I'm hosting a static HTML file on AWS Amplify and I've set up an API Gateway to trigger a Lambda function for my contact form. Currently, there's no user authentication or identification involved, which raises concerns about the security of the endpoint, particularly against DDoS attacks. What best practices can I implement to protect my API Gateway?
4 Answers
You mentioned DDoS concerns—are you worried about specific types of attacks like volumetric or stateful TCP ones? It's good to note that AWS Shield provides inherent protection against volumetric DDoS attacks for free, so you might already have some level of protection without any extra configuration.
Just a side note on contact forms: they can be a hassle for users if they lack confirmation messages or if emails get lost in spam filters. You might want to think about either displaying an actual contact email or directing users to a ticketing system instead.
A WAF (Web Application Firewall) is essential for perimeter protection. AWS WAF is a solid option, but you can also consider using Cloudflare, which offers a free plan that can help secure your API.
A great approach is to position your API Gateway behind CloudFront. This way, users can only access your API through CloudFront, and you can also attach a WAF to CloudFront for added security.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads