legal-i

We ensure that requests to microservices contain metadata about the customer or tenant requesting access. This is known as the Tenant Verification Service. When a request is initiated, the context is read and internalized in the code of the running service, which is used to authorize the user. Every service access, and thus every data access in legal-i, requires this tenant identification; otherwise, the request is denied.

Authentication and authorization of services are managed through AWS IAM roles. An explicit allowlist defines which services are permitted to communicate, and authorization details specify which commands and paths are available. This restricts the potential lateral movement of a compromised service.

Service authentication, authorization, and termination are controlled by AWS infrastructure components. This ensures that vulnerabilities in application code cannot bypass these controls. Executing remote code would require compromising the underlying host and bypassing Docker container boundaries, rather than merely altering the application logic.

How is the tenant service ensured?

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you