Comment by tech2
10 hours ago
I have to ask, because wow that's a lot of buckets, but what kind of activity requires breaching even a 1,000 bucket limit per account?
10 hours ago
I have to ask, because wow that's a lot of buckets, but what kind of activity requires breaching even a 1,000 bucket limit per account?
Simplistic tenant isolation and cost tracking :-)
I know there are other solutions to this particular problem but this model is extremely easy to reason about. When the application accesses tenant objects or delegates that access with pre-signed URLs it is doing so with ephemeral credentials that literally could not access the objects in another tenancy.
That and a similar DB isolation, allows most of our handlers to be very simple as far as tenant isolation goes.