The Challenge: Carbon Data Across Company Borders

Sustainability is no longer a nice-to-have—it's an operational requirement driven by EU regulations and customer demand for auditable emissions data. For automotive manufacturers, the problem is that emissions data lives in fragmented tiers of suppliers, internal systems, and manual handoffs via spreadsheets and emails. The Catena-X initiative sets expectations for interoperability and trust, but building a practical solution requires solving two problems simultaneously: enabling frictionless collaboration while guaranteeing each company retains full control over their data and credentials.

PACIFIC, a product built by BASF and CircularTree on AWS, tackles this head-on. It's a multi-tenant SaaS platform that lets companies manage and exchange Product Carbon Footprints (PCFs) while maintaining data sovereignty—and it's Catena-X certified. The architecture is a masterclass in using native AWS services for tenant isolation without the overhead of per-customer accounts.

Reference: AWS Architecture Blog

Multi-tenant SaaS architecture diagram showing tenant isolation on AWS with Cognito and IAM IT Technology Image

Core Architecture: IAM-Based Tenant Isolation

The key insight? Instead of provisioning separate AWS accounts per tenant, PACIFIC implements fine-grained IAM-based isolation using Amazon Cognito and AWS Secrets Manager. Here's how it works:

  1. Onboarding: When a company joins, PACIFIC automatically provisions a dedicated IAM role with a scoped policy that only permits access to that company's secrets in Secrets Manager.
  2. Authentication: Users are assigned to a Cognito user pool group linked to their company's IAM role. When they authenticate, the identity pool maps group membership to the corresponding IAM role, and AWS STS issues temporary credentials.
  3. Enforcement: Those credentials can only retrieve the user's own company's EDC secrets—access to other tenants' configuration is denied at the IAM policy level.

This pattern delivers true multi-tenant isolation using native AWS identity services without the overhead of managing dedicated VPCs or accounts per customer.

Securing the Exchange Layer

Beyond tenant isolation, PACIFIC enforces authorization at the data exchange layer through the pcf-exchange-module, a per-tenant endpoint serving PCF data to authorized trading partners. The flow:

  • A consumer's EDC connector requests data from a supplier's EDC.
  • The two connectors negotiate and agree on usage policies.
  • The supplier's EDC issues a special OAuth2 token derived from Cognito app client credentials stored in Secrets Manager.
  • The consumer uses this token to call the supplier's dedicated endpoint in PACIFIC.

Because each tenant's endpoint only accepts tokens issued through the EDC handshake, unauthorized access is prevented at multiple levels: EDC policy negotiation + company-scoped OAuth2 validation.

// Example: IAM policy snippet for tenant-scoped access to Secrets Manager
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue",
        "secretsmanager:PutSecretValue"
      ],
      "Resource": [
        "arn:aws:secretsmanager:us-east-1:123456789012:secret:tenant-ABC-*"
      ]
    }
  ]
}

Integrating Supplier Systems

The integration-module runs on AWS Fargate and provides a flexible integration layer for ingesting PCF data from proprietary supplier systems (like BASF's internal services). Each supplier integration handles unique authentication flows—OAuth2 client credentials, certificate-based auth, or API keys—all securely managed through Secrets Manager. Incoming PCF data must conform to the standardized Catena-X PCF JSON format. Data is stored in S3 under company-specific prefixes, with IAM policies ensuring only the owning company can access their data.

For more on related visual theming and animation patterns, check out this guide on CSS relative color theming.

Secure data exchange flow between EDC connectors using OAuth2 tokens and AWS Secrets Manager Coding Session Visual

Limitations and Considerations

While PACIFIC's architecture is impressive, it's not without trade-offs:

  • Complexity of IAM policy management: As the number of tenants grows, maintaining and auditing scoped IAM policies can become cumbersome. Automation (e.g., Infrastructure as Code) is essential.
  • Dependency on Catena-X standards: The solution is tightly coupled to Catena-X EDC connectors. If the industry shifts to a different data space protocol, significant rework may be needed.
  • Latency from multi-hop token exchange: The EDC negotiation + token issuance flow adds latency compared to simpler API key models, though this is acceptable for PCF exchange which isn't real-time.
  • Supplier integration overhead: Each new supplier requires custom authentication handling in the integration-module, which can slow onboarding despite the decoupled architecture.

Next Steps for Learning

  • Deepen your AWS IAM skills: Study IAM policy evaluation logic and practice writing scoped policies for multi-tenant SaaS.
  • Explore Catena-X: Join the Catena-X community to understand the data space specifications and EDC connector setup.
  • Try the Data Commons MCP: For a different approach to querying public datasets with AI, check out Data Commons MCP hosted on Google Cloud.
  • Build your own multi-tenant SaaS: Use the AWS SaaS Factory program to learn tenant isolation patterns beyond IAM (e.g., cell-based architecture).

Dashboard showing carbon footprint data exchange metrics and supply chain emissions tracking Developer Related Image

Conclusion: Measurable Impact

PACIFIC turns Catena-X PCF exchange from a specification into an interoperable, scalable workflow. The results speak for themselves:

  • 75% time savings: Manual PCF exchange takes up to 7 days; PACIFIC responds in seconds.
  • 80% increase in onboarded companies between 2024 and 2025.
  • 55% growth in requested products and shared PCFs over the same period.

This isn't just a technical win—it's a catalyst for accelerating decarbonization across supply chains. By using native AWS services for tenant isolation and secure data exchange, PACIFIC proves you can scale sustainability efforts without compromising data sovereignty.

To explore more sustainability solutions and AWS architecture patterns, visit the AWS Architecture Blog.

This content was drafted using AI tools based on reliable sources, and has been reviewed by our editorial team before publication. It is not intended to replace professional advice.