SaaS Architecture Advisor

Overview

This skill helps teams design and implement multi-tenant SaaS architectures by evaluating isolation strategies, generating tenant routing patterns, and recommending the right tradeoffs based on scale, compliance requirements, and budget constraints.

Instructions

Step 1: Gather Context

Before recommending anything, establish:

• Scale: Expected tenant count (year 1 and year 3)
• Tenant size: Users per tenant (range and distribution)
• Compliance: SOC2, HIPAA, GDPR, or contractual isolation requirements
• Stack: Database, language, framework, hosting
• Budget: Monthly infrastructure budget
• Data sensitivity: What kind of data tenants store
• Customization needs: Do tenants need custom fields, workflows, or branding?

Step 2: Evaluate Tenancy Models

Present trade-offs for these models:

Shared Everything (single DB, shared tables, tenant_id column):

• Best for: <1,000 tenants, uniform data model, no strict isolation requirements
• Cost: Lowest ($1 DB serves all tenants)
• Risk: Query bugs can leak data; noisy neighbor issues
• Mitigation: Row-level security (PostgreSQL RLS), application-layer checks

Schema per Tenant (single DB, separate schemas):

• Best for: 50-500 tenants, moderate isolation needs
• Cost: Low (single DB instance, logical separation)
• Risk: Migration complexity scales with tenant count; catalog bloat
• Mitigation: Automated migration tooling, connection pooling with schema switching

Database per Tenant (dedicated DB per tenant):

• Best for: <100 tenants, strict compliance, large enterprise clients
• Cost: Highest ($274+/mo per tenant on RDS)
• Risk: Operational overhead managing N databases
• Mitigation: Infrastructure-as-code templates, centralized monitoring

Hybrid (shared for standard, dedicated for enterprise):

• Best for: Mixed tenant base with some requiring isolation
• Cost: Moderate (shared DB + N dedicated for premium)
• Trade-off: Two code paths, but repository pattern abstracts them

Step 3: Design Tenant Routing

Recommend routing strategy based on the application type:

• Subdomain routing: tenant.app.com — best for B2B SaaS
• Path routing: app.com/tenant/ — simpler SSL, good for internal tools
• Header routing: X-Tenant-ID — API-first products
• JWT claim: tenant_id in token — serverless/stateless architectures

Step 4: Address Cross-Cutting Concerns

For each recommendation, cover:

• Rate limiting: Per-tenant to prevent noisy neighbors
• Billing metering: How to track usage per tenant
• Background jobs: Tenant context propagation to workers/queues
• Caching: Tenant-namespaced cache keys
• Search: Filtered indices or per-tenant indices
• Audit logging: Tenant-scoped audit trails

Step 5: Generate Implementation Artifacts

Produce:

• Database schema with tenant isolation mechanisms
• Middleware/interceptor code for tenant context
• Repository pattern that abstracts tenancy
• Tenant provisioning/deprovisioning scripts
• Migration strategy for existing single-tenant apps

Examples

Example 1: Early-Stage SaaS

User prompt:

We have 30 tenants and expect 200 in a year. PostgreSQL, no compliance needs yet. What tenancy model?

Agent output:

Recommendation: Shared database with RLS

At 200 tenants with no compliance requirements, a single PostgreSQL database
with row-level security gives you the best simplicity-to-isolation ratio.

Implementation:
1. Add tenant_id UUID column to all tenant-scoped tables
2. Enable RLS: ALTER TABLE <table> ENABLE ROW LEVEL SECURITY;
3. Create policies: USING (tenant_id = current_setting('app.tenant_id')::UUID)
4. Set tenant context per request in middleware via SET LOCAL

Cost: Single db.t3.medium handles this easily at ~$50/month.
Migration path: If you later need dedicated DBs for enterprise clients,
the repository pattern lets you route specific tenants without changing app code.

Example 2: Healthcare SaaS Requiring HIPAA

User prompt:

Building a patient records SaaS. 50 clinic tenants, HIPAA required. Budget: $5k/month infra.

Agent output:

Recommendation: Database per tenant

HIPAA requires demonstrable data isolation. At 50 tenants, per-tenant databases
are operationally feasible and satisfy compliance auditors.

Architecture:
- Tenant registry DB (shared): Stores tenant metadata + routing config
- Per-tenant RDS instances: db.t3.medium ($50/mo each) = $2,500/mo for 50
- Connection routing: Middleware resolves tenant → connection string from registry
- Encryption: RDS encryption at rest + tenant-specific KMS keys

Budget fit: $2,500 for DBs + $1,000 compute + $500 other = $4,000/mo ✅

Key HIPAA controls addressed:
- Physical data isolation (separate DB instances)
- Per-tenant encryption keys (KMS)
- Tenant-scoped audit logs
- Independent backup/restore per tenant

Guidelines

• No one-size-fits-all — always evaluate against the specific context before recommending
• Start simple, migrate up — recommend the simplest model that meets requirements; overengineering multi-tenancy is expensive
• RLS is not optional for shared databases — application-layer filtering alone is insufficient; one missed WHERE clause = data breach
• Test tenant isolation — always recommend integration tests that verify queries cannot access other tenants' data
• Plan for the migration path — even if starting with shared DB, design the data access layer so switching to dedicated DBs later is feasible
• Background jobs are the blind spot — tenant context often gets lost in async flows; always address this explicitly