From e872bf911bed33344cffa9e79517602698c82005 Mon Sep 17 00:00:00 2001 From: purohmid Date: Fri, 20 Feb 2026 12:40:27 -0600 Subject: [PATCH 01/18] SQL Lambda Tenant Isolation --- sqs-lambda-tenant-isolation-sam-py/README.md | 61 ++++++++++++++++ .../example-pattern.json | 49 +++++++++++++ .../sqs-processor/index.py | 29 ++++++++ .../sqs-processor/requirements.txt | 1 + .../template.yml | 69 +++++++++++++++++++ .../tenant-isolated-processor/index.py | 16 +++++ .../requirements.txt | 1 + 7 files changed, 226 insertions(+) create mode 100644 sqs-lambda-tenant-isolation-sam-py/README.md create mode 100644 sqs-lambda-tenant-isolation-sam-py/example-pattern.json create mode 100644 sqs-lambda-tenant-isolation-sam-py/sqs-processor/index.py create mode 100644 sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt create mode 100644 sqs-lambda-tenant-isolation-sam-py/template.yml create mode 100644 sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/index.py create mode 100644 sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md new file mode 100644 index 000000000..196251b30 --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -0,0 +1,61 @@ +# Lambda Tenant Isolation with SQS + +This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. + +## Key Features + +- Tenant isolation at infrastructure level (no custom routing logic) +- Execution environments never shared between tenants +- Asynchronous invocation pattern +- Automatic tenant context propagation + +Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/sqs-lambda-tenant-isolation) + +Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. + + +## Architecture + +``` +SQS Queue → SQS Processor Lambda → Tenant-Isolated Lambda + (reads customer-id) (processes with tenant isolation) +``` + +## Components + +### 1. SQS Processor (`sqs-processor/`) +- Triggered by SQS queue messages +- Extracts `customer-id` from message payload +- Invokes tenant-isolated Lambda asynchronously with `TenantId` parameter + +### 2. Tenant-Isolated Processor (`tenant-isolated-processor/`) +- Configured with tenant isolation mode enabled +- Processes requests in isolated execution environments per tenant +- Accesses tenant ID via `context.identity.tenant_id` + +## Message Format + +```json +{ + "data": "your payload here" +} +``` + +## Deployment + +```bash +sam build +sam deploy --guided +``` + +## Testing + +Send a message to the SQS queue: + +```bash +aws sqs send-message \ + --queue-url \ + --message-body '{"data": "test payload"}' +``` + + diff --git a/sqs-lambda-tenant-isolation-sam-py/example-pattern.json b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json new file mode 100644 index 000000000..680761977 --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json @@ -0,0 +1,49 @@ +{ + "title": "AWS Lambda Tenant Isolation with SQS", + "description": "Lambda Isolation feature", + "language": "", + "level": "200", + "framework": "AWS SAM", + "introBox": { + "headline": "How it works", + "text": [ + "This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application." + ] + }, + "gitHub": { + "template": { + "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/sqs-lambda-tenant-isolation-sam-py", + "templateURL": "serverless-patterns/sqs-lambda-tenant-isolation-sam-py", + "projectFolder": "sqs-lambda-tenant-isolation-sam-py" + } + }, + "resources": { + "bullets": [{ + "text": "AWS Lambda tenant isolation", + "link": "https://docs.aws.amazon.com/lambda/latest/dg/tenant-isolation.html" + } + ] + }, + "deploy": { + "text": ["sam build", "sam deploy --guided"] + }, + "testing": { + "text": ["See the GitHub repo for detailed testing instructions."] + }, + "cleanup": { + "text": ["Delete the stack: sam delete."] + }, + "authors": [{ + "name": "Mitesh Purohit", + "image": "", + "bio": "Sr Solution Architect, AWS", + "linkedin": "https://www.linkedin.com/in/mitup/" + }, + { + "name": "Ricardo Marques", + "image": "", + "bio": "Sr Serverless Specialist, AWS", + "linkedin": "https://www.linkedin.com/in/ricardo-marques-aws/" + } +] +} \ No newline at end of file diff --git a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/index.py b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/index.py new file mode 100644 index 000000000..fca8a902d --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/index.py @@ -0,0 +1,29 @@ +import json +import boto3 +import os + +lambda_client = boto3.client('lambda') +TENANT_ISOLATED_FUNCTION = os.environ['TENANT_ISOLATED_FUNCTION_NAME'] + +def handler(event, context): + for record in event['Records']: + body = json.loads(record['body']) + + # Get message group ID from SQS attributes + attributes = record.get('attributes') or {} + message_group_id = attributes.get('MessageGroupId') + + if not message_group_id: + print(f"Missing MessageGroupId in SQS record: {record}") + message_group_id = "default" + + lambda_client.invoke( + FunctionName=TENANT_ISOLATED_FUNCTION, + InvocationType='Event', + Payload=json.dumps(body), + TenantId=message_group_id + ) + + print(f"Invoked tenant-isolated function for messagegroup: {message_group_id}") + + return {'statusCode': 200} diff --git a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt new file mode 100644 index 000000000..f6315cd5c --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt @@ -0,0 +1 @@ +boto3>=1.26.0 diff --git a/sqs-lambda-tenant-isolation-sam-py/template.yml b/sqs-lambda-tenant-isolation-sam-py/template.yml new file mode 100644 index 000000000..080cfa065 --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/template.yml @@ -0,0 +1,69 @@ +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 +Description: Lambda Tenant Isolation Demo + +Resources: + ProcessingQueue: + Type: AWS::SQS::Queue + Properties: + QueueName: tenant-isolation-queue + VisibilityTimeout: 300 + + TenantIsolatedFunctionRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + + TenantIsolatedFunction: + Type: AWS::Serverless::Function + Properties: + FunctionName: tenant-isolated-processor + CodeUri: tenant-isolated-processor/ + Handler: index.handler + Runtime: python3.12 + Timeout: 120 + Role: !GetAtt TenantIsolatedFunctionRole.Arn + TenancyConfig: + TenantIsolationMode: PER_TENANT + + SQSProcessorFunction: + Type: AWS::Serverless::Function + Properties: + FunctionName: sqs-processor + CodeUri: sqs-processor/ + Handler: index.handler + Runtime: python3.12 + Timeout: 60 + Environment: + Variables: + TENANT_ISOLATED_FUNCTION_NAME: !Ref TenantIsolatedFunction + Policies: + - Statement: + - Effect: Allow + Action: + - lambda:InvokeFunction + Resource: !GetAtt TenantIsolatedFunction.Arn + Events: + SQSEvent: + Type: SQS + Properties: + Queue: !GetAtt ProcessingQueue.Arn + BatchSize: 10 + +Outputs: + QueueUrl: + Value: !Ref ProcessingQueue + QueueArn: + Value: !GetAtt ProcessingQueue.Arn + TenantIsolatedFunctionArn: + Value: !GetAtt TenantIsolatedFunction.Arn + SQSProcessorFunctionArn: + Value: !GetAtt SQSProcessorFunction.Arn diff --git a/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/index.py b/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/index.py new file mode 100644 index 000000000..d5432f88e --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/index.py @@ -0,0 +1,16 @@ +import json + +def handler(event, context): + tenant_id = context.tenant_id + + print(f"Processing request for tenant: {tenant_id}") + print(f"Event data: {json.dumps(event)}") + + # Process tenant-specific logic here + result = { + 'tenant_id': tenant_id, + 'message': 'Request processed successfully', + 'data': event + } + + return result diff --git a/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt new file mode 100644 index 000000000..d2ce485de --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt @@ -0,0 +1 @@ +# No external dependencies required From 13b40154b0849862318cccacc2d39c2667da54bb Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Tue, 10 Mar 2026 12:21:48 -0500 Subject: [PATCH 02/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 22 ++++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 196251b30..ebad2055e 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -13,13 +13,12 @@ Learn more about this pattern at [Serverless Land Patterns](https://serverlessla Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. +## Requirements -## Architecture - -``` -SQS Queue → SQS Processor Lambda → Tenant-Isolated Lambda - (reads customer-id) (processes with tenant isolation) -``` +* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured +* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) +* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed ## Components @@ -41,13 +40,20 @@ SQS Queue → SQS Processor Lambda → Tenant-Isolated Lambda } ``` -## Deployment +## Deployment Instructions ```bash sam build sam deploy --guided ``` +## How it works + +``` +SQS Queue → SQS Processor Lambda → Tenant-Isolated Lambda + (reads customer-id) (processes with tenant isolation) +``` + ## Testing Send a message to the SQS queue: @@ -57,5 +63,3 @@ aws sqs send-message \ --queue-url \ --message-body '{"data": "test payload"}' ``` - - From c7e84061b0eefd3bac5b84f8c8a495d5ab48f082 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Tue, 10 Mar 2026 12:25:44 -0500 Subject: [PATCH 03/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index ebad2055e..37bcaafb5 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,4 +1,4 @@ -# Lambda Tenant Isolation with SQS +# AWS Lambda Tenant Isolation with SQS This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. @@ -63,3 +63,5 @@ aws sqs send-message \ --queue-url \ --message-body '{"data": "test payload"}' ``` + +After dropping the message, review cloudwatch log for Tenant-Isolated Lambda. Different log streams should be created for each tenant. From 0136ac4d778355a5ff1b4ef9a442ae7e50184981 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 09:06:27 -0500 Subject: [PATCH 04/18] Update sqs-lambda-tenant-isolation-sam-py/README.md Co-authored-by: Marco --- sqs-lambda-tenant-isolation-sam-py/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 37bcaafb5..6350905c1 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,4 +1,4 @@ -# AWS Lambda Tenant Isolation with SQS +# AWS Lambda Tenant Isolation with Amazon SQS This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. From 8f8c5191d5b6769527a24dbc6e6134bc943f05de Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 09:06:51 -0500 Subject: [PATCH 05/18] Update sqs-lambda-tenant-isolation-sam-py/README.md Co-authored-by: Marco --- sqs-lambda-tenant-isolation-sam-py/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 6350905c1..24ea1b5e2 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,6 +1,6 @@ # AWS Lambda Tenant Isolation with Amazon SQS -This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. +This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. ## Key Features From 129ba75a2b133a05a348c42d1baa7b03197d4cb2 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 09:07:07 -0500 Subject: [PATCH 06/18] Update sqs-lambda-tenant-isolation-sam-py/example-pattern.json Co-authored-by: Marco --- sqs-lambda-tenant-isolation-sam-py/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/example-pattern.json b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json index 680761977..a495187ea 100644 --- a/sqs-lambda-tenant-isolation-sam-py/example-pattern.json +++ b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json @@ -1,5 +1,5 @@ { - "title": "AWS Lambda Tenant Isolation with SQS", + "title": "AWS Lambda Tenant Isolation with Amazon SQS", "description": "Lambda Isolation feature", "language": "", "level": "200", From f06f8e4da48677f1997f9f9b2983623bc44e9f87 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 09:07:30 -0500 Subject: [PATCH 07/18] Update sqs-lambda-tenant-isolation-sam-py/README.md Co-authored-by: Marco --- sqs-lambda-tenant-isolation-sam-py/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 24ea1b5e2..21b8778a4 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -9,7 +9,7 @@ This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant a - Asynchronous invocation pattern - Automatic tenant context propagation -Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/sqs-lambda-tenant-isolation) +Learn more about this pattern at [Serverless Land Patterns](https://serverlessland.com/patterns/sqs-lambda-tenant-isolation-sam-py) Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example. From 739335f89938d14897240365315c6739d7774b65 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 15:37:06 -0500 Subject: [PATCH 08/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 44 +++++++++++++++----- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 21b8778a4..74c900485 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -20,12 +20,13 @@ Important: this application uses various AWS services and there are costs associ * [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) * [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed -## Components +## How it works + +image ### 1. SQS Processor (`sqs-processor/`) - Triggered by SQS queue messages -- Extracts `customer-id` from message payload -- Invokes tenant-isolated Lambda asynchronously with `TenantId` parameter +- Invokes tenant-isolated Lambda asynchronously ### 2. Tenant-Isolated Processor (`tenant-isolated-processor/`) - Configured with tenant isolation mode enabled @@ -47,21 +48,42 @@ sam build sam deploy --guided ``` -## How it works +## Testing -``` -SQS Queue → SQS Processor Lambda → Tenant-Isolated Lambda - (reads customer-id) (processes with tenant isolation) +Step 1: + +After deploying infrastructure using SAM, run below command to get SQS Queue URL. Replace with your cloudformation stack name. + +```bash +aws cloudformation describe-stacks \ + --stack-name \ + --query "Stacks[0].Outputs[?OutputKey=='MyQueueUrl'].OutputValue" \ + --output text ``` -## Testing +Step 2: +You send messages to the SQS queue with --message-group-id set to a tenant identifier. Use below CLI command to send-message. Make sure to set --message-group-id as tenant name. Send multiple messages with different tenant name -Send a message to the SQS queue: +```bash +aws sqs send-message \ + --queue-url \ + --message-body '{"data": "test payload"}' \ + --message-group-id "tenant-blue" +``` ```bash aws sqs send-message \ --queue-url \ - --message-body '{"data": "test payload"}' + --message-body '{"data": "test payload"}' \ + --message-group-id "tenant-green" ``` -After dropping the message, review cloudwatch log for Tenant-Isolated Lambda. Different log streams should be created for each tenant. +Step 3: +The SQS processor Lambda picks up the message, reads the MessageGroupId from the SQS record attributes, and passes it as the TenantId when invoking the tenant-isolated LambdaAfter dropping the message, review cloudwatch log for Tenant-Isolated Lambda. + +aws logs describe-log-streams \ + --log-group-name /aws/lambda/tenant-isolated-processor \ + --order-by LastEventTime \ + --descending + +Different log streams should be created for each tenant. From c4d0cd219935c65e1b12c341faf84b1d5e1bc63c Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 15:39:49 -0500 Subject: [PATCH 09/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 74c900485..95bd606a9 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -30,8 +30,7 @@ Important: this application uses various AWS services and there are costs associ ### 2. Tenant-Isolated Processor (`tenant-isolated-processor/`) - Configured with tenant isolation mode enabled -- Processes requests in isolated execution environments per tenant -- Accesses tenant ID via `context.identity.tenant_id` +- Processes requests in isolated execution environments per tenant using message-group-id ## Message Format @@ -50,8 +49,7 @@ sam deploy --guided ## Testing -Step 1: - +Step 1: After deploying infrastructure using SAM, run below command to get SQS Queue URL. Replace with your cloudformation stack name. ```bash From d08d0e63d74749b4354d000e918568d339c801fc Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Wed, 8 Apr 2026 15:41:53 -0500 Subject: [PATCH 10/18] Update README.md From 5a5560e9da531701ab22a8f156d57f85465c6444 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 09:51:02 -0500 Subject: [PATCH 11/18] Update sqs-lambda-tenant-isolation-sam-py/example-pattern.json Co-authored-by: Marco --- sqs-lambda-tenant-isolation-sam-py/example-pattern.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/example-pattern.json b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json index a495187ea..30fc3a93e 100644 --- a/sqs-lambda-tenant-isolation-sam-py/example-pattern.json +++ b/sqs-lambda-tenant-isolation-sam-py/example-pattern.json @@ -1,6 +1,6 @@ { "title": "AWS Lambda Tenant Isolation with Amazon SQS", - "description": "Lambda Isolation feature", + "description": "This pattern demonstrates AWS Lambda tenant isolation with Amazon SQS fair queues for multi-tenant message processing." "language": "", "level": "200", "framework": "AWS SAM", From 95e2a75634955c4c5a5ec3891a3f815957637c89 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 11:20:55 -0500 Subject: [PATCH 12/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 95bd606a9..1a30709af 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,6 +1,6 @@ # AWS Lambda Tenant Isolation with Amazon SQS -This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant applucation and isolating messages using messagegroupid and invoking isolated lambda enviornments. +This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant application and isolating messages using messagegroupid and invoking isolated lambda enviornments. ## Key Features @@ -85,3 +85,18 @@ aws logs describe-log-streams \ --descending Different log streams should be created for each tenant. + +## Cleanup + +Delete the stack +```bash +aws cloudformation delete-stack --stack-name STACK_NAME +``` +Confirm the stack has been deleted +```bash +aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" +``` +---- +Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +SPDX-License-Identifier: MIT-0 From 173cd0dfae14a2fdf3b9558d068e7f09c696bbe9 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 11:21:43 -0500 Subject: [PATCH 13/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index 1a30709af..f309a1e6e 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,6 +1,6 @@ # AWS Lambda Tenant Isolation with Amazon SQS -This pattern demonstrate AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant application and isolating messages using messagegroupid and invoking isolated lambda enviornments. +This pattern demonstrates AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant application and isolating messages using messagegroupid and invoking isolated lambda enviornments. ## Key Features From 8a65f723dd01e61cd5849328e6864dc1caaa25c8 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 12:10:55 -0500 Subject: [PATCH 14/18] Update README.md --- sqs-lambda-tenant-isolation-sam-py/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/README.md b/sqs-lambda-tenant-isolation-sam-py/README.md index f309a1e6e..784f32c3c 100644 --- a/sqs-lambda-tenant-isolation-sam-py/README.md +++ b/sqs-lambda-tenant-isolation-sam-py/README.md @@ -1,6 +1,6 @@ # AWS Lambda Tenant Isolation with Amazon SQS -This pattern demonstrates AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant application and isolating messages using messagegroupid and invoking isolated lambda enviornments. +This pattern demonstrates AWS Lambda's tenant isolation feature in Multi-tenant application. It uses single Amazon SQS for multi-tenant application and isolating messages using MessageGroupId and invoking isolated AWS Lambda environments. ## Key Features @@ -79,20 +79,24 @@ aws sqs send-message \ Step 3: The SQS processor Lambda picks up the message, reads the MessageGroupId from the SQS record attributes, and passes it as the TenantId when invoking the tenant-isolated LambdaAfter dropping the message, review cloudwatch log for Tenant-Isolated Lambda. +```bash aws logs describe-log-streams \ --log-group-name /aws/lambda/tenant-isolated-processor \ --order-by LastEventTime \ --descending +``` Different log streams should be created for each tenant. ## Cleanup Delete the stack + ```bash aws cloudformation delete-stack --stack-name STACK_NAME ``` Confirm the stack has been deleted + ```bash aws cloudformation list-stacks --query "StackSummaries[?contains(StackName,'STACK_NAME')].StackStatus" ``` From f70618e27162993fecfbc5b3ba2a50da0ac223d5 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 12:12:14 -0500 Subject: [PATCH 15/18] Update requirements.txt --- .../sqs-processor/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt index f6315cd5c..8b1378917 100644 --- a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt +++ b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt @@ -1 +1 @@ -boto3>=1.26.0 + From c9c4dc935183a860fa2db2d5eec5bbda7897be97 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 12:12:33 -0500 Subject: [PATCH 16/18] Delete sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt --- .../sqs-processor/requirements.txt | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt diff --git a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt deleted file mode 100644 index 8b1378917..000000000 --- a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt +++ /dev/null @@ -1 +0,0 @@ - From b304c3e2cd9f0c0c568d87365be1dd9a6c235d60 Mon Sep 17 00:00:00 2001 From: Mitesh Purohit <57580340+devops-arch-cloud@users.noreply.github.com> Date: Thu, 9 Apr 2026 12:13:48 -0500 Subject: [PATCH 17/18] Delete sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt --- .../tenant-isolated-processor/requirements.txt | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt diff --git a/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt deleted file mode 100644 index d2ce485de..000000000 --- a/sqs-lambda-tenant-isolation-sam-py/tenant-isolated-processor/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -# No external dependencies required From b540e5edabf109c4a94068b9dbaed13123f3eb3e Mon Sep 17 00:00:00 2001 From: purohmid Date: Thu, 9 Apr 2026 13:05:12 -0500 Subject: [PATCH 18/18] updated requirement file --- .../sqs-processor/requirements.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt diff --git a/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt new file mode 100644 index 000000000..3f3a4385f --- /dev/null +++ b/sqs-lambda-tenant-isolation-sam-py/sqs-processor/requirements.txt @@ -0,0 +1 @@ +boto3>=1.35.0