AWS Architecture Blog·April 22, 2026Designing a Multi-Tenant Data Exchange Platform for Supply Chain Carbon Footprint Tracking on AWS
This article details the system design of PACIFIC, a multi-tenant SaaS platform built on AWS for exchanging product carbon footprint (PCF) data across complex automotive supply chains. It highlights architectural decisions focused on achieving strict data sovereignty, multi-tenancy without dedicated AWS accounts, and interoperability with external data spaces like Catena-X, using services such as Amazon ECS, AWS Fargate, Amazon Cognito, and AWS IAM.
Read original on AWS Architecture BlogThe PACIFIC platform addresses the critical need for transparent and auditable carbon emissions data in the automotive supply chain. The core challenge lies in securely exchanging sensitive PCF data across numerous companies while ensuring each participant maintains full control and sovereignty over their data. This requires a robust multi-tenant architecture capable of isolating data access down to individual companies without the operational overhead of separate infrastructure per tenant.
Multi-Tenant Architecture and Data Sovereignty
PACIFIC implements a fine-grained IAM-based isolation model to achieve multi-tenancy and data sovereignty. Instead of provisioning separate AWS accounts or VPCs for each tenant, which would be costly and complex to manage, the platform leverages Amazon Cognito and AWS Secrets Manager. Upon onboarding, each company is assigned a dedicated IAM role with a tightly scoped policy, granting access only to their specific secrets in Secrets Manager. User authentication via Amazon Cognito maps users to their company's IAM role, and AWS STS issues temporary credentials that enforce access solely to their designated resources. This prevents cross-tenant data access at the AWS IAM policy level.
Secure Data Exchange with External Systems
Interoperability with the Catena-X data space is crucial. PACIFIC utilizes Eclipse Dataspace Components (EDC) connectors for standardized cross-company data exchange. For PCF data exchange, the `pcf-exchange-module` acts as a per-tenant endpoint. Authorization for data retrieval is managed through EDC policy negotiation, where usage policies are agreed upon, and then the supplier's EDC issues an authorization token to the consumer's EDC. This token, derived from the supplier's Cognito app client credentials, specifically grants access to that supplier's `pcf-exchange-module` endpoint, ensuring data is shared only after explicit consent and to authorized partners.
Key Architectural Components and Principles
- Microservices on AWS Fargate: The platform's core functionalities are decomposed into microservices running on Amazon ECS with AWS Fargate, providing serverless compute for containerized applications, simplifying scaling and management.
- Amazon Cognito for Identity and Access: Manages user authentication and integrates with IAM for tenant-scoped authorization.
- AWS IAM and Secrets Manager for Isolation: Provides the foundation for multi-tenant data isolation by dynamically assigning roles with fine-grained permissions.
- Application Load Balancer (ALB) and AWS WAF: Handles incoming traffic, routing requests to microservices, and provides web application firewall protection.
- Amazon RDS and S3: Used for relational database storage and object storage, respectively, supporting the platform's data needs.
Architectural Lesson
Implementing strong multi-tenant isolation doesn't always require full infrastructure replication per tenant. Leveraging cloud-native identity and access management (IAM) services with fine-grained policies can provide robust security and data sovereignty while optimizing operational costs and complexity for SaaS solutions.