Skip to content

CONCEPT Cited by 1 source

Quota isolation

Definition

Quota isolation is the multi-tenant architecture property where each tenant operates within its own independent service quota boundaries, so that one tenant's resource consumption cannot exhaust limits shared with others. Unlike performance isolation (preventing CPU/IO interference on shared media), quota isolation prevents API-level exhaustion — a tenant hitting their concurrency cap, rate limit, or request ceiling cannot degrade other tenants.

How it works in account-per-tenant models

In AWS's account-per-tenant SaaS pattern, each account receives its own: - Lambda concurrent execution limit - API Gateway throttle - Service quotas across all AWS services

This structural guarantee means a noisy tenant's burst activity is confined to their own account's limits. In a shared-account model at scale, a single tenant's spike could exhaust shared concurrency and trigger cascading failures across all tenants.

"One underappreciated advantage of the account-per-tenant model is quota separation. Each account gets its own Lambda concurrent execution limit, its own API Gateway throttle, and its own service quotas across the board." (Source: sources/2026-06-29-aws-lessons-learned-from-scaling-to-1-million-lambda-functions)

Trade-offs

  • Pro: Eliminates an entire class of noisy-neighbor failure (quota exhaustion cascade).
  • Con: Multiplied management complexity — quota increases must be requested per-account, deployment tooling must scale across all accounts, and observability aggregation becomes expensive.
  • Con: Some AWS quotas are hard limits that can't be raised per-account, requiring architectural workarounds.

Seen in

Last updated · 562 distilled / 1,660 read