So, we have a tenant identifier embedded in our JWT token and we’ve seen the API Gateway customer authorizer that will inject tenant context. However, if you recall, when we looked at the ALB it did not have any routing rules (yet) because we hadn’t onboarded any tenants. Now we do have a tenant and we can return to see how the ALB was configured to support the routing of this new tenant. To view this new information, navigate to the EC2 service in the AWS console and select “Load Balancers” from the left-hand side of the page (you may have to scroll down some to find it). This will provide you with a list of load balancer similar to the following:
Select the “saas-svs-wrkshp-lab2-us-east-1” from the list. Now, scroll down the page and select the “Listeners” tab for the ALB. You’ll now see a listener that has been added specifically for our tenant to control routing. Select the “View/edit rule” link associated with the listener to view the underlying configuration of the routing rule. The screen will appear similar to the following:
This rule examines the value of the X-TENANT header we inserted in our custom authorizer and directs traffic to the target group for our tenant’s stack of hardware. As each new tenant is added, a new rule would be introduced in this list.