CloudOpsConsole

the platform journey

From browser to bedrock, in five panels.

The five primitives that make a multi-tenant SaaS on EKS feel boring in the best way.

01 · isolation

Every query. Every tenant. Zero trust.

Postgres RLS with FORCE. Tenant context bound at JWT verify, then attached to the connection for the lifetime of the request. A forgotten WHERE clause can't leak across tenants.

migrations/003_rls.sql
1ALTER TABLE orders ENABLE ROW LEVEL SECURITY;
2ALTER TABLE orders FORCE ROW LEVEL SECURITY;
3
4CREATE POLICY tenant_isolation ON orders
5 FOR ALL
6 USING (tenant_id = current_setting('app.tenant_id'));

02 · workflows

Durable by default. State that survives a node crash.

Step Functions drives the checkout saga end-to-end. Kinesis broadcasts order events to downstream consumers. Both are at-least-once with idempotency keys baked into the contract.

ReserveChargeFulfillEmailDone

03 · visibility

Three signals. Browser → Lambda → Postgres.

OpenTelemetry covers spans, metrics, and logs. Every tenant attribute is auto-propagated. A single trace shows the whole journey, including the WebSocket fanout.

appSDKOTelcollectorspansmetricslogs

04 · defense

Five layers, no soft middle.

WAF at the edge, HSTS + CSP at the transport, JWT verify in the API gateway, RLS at the database, append-only audit log on the side. Defence-in-depth without surprise dependencies.

  • 1WAFrate · OWASP
  • 2TLS / HSTSedge
  • 3JWT verifyJWKS rotate
  • 4Postgres RLSforce
  • 5Audit logappend-only

05 · shipping

Approval gates. Digest-pinned. Zero-downtime.

Build → cosign → trivy → manual approval → kubectl rollout. /ready verifies, or kubectl rolls back. The same pipeline runs every PR.