1 Answer
- Newest
- Most votes
- Most comments
0
Hi.
Sounds like this is a classic case of an unauthenticated API. I wouldn't bother using an Identity Pool, as you say anyone could extract the information from you webpage and submit a massive amount of responses anyway. I would make sure to setup a rate limit and throttling to avoid an easy flooding. Make sure to use AWS WAF to block the most common attacks and set a rate limit. Make sure you setup CloudWatch alarms to detect a flood of responses, basically detecting a flooding attack. Create automation to "shut down" the API in case of the alarm going off. That is how I would solve it.
Hope that helps!
Relevant content
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago