Extending your SaaS platform with AWS Lambda

Software program as a service (SaaS) suppliers repeatedly add new options and capabilities to their merchandise to satisfy their rising buyer wants. As enterprises undertake SaaS to scale back the entire price of possession and concentrate on enterprise priorities, they anticipate SaaS suppliers to allow customization capabilities.

Many SaaS suppliers permit their prospects (tenants) to supply customer-specific code that’s triggered as a part of numerous workflows by the SaaS platform. This extensibility mannequin permits prospects to customise system habits and add wealthy integrations, whereas permitting SaaS suppliers to prioritize engineering assets on the core SaaS platform and keep away from per-customer customizations.

To simplify expertise for enterprise builders to construct on SaaS platforms, SaaS suppliers are providing the power to host tenant’s code contained in the SaaS platform. This weblog gives architectural steering for working customized code on SaaS platforms utilizing AWS serverless applied sciences and AWS Lambda with out the overhead of managing infrastructure on both the SaaS supplier or buyer facet.

Vendor-hosted extensions

With vendor-hosted extensions, the SaaS platform runs the shopper code in response to occasions that happen within the SaaS software. On this mannequin, the heavy-lifting of managing and scaling the code launch surroundings is the accountability of the SaaS supplier.

To host and run customized code, SaaS suppliers should think about isolating the surroundings that runs untrusted customized code from the core SaaS platform, as detailed in Determine 1. This introduces extra challenges to handle safety, price, and utilization.

Determine 1. Distribution of accountability between Buyer and SaaS platform with vendor-hosted extensions

Utilizing AWS serverless companies to run customized code

Utilizing AWS serverless applied sciences removes the duties of infrastructure provisioning and administration, as there aren’t any servers to handle, and SaaS suppliers can make the most of automated scaling, excessive availability, and safety, whereas solely paying for worth.

Instance use case

Let’s take an instance of a easy SaaS to-do listing software that helps the power to provoke customized code when a brand new to-do merchandise is added to the listing. This software is utilized by prospects who provide customized code to counterpoint the content material of newly added to-do listing gadgets. The necessities for the answer include:

• Customized code supplied by every tenant ought to run in isolation from all different tenants and from the SaaS core product
• Observe every buyer’s utilization and value of AWS assets
• Potential to scale per buyer

Resolution overview

The SaaS software in Determine 2 is the core software utilized by prospects, and every buyer is taken into account a separate tenant. For the sake of brevity, we assume that the shopper code was already saved in an Amazon Easy Storage Service (Amazon S3) bucket as a part of the onboarding. When an eligible occasion is generated within the SaaS software on account of person motion, like a brand new to-do merchandise added, it will get propagated right down to securely launch the related buyer code.

Determine 2. Instance use case structure

Walkthrough of customized code run

Let’s element the initiation movement of customized code when a person provides a brand new to-do merchandise:

1. An occasion is generated within the SaaS software when a person performs an motion, like including a brand new to-do listing merchandise. To increase the SaaS software’s habits, this occasion is linked to the customized code. Every occasion comprises a tenant ID and any extra information handed as a part of the payload. Every of those occasions is an “initiation request” for the customized code Lambda operate.
2. Amazon EventBridge is used to decouple the SaaS Utility from occasion processing implementation specifics. EventBridge makes it simpler to construct event-driven purposes at scale and retains the long run prospect of including extra shoppers. In case of surprising failure in any downstream service, EventBridge retries sending occasions a set variety of instances.
3. EventBridge sends the occasion to an Amazon Easy Queue Service (Amazon SQS) queue as a message that’s subsequently picked up by a Lambda operate (Dispatcher) for additional routing. Amazon SQS allows decoupling and scaling of microservices and in addition gives a buffer for the occasions which might be awaiting processing.
4. The Dispatcher polls the messages from SQS queue and is liable for routing the occasions to respective tenants for additional processing. The Dispatcher retrieves the tenant ID from the message and performs a lookup within the database (we advocate Amazon DynamoDB for low latency), retrieves tenant SQS Amazon Useful resource Identify (ARN) to find out which queue to route the occasion. To additional enhance efficiency, you possibly can cache the tenant-to-queue mapping.
5. The tenant SQS queue acts as a message retailer buffer and is configured as an occasion supply for a Lambda operate. Utilizing Amazon SQS as an occasion supply for Lambda is a standard sample.
6. Lambda executes the code uploaded by the tenant to carry out the specified operation. Frequent utility and administration code (together with logging and telemetry code) is stored in Lambda layers that get added to each customized code Lambda operate provisioned.
7. After performing the specified operation on information, customized code Lambda returns a worth again to the SaaS software. This completes the run cycle.

This structure permits SaaS purposes to create a self-managed queue infrastructure for working customized code for tenants in parallel.

Tenant code add

The SaaS platform can permit prospects to add code both via a person interface or utilizing a command line interface that the SaaS supplier gives to builders to facilitate importing customized code to the SaaS platform. Uploaded code is saved within the customized code S3 bucket in .zip format that can be utilized to provision Lambda features.

Customized code Lambda provisioning

The tenant surroundings features a tenant SQS queue and a Lambda operate that polls initiation requests from the queue. This Lambda operate serves a number of functions, together with:

1. It polls messages from the SQS queue and constructs a JSON payload that can be despatched an enter to customized code.
2. It “wraps” the customized code supplied by the shopper utilizing boilerplate code, in order that customized code is totally abstracted from the processing implementation specifics. For instance, we are not looking for customized code to know that the payload it’s getting is coming from Amazon SQS or concentrate on the vacation spot the place launch outcomes can be despatched.
3. As soon as customized code initiation is full, it sends a notification with launch outcomes again to the SaaS software. This may be finished instantly by way of EventBridge or Amazon SQS.
4. This widespread code might be shared throughout tenants and deployed by the SaaS supplier, both as a library or as a Lambda layer that will get added to the Lambda operate.

Every Lambda operate execution surroundings is totally remoted by utilizing a mixture of open-source and proprietary isolation applied sciences, it lets you handle the danger of cross-contamination. By having a separate Lambda operate provisioned per-tenant, you obtain the best degree of isolation and profit from with the ability to observe per-tenant prices.

Conclusion

On this weblog publish, we explored the necessity to prolong SaaS platforms utilizing customized code and why AWS serverless applied sciences—utilizing Lambda and Amazon SQS—could be a good match to perform that. We additionally checked out an answer structure that may present the required tenant isolation and is cost-effective for this use case.

For extra info on constructing purposes with Lambda, go to Serverless Land. For greatest practices on constructing SaaS purposes, go to SaaS on AWS.