5. Decommission infrastructure when not needed.
  6. Audit changes to already created infrastructure.
  1. Since we were running docker image on demand every execution was generating a new tfstate file. We had to keep track of it because during decommission phase we need the exact tfstate file back. We were uploading the current tfstate file on s3 and in DB we used to store mapping for it. e.g.for this deployment this is the s3 path of tfstate so that later on while decommissioning we will get it back from s3.
  2. For creating the AWS account we need a new email address you can’t have the same email address for the root account for more than 1 AWS account. Creating a new email id for each AWS account can be costly as enterprise plans of Microsoft/Google charge you per email id e.g. for Synerzip’s Gsuite account it’s 10$/id all we need is just an email id, not services related to Gsuite we solved this by creating only 1 email id and kept adding an alias to it.
  3. Once infra is created all this infra information needs to be used to do application deployment. The output that Terraform generates has tons of information so we had to massage this output and pass it to the application whose task is to do the deployment. Once terraform finished its task it will store massaged output in s3 and will inform the application via SQS.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dipesh Rane

Dipesh Rane

Solutions Architect - I love working with engineering team and keen to learn with them to build innovative products using cutting edge technologies.