Skip to main content
How is the tenant service ensured?

Security

S
Written by Support legal-i
Updated over 5 months ago

We ensure that requests to microservices contain metadata about the customer or tenant requesting access. This is known as the Tenant Verification Service. When a request is initiated, the context is read and internalized in the code of the running service, which is used to authorize the user. Every service access, and thus every data access in legal-i, requires this tenant identification; otherwise, the request is denied.

Authentication and authorization of services are managed through AWS IAM roles. An explicit allowlist defines which services are permitted to communicate, and authorization details specify which commands and paths are available. This restricts the potential lateral movement of a compromised service.

Service authentication, authorization, and termination are controlled by AWS infrastructure components. This ensures that vulnerabilities in application code cannot bypass these controls. Executing remote code would require compromising the underlying host and bypassing Docker container boundaries, rather than merely altering the application logic.

Did this answer your question?