Architecture

Multi-Tenant SaaS System Architecture

System Flow Diagram

Client Request → Cloudflare WAF → Next.js App Router (Middleware)
                                                     ↓ (Extract Tenant Context)
                                         Tenant DB Routing Layer
                                                     ↓
                           ┌─────────────────────────┼─────────────────────────┐
                           ↓                         ↓                         ↓
                    Tenant A Database         Tenant B Database         Shared Redis Cache

Request Workflow & Logic

The client requests a subdomain (tenant1.vayqube.com). Cloudflare resolves the domain to the API Gateway. The application middleware extracts the tenant ID, fetches database connection details, and maps the context to a dedicated database instance.

Engineering Considerations

Tenant Routing

Middleware extracts subdomain name dynamically, avoiding database hits on every request by caching lookups in Redis.

Database Isolation

Dedicated connection pools for enterprise clients ensure zero risk of data leakage.

Migration Management

Run migrations programmatically across all tenant databases sequentially using migration scripts.

Recommended Infrastructure Stack

Service	Purpose / Role
AWS ECS Fargate	Serverless container orchestration for stateless API nodes.
Amazon Aurora Serverless	Auto-scaling PostgreSQL database instances per tenant.
Redis ElastiCache	Caches tenant config and active subscription profiles.
Cloudflare SSL for SaaS	Handles custom domains and dynamically issues SSL certificates.

Security Isolation Policy

Isolate database credentials in AWS Secrets Manager and restrict tenant access via IAM roles.

DevOps & Deployment Configuration

Deploy new tenants using Terraform plans triggered by webhook signals from the billing system.