How Skello Uses Amazon Bedrock to Query Multi-Tenant Data with Logical Boundaries

TL;DR

• Skello built an AI-powered assistant using Amazon Bedrock and AWS Lambda to query data within a multi-tenant environment while preserving strict logical boundaries.
• The solution relies on standardized data schemas, consistent naming, and pre-aggregated views to deliver fast, reliable responses.
• Security is multi-layered: RBAC, JWT/SAML authentication, Bedrock SessionParameters, and Bedrock Guardrails to guard against prompt injection and inappropriate content, aligned with OWASP LLM06.
• Data boundaries are enforced at both database and API levels, with immutable audit logs and strict access controls to protect customer data and GDPR compliance.
• The system automatically generates professional visualizations from user queries, simplifying data storytelling for users with varied technical backgrounds.

Context and background

Skello is a leading HR SaaS platform focused on employee scheduling and workforce management, serving sectors such as hospitality, retail, healthcare, construction, and more. By 2024, Skello supported approximately 20,000 customers and 400,000 daily users across Europe. As the platform grew, there was a clear need for easier access to workforce data. Traditional querying tools were too technical and time-consuming for many HR and operations users. This drove Skello to explore how large language models (LLMs) and generative AI could translate natural-language questions into precise database queries while meeting rigorous security and privacy requirements, particularly in a GDPR context. Skello’s approach centers on transforming user requests into structured database queries. The architecture is designed to keep data boundaries intact in a multi-tenant environment, so customers can ask questions in natural language and receive accurate, ready-to-use outputs without exposing other customers’ data. The implementation leverages a serverless stack built around AWS Lambda and Amazon Bedrock, a fully managed service that provides access to high-performing foundation models via a single API, with security, privacy, and responsible AI capabilities. This blog post explains the challenges of applying LLMs to data querying, describes how Skello balanced powerful AI capabilities with strict data protection, and shows how Bedrock and Lambda were orchestrated to deliver an enterprise-ready AI assistant.

What’s new

The key innovation is Skello’s AI-powered assistant that enables end-users to query their own data across a multi-tenant environment while maintaining clear logical boundaries and GDPR compliance. The new architecture demonstrates how to translate natural-language input into structured database requests, while ensuring that user context and permissions stay outside of LLM processing. Specific highlights include:

• A high-level architecture that uses AWS Lambda and Amazon Bedrock to transform natural-language questions into database queries.
• A data model and data-organization strategy that standardizes schemas, aligns date-related fields, and uses clear, non-technical field names (e.g., employee_type instead of emp_typ_cd).
• Data optimization through indexing and pre-aggregated views to accelerate common queries, enabling near-instant responses for frequent requests like “Who’s working today?”
• A set of security controls that adhere to OWASP best practices (LLM06) and enforce multi-layered protection, including dedicated security services for authentication and authorization checks, Bedrock SessionParameters for user context, and Bedrock Guardrails to prevent prompt injection and unsafe content.
• Strong data boundaries through database compartmentalization and API-level checks, ensuring department managers can access only their team’s data, with immutable audit logs maintained separately to protect integrity.
• Automatic generation of professional visualizations from natural-language queries, making data insights accessible to users without specialized data-visualization tools. For example, Skello demonstrates how a user can ask for analytics like “the gender parity” or more complex requests such as “the worked hours per week per position for the last 3 months,” with the system translating these requests into structured outputs and visualizations.

Why it matters (impact for developers/enterprises)

This approach matters for developers and enterprises seeking to unlock AI-assisted data access in multi-tenant SaaS platforms without compromising data safety or regulatory compliance. Key implications include:

• Improved data accessibility: Users can query their own data using natural language, reducing the need for specialized SQL or BI tools and accelerating decision-making.
• Strong data privacy and regulatory alignment: The architecture enforces strict boundaries between customer data, supports GDPR considerations, and maintains auditable logs to demonstrate compliance.
• Secure AI integration: By separating security controls from the LLM, using Bedrock SessionParameters and Guardrails, and enforcing RBAC across the data layer, the solution mitigates common AI-specific risks and promotes responsible AI use.
• Scalable, maintainable data models: Standardized schemas, clear naming conventions, and predefined views optimize search and visualization performance as the number of customers and users grows.
• Faster, user-friendly visualizations: Automatic generation of charts and graphs from natural-language requests enables broader adoption of data storytelling across business roles. These outcomes illustrate how a serverless, AI-powered approach can deliver practical, secure data access in multi-tenant environments, balancing AI capabilities with strict privacy and governance requirements.

Technical details or Implementation

The technical implementation hinges on serverless components and a carefully designed data layer, complemented by security controls and governance mechanisms. Core elements include:

• Serverless architecture: The solution uses AWS Lambda to connect user requests to Bedrock and back to structured data queries, providing a scalable, on-demand compute model.
• Bedrock as the AI foundation: Amazon Bedrock exposes a choice of foundation models through a single API, enabling generative AI capabilities while offering security and privacy safeguards relevant for enterprise use.
• Data structure and standardization: Skello created standardized schema definitions with consistent formats for date-related fields (hire dates, shift times, vacation periods) and clear, user-friendly field names (e.g., employee_type). This reduces ambiguity when interpreting natural-language queries like “Show me all full-time employees.”
• Search optimization and views: The data layer was optimized with indexing based on usage patterns and the creation of specialized pre-aggregated views for common report requests. This enables fast responses to questions such as “Who’s working today?”
• Data relationships and context: Clear relationships connect employees to departments, shifts, and managers, enabling complex queries such as “Show me all department managers who have team members on vacation next week.”
• Visualization engine: The system automatically converts query results into professional visualizations, with charts and graphs that integrate into reports and presentations to support data storytelling.
• Security and access controls: The implementation adheres to OWASP best practices (LLM06) by keeping security controls separate from the LLM, using dedicated security services for authentication and authorization checks, and managing user context via Bedrock SessionParameters so security information remains outside LLM processing. Authentication relies on JWT and SAML protocols, and a granular authorization service enforces data access permissions.
• Guardrails and prompt safety: Bedrock Guardrails protect against prompt injection, inappropriate content, and forbidden topics (e.g., racism, sexism, illegal content), helping maintain safe and compliant AI interactions.
• Data boundaries and auditing: The architecture enforces cross-tenant data boundaries at both the database and API levels, preventing data leakage across customers. An immutable audit system records actions with timestamps, user identifiers, and accessed resources, stored separately to preserve integrity.
• GDPR considerations: The system addresses GDPR concerns by balancing powerful AI capabilities with strict data protection requirements and tenant isolation.

Data model and security table

Key takeaways

• Natural-language interfaces can translate user questions into precise, structured database queries while maintaining strict tenant boundaries.
• A standardized data model and pre-aggregated views improve both accuracy and performance for common HR analytics queries.
• Multi-layered security, including Bedrock Guardrails and session-based user context, helps safeguard data in AI-powered workflows.
• Immutable auditing and RBAC ensure accountability and GDPR alignment in a multi-tenant SaaS environment.
• Automated visualizations democratize data insights, enabling broader user participation in data-driven decision making.

References

• https://aws.amazon.com/blogs/machine-learning/how-skello-uses-amazon-bedrock-to-query-data-in-a-multi-tenant-environment-while-keeping-logical-boundaries/