k

A Multi-tenant Architecture for SaaS Web Application on AWS

For testing programs that need to manage accommodations requests

Client

The client is the industry leader in providing credentialing programs with expert review of test accommodations requests and accessibility consultation, was looking for MeU Solutions to build a secure SaaS-based application hosted in the Cloud for testing programs that need to manage accommodations requests. It is a flexible and easy-to-use application for the disability people, focusing on accessibility issues and disability compliance.

Challenges

  • Easy to use but secure app for individuals with disabilities, making UX design to compliance with 508 standards.
  • HIPAA, GDPR compliance implementation to ensure the privacy and security of the patient’s data (ePHI).
  • Building high availability web apps with zero downtime deployment strategy, auto-scaling of app servers, and database servers.

Solutions

  • Utilizing AWS’s architected framework such as EC2, S3, Lambda, Terraform, Cloudwatch logs, ALC, KMS, PostgreSQL (RDS), GuardDuty, EBS, AMI, Kinesis, CloudTrail, Load balancer, API Gateway.
  • Multi-tenant database infrastructure. Use HashIds and UUID for data reference across tables.
  • Programming: PHP/Lavarel, Nodejs
  • The testing team performs the functional test, accessibility test, usability test, penetration test (OWASP practice), and performance test.

Results

  • Release the web application that meets HIPAA technical safeguard compliance, Operating System, and web server are hardening to against the attackers.
  • Entire infrastructure can be deployed in less than an hour in an event of a disaster, thus reducing the recovery time significantly.
  • A lot of functions were applied to use Lambda, reducing dependency on EC2 instances.
  • Cost of infrastructure reduced by using a multi-tenant model. Separate EC2 instances are not required for various customers.

Case Study Full Version

    Previous Project