By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Looking for a best-practice for building serverless application with amplify and api gateway and lambda

0

A customer is building a trivia app for sporting events. One component of the system is a mobile app that communicates with a back-end to get the questions.

They are building the app using Amplify. This will communicate with API Gateway which will in turn call Lambda functions. They are aware that people may try to break the game and are looking for some security best-practices for building the app.

So far, we have been talking about

  • Use WAF with API Gateway
  • Store secrets (such as DB connection strings) using Secrets Manager
  • use Cognito or similar authentication to secure connections with API Gateway

Are there other services or approaches that people would recommend?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API GatewayAWS Amplify
Language
English
AWS
MODERATOR
AWS-User-4245468
asked 6 years ago955 views
1 Answer
1
Accepted Answer

Also worth looking at Building an Serverless Airline booking application series on Twitch. All sessions are recorded.

Architect an Airline Booking Application, End-to-End

aws-serverless-airline-booking

AWS
EXPERT
Pawan-AWS
answered 6 years ago
profile picture
EXPERT
Oleksii Bebych
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content