I'm hosting a static HTML file on AWS Amplify and have integrated a contact form that utilizes AWS API Gateway to trigger a Lambda Function. Currently, I don't have any user authentication or identification set up. My main concern is the security of the API endpoint against DDoS attacks or similar threats. What are some best practices I can implement to protect it?
4 Answers
It's definitely a valid worry that your API could be exploited. Even if you're not overly concerned with availability, keeping costs in check should be a priority. You can add more security layers, but have you thought about whether using forms is necessary? They can be a bit of pain for users.
You're right to be concerned about DDoS attacks. API Gateway is actually well-protected from volumetric attacks thanks to AWS Shield at no extra cost. Just out of curiosity, is your concern about the API being abused for cost reasons? A lot of folks find contact forms can be frustrating, so perhaps offering a direct email address or a ticketing system could be worth considering.
Using a WAF is key for perimeter protection. AWS WAF is a great built-in option, but you might also consider using Cloudflare if you're looking for something free that offers robust protection.
One solid way to secure your API Gateway is to place it behind CloudFront. This will only allow access through CloudFront, and you can also add a WAF (Web Application Firewall) to help protect against unwanted traffic.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads