What kinds of isolation can Aptible provide?

Multitenancy is a key property of most cloud computing service models, which makes isolation a critical component of most cloud computing security models.

Aptible customers often need to explain to their own customers what kinds of isolation they provide, and what kinds of isolation are possible on the Aptible platform.

The Reference Architecture Diagram helps illustrate some of the following concepts.


All Aptible resources are deployed using Amazon Web Services. AWS operates and secures the physical data centers that produce the underlying compute, storage, and networking functionality needed to run your Apps and Databases.


Each Aptible Stack is an AWS Virtual Private Cloud provisioned with EC2, ELB, and EBS assets and Aptible platform software.

When you provision a Dedicated Stack on Aptible, you receive your own VPC, meaning you receive your own private and public subnets, isolated from other Aptible customers…

You can provide further network level isolation between your own Apps and Databases by provisioning Additional Dedicated Stacks.


The Aptible layers where your Apps and Databases run are backed by AWS EC2 instances, or hosts.

Each host is deployed in a single VPC. On a Dedicated Stack, this means you are the only Aptible customer using those EC2 virtual servers.

In a Dedicated Stack, these EC2 instances are AWS Dedicated Instances, meaning Aptible is the sole tenant of the underlying hardware. The AWS hypervisor enforces isolation between EC2 hosts running on the same underlying hardware.

Within a Stack, the EC2 hosts are organized into Aptible services layers. Each EC2 instance belongs to only one layer, isolating against failures in other layers:

  • App Layer: Runs your app containers, terminates SSL.
  • Database Layer: Runs your database containers.
  • Bastion Layer: Provides backend SSH access to your Stack, builds your Docker images.

Because Aptible may occasionally need to rotate or deprovision hosts in your Stack to avoid disruptions in service, we do not expose the ability for you to select which specific hosts in your Stack will perform a given workload.


Aptible Environments are used for access control.

Each environment runs on a specific Stack. Each Stack can support multiple Environments. Note that when you use Environments to separate Apps or Databases, those resources will share networks and underlying hosts if they are on the same Stack.

You can use separate Environments to isolate access to specific Apps or Databases to specific members of your organization.


Aptible uses Docker to build and run your App and Database Containers.

Each container is a lightweight virtual machine that isolates Linux processes running on the same underlying host. Containers are generally isolated from each other, but are the weakest level of isolation.

You can provide container-level isolation between your own customers by provisioning their resources as separate Apps and Databases.