1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi.
Sounds like this is a classic case of an unauthenticated API. I wouldn't bother using an Identity Pool, as you say anyone could extract the information from you webpage and submit a massive amount of responses anyway. I would make sure to setup a rate limit and throttling to avoid an easy flooding. Make sure to use AWS WAF to block the most common attacks and set a rate limit. Make sure you setup CloudWatch alarms to detect a flood of responses, basically detecting a flooding attack. Create automation to "shut down" the API in case of the alarm going off. That is how I would solve it.
Hope that helps!