<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Multitenancy | The AWS Blog</title><link>https://theawsblog.com/tags/multitenancy/</link><description>Articles, tutorials and insights from the AWS community.</description><generator>Hugo</generator><language>en</language><managingEditor>@theawsblog (The AWS Blog)</managingEditor><webMaster>@theawsblog</webMaster><lastBuildDate>Wed, 24 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://theawsblog.com/tags/multitenancy/index.xml" rel="self" type="application/rss+xml"/><item><title>OpenSearch Serverless next generation changes the economics of tenant isolation</title><link>https://theawsblog.com/news/emiliano-montesdeoca/opensearch-serverless-multitenant-search/</link><pubDate>Wed, 24 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/opensearch-serverless-multitenant-search/</guid><description>Amazon OpenSearch Serverless next-generation architecture makes collection-per-tenant search more practical with scale-to-zero compute and regional endpoint routing.</description><content:encoded>&lt;p&gt;Multi-tenant search has always forced an uncomfortable trade-off: isolate tenants cleanly and pay for too much infrastructure, or pool tenants together and accept more operational and security complexity.&lt;/p&gt;
&lt;p&gt;The AWS Big Data Blog post on &lt;a href="https://aws.amazon.com/blogs/big-data/implement-multi-tenant-search-with-amazon-opensearch-serverless-next-generation/"&gt;multi-tenant search with Amazon OpenSearch Serverless next generation&lt;/a&gt; is important because it changes that cost model. Scale-to-zero compute and regional endpoint routing make collection-per-tenant designs more realistic.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;OpenSearch Serverless next-generation architecture lets collection groups scale compute to zero, while storage charges still apply. AWS also added a per-account, regional endpoint that can route requests to collections using headers such as &lt;code&gt;x-amz-aoss-collection-name&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;That means a SaaS application can keep a cleaner collection-per-tenant model without managing a separate endpoint and connection pool for every tenant.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;Tenant isolation is easier to discuss in architecture reviews than to pay for in production.&lt;/p&gt;
&lt;p&gt;A collection-per-tenant design gives strong isolation boundaries for data, workload behavior, encryption, lifecycle, and noisy-neighbor risk. But if each tenant carries a minimum always-on compute cost, the design breaks down for long-tail tenants.&lt;/p&gt;
&lt;p&gt;Scale-to-zero compute makes the model more practical for SaaS platforms with many tenants that search occasionally. The regional endpoint also simplifies application routing. Instead of maintaining many endpoints, the application can target one endpoint and route by collection header.&lt;/p&gt;
&lt;h2 id="the-trade-offs"&gt;The trade-offs&lt;/h2&gt;
&lt;p&gt;Collection-per-tenant is not automatically the best design.&lt;/p&gt;
&lt;p&gt;For very small tenants with similar access patterns, pooled indexes may still be simpler. For very large tenants, dedicated collections or even separate domains may be appropriate. For regulated tenants, encryption, access policy, and audit boundaries may matter more than cost.&lt;/p&gt;
&lt;p&gt;Builders should also design the tenant mapping layer carefully. A regional endpoint reduces endpoint sprawl, but the application still needs a reliable mapping from tenant ID to collection name or ID. That mapping becomes part of the security boundary.&lt;/p&gt;
&lt;p&gt;Operational questions remain:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;How are collections created and deleted?&lt;/li&gt;
&lt;li&gt;What happens when a dormant tenant becomes active?&lt;/li&gt;
&lt;li&gt;How are per-tenant quotas enforced?&lt;/li&gt;
&lt;li&gt;How are index templates and mappings rolled out safely?&lt;/li&gt;
&lt;li&gt;How are tenant-level costs reported?&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;For SaaS search workloads, revisit the tenancy model. Compare pooled, collection-per-tenant, and hybrid approaches using real tenant distribution, not an average tenant.&lt;/p&gt;
&lt;p&gt;A practical path is:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Put high-volume tenants in dedicated collections.&lt;/li&gt;
&lt;li&gt;Keep small tenants pooled or grouped if isolation requirements allow it.&lt;/li&gt;
&lt;li&gt;Use collection-per-tenant where security, compliance, or noisy-neighbor risk justifies the boundary.&lt;/li&gt;
&lt;li&gt;Automate collection lifecycle and mapping changes from the start.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The takeaway is that OpenSearch Serverless is making stronger isolation less expensive. That does not remove design work, but it gives builders more room to choose isolation for good reasons instead of avoiding it because of minimum compute cost.&lt;/p&gt;</content:encoded></item></channel></rss>