Accessing tenant identifier in Lambda function code

When your Lambda function has tenant isolation enabled, the tenant identifier used to invoke your function is made available within the context object passed to your function handler. You can use this identifier to implement tenant-specific logic, monitoring, and debugging capabilities.

Accessing the tenant identifier

The tenant identifier is available through the tenantId property of the context object. Note that this property is available during the invocation phase, not during the initialization phase.

Common usage patterns

Here are common ways to use the tenant identifier in your function code:

Tenant-specific configuration

Use the tenant ID to load tenant-specific configuration or settings:


def lambda_handler(event, context):
    tenant_id = context.tenant_id
    
    # Load tenant-specific configuration
    config = load_tenant_config(tenant_id)
    database_url = config['database_url']
    api_key = config['api_key']
    
    # Process with tenant-specific settings
    return process_request(event, database_url, api_key)

Tenant-specific data access

Use the tenant ID to ensure data isolation and access control:


import boto3

def lambda_handler(event, context):
    tenant_id = context.tenant_id
    
    # Ensure data access is scoped to the tenant
    dynamodb = boto3.resource('dynamodb')
    table = dynamodb.Table('user_data')
    
    user_id = event.get('userId')
    
    response = table.get_item(
        Key={
            'tenant_id': tenant_id,
            'user_id': user_id
        }
    )
    
    return process_results(response.get('Item'), tenant_id)

Monitoring and debugging

The tenant identifier is automatically included in Lambda logs when you have JSON logging enabled, making it easier to monitor and debug tenant-specific issues. You can also use the tenant ID for custom metrics and tracing.

Example Custom metrics with tenant ID

The following example demonstrates how to use the tenant ID to create tenant-specific CloudWatch metrics for monitoring usage patterns and performance by tenant:


import boto3

def lambda_handler(event, context):
    tenant_id = context.tenant_id
    cloudwatch = boto3.client('cloudwatch')
    
    # Record tenant-specific metrics
    cloudwatch.put_metric_data(
        Namespace='MyApp/TenantMetrics',
        MetricData=[
            {
                'MetricName': 'RequestCount',
                'Dimensions': [
                    {
                        'Name': 'TenantId',
                        'Value': tenant_id
                    }
                ],
                'Value': 1,
                'Unit': 'Count'
            }
        ]
    )
    
    return process_request(event, tenant_id)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Invoking functions with tenant isolation

Monitoring