Multi-tenant SaaS on a single CloudFront distribution

When every customer wants their own domain, the naive answer is a CloudFront distribution per tenant. That doesn't scale — it's a cost and operational mess by the tenth customer. The better answer is one distribution that knows who's asking.

How the request flows

• A viewer-request function reads the incoming host and looks it up in an edge key-value store.
• The lookup returns a compact routing value — which tenant, which line of business, which build, which environment.
• The function rewrites the origin path so the right static bundle answers, with no redirect and no tenant identifier leaking into the URL bar.

Content is fully data-driven: each tenant's site reads its own manifest, so a non-technical partner edits their site from an admin panel and the public page reflects it — no code change, no redeploy.

The hard part: certificates

Custom domains need real TLS. The trick that keeps it sane is a combined-SAN certificate covering the platform plus each attached domain, reissued and swapped automatically as new domains come online. One cert, many tenants, up to the provider's SAN ceiling — then you shard.

Production-grade by default: auth, monitoring, rollback, zero-downtime deploys — built in, not bolted on.